IETF Logo Mail Archive

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

"Murray S. Kucherawy" <superuser@gmail.com> Sun, 09 April 2023 07:51 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80370C152565 for <dmarc@ietfa.amsl.com>; Sun, 9 Apr 2023 00:51:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8-XzxZJ-eQXA for <dmarc@ietfa.amsl.com>; Sun, 9 Apr 2023 00:51:00 -0700 (PDT)
Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAAF2C152564 for <dmarc@ietf.org>; Sun, 9 Apr 2023 00:51:00 -0700 (PDT)
Received: by mail-ej1-x636.google.com with SMTP id sb12so5824121ejc.11 for <dmarc@ietf.org>; Sun, 09 Apr 2023 00:51:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1681026659; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=aw+VPvT+69tcnRtbKyRYj9hbYDw67+xWASJo/qPsylk=; b=PhS+VGOm57uXvE5JoFQUHffQcIOyjKwQ14HjDazkXpLDGnbldU7DZ6kJCMxGN7RFu1 Z+fSTPlTspuDL5mlL26TOADssIXGfDvyU/xAGHAF+/JfWel1hxLsujb76fd8ntvyYqAM nZwB9adR1Eb+lzm5qGQAf1A8TntL1iTlzUaYTD5NrA08GuNQWPTliqiMXTtPwNW8NT+M k80Bngk6BApXInUQ4ObucL+qOKYh5QPE9/3xkbYV2em1GRDNIVUjaIJV2G3J1X8c/z0o HVlQRw7E8OlsKasRpAQu09JYeJ/9NLBd4pn26LMSw8UvM2scd6Z2Zop1D4uXQtaAKMv3 77dA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1681026659; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=aw+VPvT+69tcnRtbKyRYj9hbYDw67+xWASJo/qPsylk=; b=qFLEydvrklHRlEfzlWorkM6gGLQsCMz5s/eeMa6Hy43GcjGoWZwkwLEcdRxL4ZuKb6 NibrRIQcXdmGHNIfyRvmQUEh790rjZj42Ya7D+i2nO0PEOr1IIXPvRHeZALbHtn6VF7T HXuW1l0aUNnni/KUxkjTx3356QCQEs2Xq6Tc/k0JkkLvzHnMR1/39zYagpwVHNg1LhsP Fn+g87YniCt9P/FhCn6r3DVebWbBd2OGwbXjmYCnQtq3tAQiojb+Rrbu8EEHkAHHB/zQ dOK/MH1LDYH2/6az0X/QVV8roqxC2Roy8ub/04cR0zWFe2fyaQyXvKrZLU1kUKBtee8O zsGg==
X-Gm-Message-State: AAQBX9fFnoFrkpDWkANnX8YbC/rTLQe9VcGqfeg/dACxGWGh7oQnn9FM +BGg6uhH0ua6UCI/YCiC1D/H9hZPZWlSknDchmrD44iWaOI=
X-Google-Smtp-Source: AKy350aEVPm36zteQZ5dFE0CjV1wJ0qPNYSlPMqnsmdNr+sspJNgSm8eUcBFSfWh6f3A+m1sTcmxz1j0UYB7YRXRnWM=
X-Received: by 2002:a17:906:79c2:b0:92a:a75e:6b9 with SMTP id m2-20020a17090679c200b0092aa75e06b9mr1699952ejo.11.1681026658942; Sun, 09 Apr 2023 00:50:58 -0700 (PDT)
MIME-Version: 1.0
References: <CALaySJ+NBg9vzqa0_t-sBf7EKXQ3A=DTyy-Vc7M-ZK9-vfJxmw@mail.gmail.com> <13603D87-4FDE-4768-9712-E6DB0818C802@kitterman.com> <CALaySJLY-9O1Wauk50WMMobNs3cKUzmB+=np080nYCHEZa32UA@mail.gmail.com> <3129648.WqDQmVRvLn@localhost> <CAJ4XoYe3Z8=G8H6hQFuiMMwfZQt1JvLpK3bQmrtGCz=b-w=CJA@mail.gmail.com> <86E22FA6-759F-40F3-AEA3-119EE90F64A0@kitterman.com> <80086446-effa-7ee2-91c7-1f44449d92fb@tekmarc.com>
In-Reply-To: <80086446-effa-7ee2-91c7-1f44449d92fb@tekmarc.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Sun, 09 Apr 2023 00:50:46 -0700
Message-ID: <CAL0qLwaKO5A_OSjod00msw+8EALOUqYzeXb_aPjVhQ2R1wZKJg@mail.gmail.com>
To: Mark Alley <mark.alley=40tekmarc.com@dmarc.ietf.org>
Cc: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000dd41b505f8e2849b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/8BoF_99TfHF409kcGiWyGp8oIIc>
Subject: Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Apr 2023 07:51:01 -0000

