[dmarc-ietf] Usage Guide interview (ESP) with Alwin de Bruin @ Measure Mail
Tim Draegen <tim@eudaemon.net> Thu, 29 June 2017 15:26 UTC
Return-Path: <tim@eudaemon.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 157E7131472 for <dmarc@ietfa.amsl.com>; Thu, 29 Jun 2017 08:26:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=eudaemon.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EcU7pKp5rYW3 for <dmarc@ietfa.amsl.com>; Thu, 29 Jun 2017 08:26:47 -0700 (PDT)
Received: from mail-yw0-x22f.google.com (mail-yw0-x22f.google.com [IPv6:2607:f8b0:4002:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 548A513146B for <dmarc@ietf.org>; Thu, 29 Jun 2017 08:26:47 -0700 (PDT)
Received: by mail-yw0-x22f.google.com with SMTP id 63so38483478ywr.0 for <dmarc@ietf.org>; Thu, 29 Jun 2017 08:26:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eudaemon.net; s=dkey; h=from:content-transfer-encoding:subject:message-id:date:to :mime-version; bh=dnO9oegOtRstJf5jiATRnCrHb+1qoOIMGCDrjU4r90s=; b=OVcQ85bJaTKiPHRQYvqzXfsfKkOl8MHpvJr6M01z2KO9lecb6b8pj0W/5pj3joGb4I DXoQjf+R1Gd5+t2UG+Ow2/ME9Zz8+LGbULnrxGUpgOH0Mke5eE2ppFOkQt1klrggetoU OyifNQbzdMSlXuHMzd69nGmg7PyKUpzUQuiLk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:subject :message-id:date:to:mime-version; bh=dnO9oegOtRstJf5jiATRnCrHb+1qoOIMGCDrjU4r90s=; b=L7bYfpK5PJq9LMYmCTOIIUKdP2BXxLeSTqbPkfdOdbGI2uY22IHumGRympUyvtQEP2 7eCZkyX+KUsFbtFyH0MfkX3hX3wZhE7cHHKft2bXbgL6yIHoxCJnv8yKMCR9uXcqIWzE 8y5h9KNOvElw4Q4dTnD/UERdYmKsRBxq6CW1O0UbULRsfCvNxHUHML53cjxpbYVo5Zdm DlD5WYtPgVyIdmJDBN70XaVZDABQLVnWCSI5iG99w2/zADBtyyJBb5WujT0ZcyzSrWBM Gvbriqw6EuscMFtYGoQNkx+VY0XbuqToiM7gZyx37H+ZADldMv6xpgr3dm/3tkB4xWyZ 5R4w==
X-Gm-Message-State: AKS2vOztqcTMaegLtouL5geGdQa0ZBFis1tDMxkMtPBUdN5Z5JPEz1cb pZhd5JeopM8ijM6UepoDFQ==
X-Received: by 10.13.220.69 with SMTP id f66mr12118239ywe.316.1498750006151; Thu, 29 Jun 2017 08:26:46 -0700 (PDT)
Received: from [192.168.0.18] (208-104-133-98.brvd.dsl.dyn.comporium.net. [208.104.133.98]) by smtp.gmail.com with ESMTPSA id g5sm2145419ywa.16.2017.06.29.08.26.45 for <dmarc@ietf.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 29 Jun 2017 08:26:45 -0700 (PDT)
From: Tim Draegen <tim@eudaemon.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <F9B331B9-12DD-4B96-BD6D-F0C6E4BEB302@eudaemon.net>
Date: Thu, 29 Jun 2017 11:26:44 -0400
To: dmarc <dmarc@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/76CoHb7KRYPOvRqrEuBn_KU1FZE>
Subject: [dmarc-ietf] Usage Guide interview (ESP) with Alwin de Bruin @ Measure Mail
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jun 2017 15:26:50 -0000
[This email is the first of a series described here: https://www.ietf.org/mail-archive/web/dmarc/current/msg03671.html Thanks much to Alwin for being the first to volunteer and to help smooth out the rough spots.] Background: Measure Mail is a Netherlands-based Email Service Provider operating since 2001. Within Measure Mail Alwin is responsible for operations. The company strives to remain up to date with changes in the email ecosystem. Outside of Measure Mail Alwin is heavily involved in Netherlands standardization communities to establish technology guidelines for ESPs and government email requirements. Alwin has advocated for DMARC within Netherlands circles since its public release. Experience: From company perspective, making customers recognizable to the recipients of email is primary. Two points: • Cannot interfere with existing email infrastructure. • Cannot settle for “sent on behalf of” in a UI, which lead to the required use of sub-domains. Customers are provided with DNS settings to allow Measure Mail to send email using a customer’s sub-domain. Use of sub-domains allows us to make email appear to come from customer, including addresses, embedded links, and other branding. Ensuring that all domain identifiers in an email are aligned helps make email obvious and easy to deliver. Customers accept this explanation as it is easy to understand. Sending DNS settings to customers can be quite complex. However, the requirement to implement DNS-changes leads to better customers in terms of us servicing slightly more technically savvy customers, but also tends to exclude very small businesses that do not have resources to deal with DNS configuration. Making DNS changes easier for customers is something we’ve focused on over the past few years. In this way, we’ve arrived at requiring DNS changes only once during onboarding. This appears to be a trend among the market. Customer use of DMARC policies has had little impact on our service. For the sub-domains that customers provide to us, we originally placed DMARC records to help monitor email delivery. By design we see little impact to our service due to customers publishing DMARC policies. When customers publish their own DMARC records, we ask our customers to provide us with their reporting address so that we can forward sub-domain specific reports to the customer. In this way the customer gets a complete picture. Otherwise the customer might not see the complete picture. Strict vs Relaxed mode: haven’t run into any issues, but mainly because we work with customers early. Plus, we have DMARC records in place at sub-domain which we operate in. SPF considerations: we maintain an include that customers use. By doing this, we can maintain the real SPF record without requiring customer changes. Also, we use dedicated sub-domains and so configuration avoids top-level SPF record issues. DKIM considerations: key rotation appears to be relatively new in the market. Our own infrastructure is ready for key rotation. Customers are being upgraded to use newer functionality that allows for no-touch key rotation. But, this is a process where older customers need to perform DNS changes to get to the “no more touch” world. Key sizes: we’ve always used 1024 bit keys, with our newer infrastructure using 2048 keys. Once customers are on newer infrastructure, the upgrade to 2048 bit keys is transparent. DKIM options: we use default DKIM settings when possible. Default headers that are signed mirror what is published in DKIM spec. Simple body canonicalization. DKIM timestamp included. Policy implications: we discuss DMARC with customers if the subject comes up, and when customers are onboarded. People are guided to the Wikipedia articles on DMARC to learn about the basic stuff. DKIM sometimes requires additional explanation. Other thoughts on Domain Owner & ESP interaction? We’re thinking of implementing DMARC reporting for the bounce messages that we receive to help communicate status to bounce-originating organization. Overall, we don’t have issues with DMARC. This is likely due to our pre-DMARC understanding that domain alignment is common sense approach to sending customer email. (end)