IETF Logo Mail Archive

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

Scott Kitterman <sklist@kitterman.com> Sat, 08 April 2023 22:28 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36E19C151B17 for <dmarc@ietfa.amsl.com>; Sat, 8 Apr 2023 15:28:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="TfeIiIvm"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="I3k5/Dcg"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QRo5gna7WkSW for <dmarc@ietfa.amsl.com>; Sat, 8 Apr 2023 15:27:57 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFDDAC151B16 for <dmarc@ietf.org>; Sat, 8 Apr 2023 15:27:56 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 79055F8027C for <dmarc@ietf.org>; Sat, 8 Apr 2023 18:27:44 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1680992849; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=Hpj7eJD7zechO26/aS9on3dg6h5Mnfs8K3m3xhqwu68=; b=TfeIiIvm3aApPfR6ON7TrxKYZ02t1QiDX+091PeRs0++alwvNRLkRexV+bRa486QYJzKz NwGzyHa1z2MIn/qBg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1680992849; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=Hpj7eJD7zechO26/aS9on3dg6h5Mnfs8K3m3xhqwu68=; b=I3k5/Dcg20Kfod7rl28J4OO46kUkWSUnjrId0qPgODN94TObDVfuH3n2mq9/bURAC46qv Hlerrnm/M2mwxn2ikcx+XsxGRwSV83kqlBNPpVTbdtxDb5bZ6irzgvYthFX8aLq0EawcrxF myvRorDKhh7d2/tQ4vQmF8KibyutOGqClY3+fhuBN2RFkRYkzCC+OxFdn4Ls7Mw9J1aRBuK Wi8HWFOuIaj4sbLalbQMWuhxVfYQMFFLIWn83OWpjPrwMRk0OwSCb8eBC4+XOaAi6xfJagk am09OsEd1I4+J6op00a0cduEOUtfa0u+kUZrPbteDPOx5LRs3xyDdTCaAHbA==
Received: from localhost.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTP id 20BC1F801F8 for <dmarc@ietf.org>; Sat, 8 Apr 2023 18:27:29 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Sat, 08 Apr 2023 18:27:23 -0400
Message-ID: <130007620.2Ar6dGBpm0@localhost>
In-Reply-To: <80086446-effa-7ee2-91c7-1f44449d92fb@tekmarc.com>
References: <CALaySJ+NBg9vzqa0_t-sBf7EKXQ3A=DTyy-Vc7M-ZK9-vfJxmw@mail.gmail.com> <86E22FA6-759F-40F3-AEA3-119EE90F64A0@kitterman.com> <80086446-effa-7ee2-91c7-1f44449d92fb@tekmarc.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/7SaY6ODVMqVtrqDtVDztuGHPTZA>
Subject: Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Apr 2023 22:28:01 -0000

There are several variations of text that roughly mean the same thing, 
particularly when you keep in mind that IETF specifications are intended to be 
interoperability specifications, not implementation specifications.

We could do I think any of the following and they are roughly semantically 
equivalent:

[general purpose]* domains MUST NOT publish p=reject to preserve 
interoperability

to preserve interoperability, domains SHOULD NOT publish p=reject unless they 
are [not general purpose]* domains

which could be accompanied by:

[not general purpose]* domains SHOULD determine their email authentication 
deployment is accurate and complete before publishing restrictive policies 
(p=quarntine or p=reject) to avoid interoperability issues.

Publishing DMARC records with restrictive policies does cause interoperability 
problems for some normal email usage patterns.  Potential impacts MUST be 
considered before any domain publishes a restrictive policy.

* whatever the right formulation is, that's a related, but distinct (and I 
think less controversial question).

I think there's enough there for everyone to find their preferred answer.  I 
think it's clear on the interoperability risks, but the last MUST allows for 
the realist case that people are going to do it anyway.  I have no preference 
between the first two alternatives.

