IETF Logo Mail Archive

Re: [dmarc-ietf] Clarifying the value of arc.closest-fail

Seth Blank <seth@sethblank.com> Wed, 03 January 2018 20:58 UTC

Return-Path: <seth@sethblank.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4DB2128961 for <dmarc@ietfa.amsl.com>; Wed, 3 Jan 2018 12:58:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sethblank-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j4T81aLPDj1B for <dmarc@ietfa.amsl.com>; Wed, 3 Jan 2018 12:58:04 -0800 (PST)
Received: from mail-ua0-x22f.google.com (mail-ua0-x22f.google.com [IPv6:2607:f8b0:400c:c08::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B0F5126C83 for <dmarc@ietf.org>; Wed, 3 Jan 2018 12:58:04 -0800 (PST)
Received: by mail-ua0-x22f.google.com with SMTP id x10so1875832ual.8 for <dmarc@ietf.org>; Wed, 03 Jan 2018 12:58:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sethblank-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=EtQJ7tAVkoF5Zm8wPJ/PYgAxdrJzJ+GRhWzUDqr5Nb4=; b=JQgaULl4Fzia8eMn5/A+EolyOTkEPBBsWxzGxR1+FY3UPKoyHcT5CdQ32MKR9gIDHd JYEJXcziHANNddF4AlSAI5sdk15U++dHTMetQgoHWtGgcx0anqomwfApuyN/Bo3Y/gRW w+Lfidho9GLKyBr81lP4FeGn5XqqNsfmChRqTgE1xqqztfpGBGtcovRgOHX8UQnB9U82 S3S8b0e1xhDQ2fvJdP5nT1xVVo/Ho9UzjBj8RVlKIIWxhIUYZ5TlCecXJ5GCqtXVzbuE FD0t1cURtfxqtHBd4bhqDU/lGtmIz8k6H4a0bEZONj7FJM6Yyz3OQXJrj9SWfvyZsaXJ PNSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=EtQJ7tAVkoF5Zm8wPJ/PYgAxdrJzJ+GRhWzUDqr5Nb4=; b=QQl+9mj2pRKmzsp//4RUjPTsqIcbjERdBeNv89O00G0JNh7VzYFVtSw1ppYLipEB3K ISAQhueICo/fPOiqLHgDtNv8xuw3IwOxe4pP+Zvx2tA7mglDEueuLKAE8qPHIaHiKqfc ru7cR1yQweN6En8Z0MiFQSdFkYKa2+t625IM2hJRSHwlRMoOf+hiRuyxecIV5r/wXFdm 7St2hIfa7bhzO7IfijlvR0j8K1AN8rn7WCei81CpY4zwxiBxLjwI6wVqNc3RmdpKWXFd PHVW1ij/H/kcabkHkquSXzSY126zZQUR8lfxs68LH7YPt4tF4RuBnTxt8w5xHcyRZfZT HAyw==
X-Gm-Message-State: AKGB3mIco+lpmYbY2FwzjtH0N6O7yyv0lQ1tBHxXkkRpIFcYsvmqssZr nv9opuWFi7zfH/odd5fUNfmDGmodDHG7l/OPuyeQHe5y
X-Google-Smtp-Source: ACJfBovXbb7j4hX8TOs+s01/r9EYcP5ELAHPP98jf9r02Z+YWLdB4rfe/x9W9fkWxgFDoi7J05GLDIFHp84orQvle78=
X-Received: by 10.176.80.168 with SMTP id c37mr2778814uaa.178.1515013083415; Wed, 03 Jan 2018 12:58:03 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.165 with HTTP; Wed, 3 Jan 2018 12:57:42 -0800 (PST)
In-Reply-To: <20180103204806.C191218C7E78@ary.qy>
References: <1514939995.3318165.1222346488.5B169072@webmail.messagingengine.com> <20180103204806.C191218C7E78@ary.qy>
From: Seth Blank <seth@sethblank.com>
Date: Wed, 03 Jan 2018 12:57:42 -0800
Message-ID: <CAD2i3WMDheiYkbZSx5tW4oQFt-Ge8owTVK4kQ-_=wAZ5o69Ohg@mail.gmail.com>
To: John Levine <johnl@taugh.com>
Cc: dmarc@ietf.org, Bron Gondwana <brong@fastmailteam.com>
Content-Type: multipart/alternative; boundary="94eb2c1927a4aae9900561e578a0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/7ZxBk32PkYxGpt5R0TITvWO0ZZg>
Subject: Re: [dmarc-ietf] Clarifying the value of arc.closest-fail
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jan 2018 20:58:07 -0000

On Wed, Jan 3, 2018 at 12:48 PM, John Levine <johnl@taugh.com> wrote:
>
> Seems to me this makes some assumptions about the way ARC consumers
> will use ARC chains to decide whether to ignore a DMARC failure.
> Personally, I think the most likely scenario is that they'll look at
> all of the signers to see if they all are reasonably trustworthy, and
> if so, look at the i=1 seal to see if the message would have passed
> before being munged, and if so allow it.  This requires having a giant
> reputation database for every ARC signer, but that's not much of a
> stretch beyond the reputation database you need to decide whether to
> look at the ARC chain at all.
>

Yes, but since the decision with ARC was to keep the additional trace
information because it wasn't clear what was useful, to me this falls
cleanly into this same bucket.

I'll propose text for the Experimental Considerations section to outline
this around arc.closest-fail so it can be appropriately watched.

v2.23.0 | Report a Bug | By Email