IETF Logo Mail Archive

Re: [dmarc-ietf] ARC usage, was Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

Jesse Thompson <jesse.thompson@wisc.edu> Tue, 06 October 2020 19:05 UTC

Return-Path: <jesse.thompson@wisc.edu>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D01EC3A0A1C for <dmarc@ietfa.amsl.com>; Tue, 6 Oct 2020 12:05:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.312
X-Spam-Level:
X-Spam-Status: No, score=-2.312 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.213, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wisc.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id edBhCbmAQMNQ for <dmarc@ietfa.amsl.com>; Tue, 6 Oct 2020 12:05:11 -0700 (PDT)
Received: from wmauth4.doit.wisc.edu (wmauth4.doit.wisc.edu [144.92.197.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A45B23A0A47 for <dmarc@ietf.org>; Tue, 6 Oct 2020 12:05:07 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2103.outbound.protection.outlook.com [104.47.55.103]) by smtpauth4.wiscmail.wisc.edu (Oracle Communications Messaging Server 8.0.2.4.20190812 64bit (built Aug 12 2019)) with ESMTPS id <0QHS03SAHNESEF40@smtpauth4.wiscmail.wisc.edu> for dmarc@ietf.org; Tue, 06 Oct 2020 13:59:17 -0500 (CDT)
X-Wisc-Env-From-B64: amVzc2UudGhvbXBzb25Ad2lzYy5lZHU=
X-Spam-PmxInfo: Server=avs-4, Version=6.4.7.2805085, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2020.10.6.185418, AntiVirus-Engine: 5.77.0, AntiVirus-Data: 2020.9.24.5770001, SenderIP=[104.47.55.103]
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SGqMgRVK+J0eT6EEG+LVGvqKvF7+qwQo6xTuuhsTXPHp8yLxWOYqAgbMk/x3B/5wn+1HzGDrJ01FwOmg3EjAmoVQVktjJ+dHyYtu3+u+Ndd5Qsu0i5gSDK9IFVdXUZR+uA3Uh9UNC/viasG1jcqnQwA2YKMRbGhPBcporOumONrRUxZxEH5arCQ+oaYPNxFl4UPScyE1UfukHpvx6u8UciINQaNSazepoyaYNSkAxnqNG+zkA/fMy7QYqwqRFWT00QRzvJJXkX/Sd4iHwxP5/Xvb7TGVImsABtBPmpuCR9x4zld7KUS4K/1qwy/Z8eEx1Xs5mC/l3CWKj7FL1lB5rA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wks5+/QbCxK+gRI0Wk+cgVr85bBKfTCeortlcmnwLUk=; b=JyVTCKdBQceR685re4NMBAIr76yISlWHbGK0seF+BmDsDj66apYeF8NVUDGinFg+OkB23+25ZxTUcwozVhmX/CDJBRhiFIGy/DZ/+vO4zAx/liGMKKYKoo+x8GKIY2AYmScxMhNRGzRPDFUezxfZJOoB6pM5v9RuQP0iPd1cf0A5Rzeev9UK+gmZSjojY5NrhjR1z7XJB/y/lSc0eseqKRSPbuX+5+im0Epnq7recTnI73WR/h4I0juSo0vV8sTjghhNXl/5x52NO2YzTfXZuzPT3H94ix8U8tdRkgFmJctZlltMNEidFW8aqfLMhLkKK4EeLqQPly9B7Pp5hCdewQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=wisc.edu; dmarc=pass action=none header.from=wisc.edu; dkim=pass header.d=wisc.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wisc.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wks5+/QbCxK+gRI0Wk+cgVr85bBKfTCeortlcmnwLUk=; b=X3ZYi6QNkhl7CKpqhcbMvSTsZm1O3UZQL5iMYbukdNo15MyJ+FDhdcY08v2OxjkEFG7ykX8bkVZ1nf0MhqgNgh+cvqPOqCGVcXFkFjY7kQ+46LcEsMX97kUzaiAq0iquSMGQadevS9SQ7Oq4dakb+KrUvWbDDoXghk+/EeC9MhQ=
Received: from DM5PR0601MB3671.namprd06.prod.outlook.com (2603:10b6:4:7b::16) by DM6PR06MB4539.namprd06.prod.outlook.com (2603:10b6:5:19::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.32; Tue, 6 Oct 2020 18:59:16 +0000
Received: from DM5PR0601MB3671.namprd06.prod.outlook.com ([fe80::3140:5114:c860:9a7b]) by DM5PR0601MB3671.namprd06.prod.outlook.com ([fe80::3140:5114:c860:9a7b%5]) with mapi id 15.20.3433.045; Tue, 6 Oct 2020 18:59:16 +0000
To: dmarc@ietf.org
References: <20201006152041.9A2BC23014C8@ary.qy>
From: Jesse Thompson <jesse.thompson@wisc.edu>