Scott K


On Saturday, April 8, 2023 5:12:56 PM EDT Mark Alley wrote:
> Re-looking at the definition of "SHOULD NOT", I don't see why it can't
> be considered.
> 
> "SHOULD NOT - This phrase, or the phrase "NOT RECOMMENDED" mean that
> there may exist valid reasons in particular circumstances when the
> particular behavior is acceptable or even useful, but the full
> implications should be understood and the case carefully weighed before
> implementing any behavior described with this label."
> 
> Seems to fit perfectly with how domain owners currently can pick and
> choose interoperability with p=none over more strict protection, or vice
> versa with p=reject, in my opinion. Is that not considered "acceptable"
> by this definition's context?
> 
> On 4/8/2023 4:10 PM, Scott Kitterman wrote:
> > Possible.  I didn't count.
> > 
> > I didn't see any convergence towards an alternative.
> > 
> > I think adding explicitly that the MUST is related to interoperability
> > reasonably addresses the concern that there are non-interoperability
> > reasons people are going to publish p=reject despite the side effects.
> > 
> > I don't see a stronger consensus for a specific alternative.
> > 
> > I think we have exhausted the discussion on the topic, so, whatever the
> > resolution, I'd like to see the chairs drive the question to closure. 
> > It's pretty clear it's not going to naturally drift into a universal
> > consensus.
> > 
> > Scott K
> > 
> > On April 8, 2023 8:58:13 PM UTC, Dotzero<dotzero@gmail.com>  wrote:
> >> Going back through the thread I find more people questioning/disagreeing
> >> with the proposed wording than agreeing with it. I don't see a rough
> >> consensus.
> >> 
> >> Michael Hammer
> >> 
> >> On Sat, Apr 8, 2023 at 4:17 PM Scott Kitterman<sklist@kitterman.com>  
wrote:
> >>> We've gone nearly a week without any further discussion on this thread.
> >>> 
> >>> I reviewed the thread and I think this is the closest we got to anything
> >>> (most) people agreed on.  I know not everyone liked it, but I doubt
> >>> we're
> >>> going to get closer to a consensus on this.
> >>> 
> >>> Can we adopt this and move forward on to the next thing?
> >>> 
> >>> Scott K
> >>> 
> >>> On Wednesday, March 29, 2023 7:42:49 PM EDT Barry Leiba wrote:
> >>>> I'm happy with that suggestion.
> >>>> 
> >>>> Barry
> >>>> 
> >>>> On Thu, Mar 30, 2023 at 6:00 AM Scott Kitterman<sklist@kitterman.com>
> >>> 
> >>> wrote:
> >>>>> Would you feel any better if the MUST NOT was followed by 'to preserve
> >>>>> interoperability '?  That's implicitly there and I believe technically
> >>>>> correct.  If you value other properties of the system higher than
> >>>>> interoperability, then the advice may not apply, which is fine.
> >>>>> 
> >>>>> Scott K
> >>>>> 
> >>>>> On March 29, 2023 3:32:10 PM UTC, "Brotman, Alex"
> >>> 
> >>> <Alex_Brotman=40comcast.com@dmarc.ietf.org>  wrote:
> >>>>>> I’m just not sure how we determine what is high-value.
> >>>>>> 
> >>>>>> comcast.com: p=reject
> >>>>>> comcast.net: p=none
> >>>>>> xfinity.com: p=quarantine
> >>>>>> 
> >>>>>> The top one is corporate, middle is consumer, bottom is consumer (but
> >>> 
> >>> not
> >>> 
> >>>>>> actually used) & customer comms (sub-domains).  They’re all used in
> >>>>>> various ways for internal messaging.  Should I tell our corporate
> >>> 
> >>> admins
> >>> 
> >>>>>> that they need to no longer publish p=reject?  They’re violating the
> >>> 
> >>> RFC
> >>> 
> >>>>>> by doing so?  There are very few consumer-oriented messages that
> >>>>>> originate from comcast.com.  Are we doing it right?  It makes things
> >>> 
> >>> a
> >>> 
> >>>>>> little harder when one of our employees wants to use a mailing list.
> >>>>>> But that still feels like the right thing to do.
> >>>>>> 
> >>>>>> If it’s not obvious, I’m having a hard time with “MUST NOT”, and
> >>>>>> dictating to domain owners what is in their best interests,
> >>>>>> regardless
> >>>>>> of our perceived value of their domain.
> >>>>>> 
> >>>>>> --
> >>>>>> Alex Brotman
> >>>>>> Sr. Engineer, Anti-Abuse & Messaging Policy
> >>>>>> Comcast
> >>>>>> 
> >>>>>> From: dmarc<dmarc-bounces@ietf.org>  On Behalf Of Barry Leiba
> >>>>>> Sent: Wednesday, March 29, 2023 10:15 AM
> >>>>>> To: Todd Herr<todd.herr=40valimail.com@dmarc.ietf.org>
> >>>>>> Cc:dmarc@ietf.org
> >>>>>> Subject: Re: [dmarc-ietf] Proposed text for p=reject and indirect
> >>>>>> mail
> >>>>>> flows
> >>>>>> 
> >>>>>> I'm very much against text such as this, as I think it encourages
> >>>>>> deployments that are contrary to interoperability and to the intent
> >>>>>> of
> >>>>>> p=reject.
> >>>>>> 
> >>>>>> I contend that p=reject (as with the similar construct in the older
> >>> 
> >>> ADSP)
> >>> 
> >>>>>> was intended for high-value domains and transactional mail, and that
> >>> 
> >>> it
> >>> 
> >>>>>> was never intended for use in domains where general users send
> >>>>>> general
> >>>>>> email.
> >>>>>> 
> >>>>>> I stand by the MUST NOT that I proposed.
> >>>>>> 
> >>>>>> Barry
> >>>>>> 
> >>>>>> 
> >>>>>> On Wed, Mar 29, 2023 at 10:33 PM Todd Herr
> >>> 
> >>>>>> <todd.herr=40valimail.com@dmarc.ietf.org<mailto:
> >>> 40valimail.com@dmarc.iet
> >>> 
> >>>>>> f.org>> wrote: On Tue, Mar 28, 2023 at 9:06 PM Pete Resnick
> >>>>>> <resnick@episteme.net<mailto:resnick@episteme.net>> wrote:
> >>>>>> 
> >>>>>> If you agree that interoperability is increased, then I'd suggest
> >>>>>> that
> >>>>>> you actually do agree that the proposed text is appropriate.
> >>>>>> 
> >>>>>> 
> >>>>>> I don't know that I agree that interoperability is increased...
> >>>>>> 
> >>>>>> I'm having trouble squaring proposed language that says "Domain
> >>>>>> owners
> >>>>>> MUST NOT publish p=reject because it breaks interoperability" with
> >>>>>> the
> >>>>>> following language from section 5.8:
> >>>>>> 
> >>>>>> 
> >>>>>> Mail Receivers **MAY** choose to accept email that fails the DMARC
> >>>>>> 
> >>>>>> mechanism check even if the published Domain Owner Assessment Policy
> >>>>>> 
> >>>>>> is "reject". In particular, because of the considerations discussed
> >>>>>> 
> >>>>>> in [@!RFC7960], it is important that Mail Receivers **SHOULD NOT**
> >>> 
> >>> reject
> >>> 
> >>>>>> messages solely because of a published policy of "reject", but that
> >>>>>> 
> >>>>>> they apply other knowledge and analysis to avoid situations such as
> >>>>>> 
> >>>>>> rejection of legitimate messages sent in ways that DMARC cannot
> >>>>>> describe, harm to the operation of mailing lists, and similar.
> >>>>>> 
> >>>>>> It seems inconsistent to state with certainty that authorized mail
> >>> 
> >>> will
> >>> 
> >>>>>> be rejected due to authentication breakage when there is no
> >>> 
> >>> requirement
> >>> 
> >>>>>> that a reject policy be honored (and we have plenty of evidence that
> >>>>>> Mail Receivers are following the 'SHOULD NOT reject messages'
> >>> 
> >>> guidance).
> >>> 
> >>>>>> Language that would be more consistent in guidance to the domain
> >>> 
> >>> owners
> >>> 
> >>>>>> might look something like this:
> >>>>>> 
> >>>>>> After careful analysis of the aggregate report data as described in
> >>>>>> section 5.5.5 (Collect and Analyze Reports), Domain Owners **MAY**
> >>>>>> choose to change their policy from 'none' to 'quarantine' or
> >>>>>> 'reject'.
> >>>>>> If, in the Domain Owner's judgement, unauthorized and deceptive use
> >>>>>> of
> >>>>>> its domain name in the RFC5322.From field puts at risk the trust it
> >>> 
> >>> has
> >>> 
> >>>>>> built with its recipients, then it is **RECOMMENDED** that the Domain
> >>>>>> Owner make use of the p and/or sp tags to set policy to 'quarantine'
> >>> 
> >>> or
> >>> 
> >>>>>> 'reject' for those streams most at risk of loss of trust.
> >>>>>> 
> >>>>>> If going that route, probably want to consider expanding on 5.5.5,
> >>> 
> >>> too; I
> >>> 
> >>>>>> need to think about it some more.
> >>> 
> >>> _______________________________________________
> >>> dmarc mailing list
> >>> dmarc@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/dmarc
> > 
> > _______________________________________________
> > dmarc mailing list
> > dmarc@ietf.org
> > https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email