Message-id: <fe197dd0-271e-b9a5-fb3d-ac9f51c008bf@wisc.edu>
Date: Tue, 06 Oct 2020 13:59:13 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.3.1
In-reply-to: <20201006152041.9A2BC23014C8@ary.qy>
Content-type: text/plain; charset="utf-8"
Content-language: en-US
Content-transfer-encoding: 7bit
X-Originating-IP: [144.92.38.238]
X-ClientProxiedBy: CH2PR08CA0023.namprd08.prod.outlook.com (2603:10b6:610:5a::33) To DM5PR0601MB3671.namprd06.prod.outlook.com (2603:10b6:4:7b::16)
MIME-version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.130.185.247] (144.92.38.238) by CH2PR08CA0023.namprd08.prod.outlook.com (2603:10b6:610:5a::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.38 via Frontend Transport; Tue, 6 Oct 2020 18:59:15 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 19666f5e-8942-498a-acc4-08d86a29ebe0
X-MS-TrafficTypeDiagnostic: DM6PR06MB4539:
X-Microsoft-Antispam-PRVS: <DM6PR06MB45392D68492210BE2DD4F4BAF60D0@DM6PR06MB4539.namprd06.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8882;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: oudQC8eGBTGgOY17WGFbbC/pSb8FU5HKHFccLN8sU1pJT1CNZgWuq9s0jEMH26F7s1eF4QO4ZPd+erOXtblqzK4BOlKfy78T8tcqba1KWFc/Nsod6rLtXmdeGtp+mARtbRTYGKoOU/kGpvQDmIkdyU2vBgnpOnSKdBvt7VK60egr2pIEbcfqgLogU74O5izBx68SOt5u7xFHzxRQ0SkelAOBbKt/hh45v0YPpC8T5LRv/N0mpW+lbSdRR22SOzmeycf5+4C82xJ4FNwsAFib/LrCqFwdsUd2im6+dOoNKWfg6P0nHzH/dy8wH/C+yJDY4owpsaQbxylNL6vuLK2g+Wr5cgZbGWHB0pBrZt8P7kcxL6x6jEkVTtzwiTdLA/5L
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR0601MB3671.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(136003)(396003)(346002)(366004)(39860400002)(956004)(2616005)(31686004)(66556008)(6486002)(66476007)(66946007)(36756003)(2906002)(44832011)(75432002)(86362001)(6916009)(5660300002)(8936002)(8676002)(16576012)(16526019)(186003)(786003)(316002)(26005)(53546011)(31696002)(83380400001)(45080400002)(478600001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: Q4Bm+6/GvMOkgxIcN3ejuJcmmlnFzRbGLil0CXciQwcNPuQWJO0m4HfCwpfm5KDiCXKXIFxOXrWZAnGkIIt8B1njaBLta1LWjGyvrj4IBQvr2d6Ex42GIMwN/ykR/ZFlcodeGEPaDYf6OxMqKhU5Rzgec9/QSGYg36KxiqJ28vsiljQiZaonDvIJGHR1hNbJhF5NKeogzt7sFzRYQHUTG4NNOBduwtqbksNQg/T9cRsSzqwAKPey9HK4JVzTq2PMhZIhqwNivMYpl8tpf4Pic14LUb7/xPYFuAf/ViOauNF8sS9849kKzmkLjlHngnlpD0cDaz43CY2IfDl4GQItowT2pbIqTSGbgRvVxZLZ87Ho5gxIHuZhzAYfgRAP5n04GppBx7d0PUUTbx7Ikq7mqs8pIDKNBQ5UR7RABP7/hx9CO1o4i4iN+bAYTfObr3cMdnZS49RXSXP86gOJRAa70Clz/i6bBMX5iZqhse58hjaMLhRbg9Avd5834ECOa/OJo0LEH8oY42Mg68FprB3Ki4YBbUwwMt0pRfA/7yz8NDYA4sJJSxCjxYMv5ik/+TLfZp5xJi3DS6SJBkTW2EmnSi0gMlbGx5w60XyqiiyVqm5EpaSTRSPdavhcCxSorignSBNuvJxDxPG3KkZcm7DOCQ==
X-OriginatorOrg: wisc.edu
X-MS-Exchange-CrossTenant-Network-Message-Id: 19666f5e-8942-498a-acc4-08d86a29ebe0
X-MS-Exchange-CrossTenant-AuthSource: DM5PR0601MB3671.namprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2020 18:59:15.8657 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 2ca68321-0eda-4908-88b2-424a8cb4b0f9
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: zq9j2MLyj1JOrqOTef0ROKD1L1pWbq/M9RQRDJwG8nZI3I1Ui0k7HO1m4KaAd6CA1iIwH+HlNZbw8m9Q9mZggQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR06MB4539
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/7iGGwoBwFQd7TYMBYT2meWMjx_M>
Subject: Re: [dmarc-ietf] ARC usage, was Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2020 19:05:13 -0000

On 10/6/20 10:20 AM, John Levine wrote:
> In article <1265372281.9984.1601969016735@appsuite-gw1.open-xchange.com> you write:
>> It would be much better if there were a few professional/community efforts to build reliable and complete lists of good
>> and bad ARC intermediaries, like for spam.
> 
> Having tried and failed to build a whitelist for Spamhaus, I can tell
> you that it's hopeless.
> 
> The bar for ARC to be usable is pretty low. It's not "doesn't send
> spam" or even "knows who its users are." It's only "doesn't lie about
> where mail came from."  I expect that in practice the usual DNSBLs
> will be good enough.

Is the assumption with ARC, when it reaches some point of "production" status, that intermediaries will be able to look themselves up in the usual DNSBLs to see if they are trusted so they know that they don't need to rewrite the From?  Sorry, that's going down the rabbit hole...

I only brought up ARC as one example of local policy overrides that an ISP-hosted receiver might want to have mechanics to control.  Even with ARC being adequately managed by the usual DNSBLs, I could imagine that I would want to have some control over the edge cases.

Surely there are other examples...

* This is probably the most common one, based on personal experience: Allowing a 3rd party to send inbound mail to your organization "From" your own domain, but not allowing that 3rd party to use your domain to send outside of your organization (hence, not authorized by DMARC).  Ideally I would want a solution that keys off of multiple signals (SPF result, DKIM result, DKIM domain/selector, etc) rather than something crude, like "trust all mail from these IPs".

Again, my larger point is that if we want "filtering signal" to be the primary value-add for DMARC, then I'm suggesting that we may need to ensure that receivers actually have the ability to invent filtering signal mechanics in order to be "using DMARC".  If the receiver's ISP is preventing that, then perhaps there needs to be a way for ISPs' customers' to measure their ISP's DMARC capabilities/maturity in this regard.

> I am told that Office365 allows clients to place their own email filter in front of the one provided by Microsoft.  I don't know whether that solves the black box problem that Jesse raises. 

Yes, this is what we do, but it's not common.  Microsoft occasionally tries to convince us to point MX at them, and I sympathize with their motivation to put all of their customers in a consistent configuration.  On the other hand, there are some local policy mechanics that we currently rely on which they don't provide.

Jesse

v2.23.0 | Report a Bug | By Email