Emphatically "wearing no hat" here, just speaking as a long-time
participant:

On Sat, Apr 8, 2023 at 2:13 PM Mark Alley <mark.alley=
40tekmarc.com@dmarc.ietf.org> wrote:

> Re-looking at the definition of "SHOULD NOT", I don't see why it can't be
> considered.
>
> "SHOULD NOT - This phrase, or the phrase "NOT RECOMMENDED" mean that there
> may exist valid reasons in particular circumstances when the particular
> behavior is acceptable or even useful, but the full implications should be
> understood and the case carefully weighed before implementing any behavior
> described with this label."
>
> Seems to fit perfectly with how domain owners currently can pick and
> choose interoperability with p=none over more strict protection, or vice
> versa with p=reject, in my opinion. Is that not considered "acceptable" by
> this definition's context?
>
IMHO, absolutely not.

Since one of the IETF's main goals in producing a technical specification
is interoperability, and since improperly deployed "p=reject" results in
the very essence of non-interoperability in the deployed email base, I'm
having trouble imagining why the standard should leave operators with any
choice here.  That is, in direct reply to the cited definition of "SHOULD
NOT", I claim there do not exist valid reasons in particular circumstances
when the particular behavior is acceptable, even when the full implications
are understood and the case carefully weighed.

(Note, here, that Barry has in his proposed text limited the constraint to
those types of deployments where the damage is likely.  I concur.  DMARC,
as currently defined, works just fine when deployed in transactional
situations.  Or, at least, I haven't seen that identified as a problem
case.)

Mike Hammer asks, reasonably, whether an IETF standard containing a "MUST
NOT" that we know people will ignore calls into question the IETFs
relevance or legitimacy.  But I submit that the IETF issuing a standards
track document which fails to take the strongest possible stance against
deploying DMARC in a way that knowingly imposes substantial breakage, for
any reason, is irresponsible and is the greater threat to our legitimacy.
Keep in mind that improper deployment of DMARC results in damage to
innocent third parties: It's not the sender or the MLM that's impacted,
it's everyone else on the list.  It's breathtaking to me that we can feel
comfortable shrugging this off under the banner of "security" or "brand
protection".

In a separate email, Doug Foster just said:

> I also have a hard time with the notion that any domain with a potential
exception becomes a domain that MUST NOT protect itself from impersonation.

But it's not "MUST NOT protect itself from impersonation", it's "MUST NOT
use DMARC to protect itself from impersonation" when the use of the domain
includes non-transactional operations likely to be disruptive.

Imagine a web server protocol that states, when receiving a proxied
connection, if the web server looks at it and sees something it didn't
like, it rejects the request, but also fouls up some other active,
legitimate operation in the process.  Imagine further that the only
defensive posture about this disruption is a "SHOULD NOT".  Whatever
benefit such an algorithm might claim, should it be given a place among the
other standards the IETF produces?  I would hope the answer is obvious.
And if we're not willing to tolerate it in the web world, why are we
willing to tolerate it for email?

The IETF has no illusion that it is the standards or protocol police.  It
is sufficient, however, to be able to say in the face of such breakage that
this is not how the IETF intended DMARC to be deployed.  (A similar debate
exists already, for what it's worth, in the domain registration space.)
That is, if you do "p=reject" when you know what you're doing is going to
clobber other people's legitimate operations, you can't claim to be
operating in compliance with the standard.  We need to be able to say that,
even if the offender doesn't care to listen, and "SHOULD NOT" simply
doesn't cut it.

Mike also likes to invoke King Canute, but I think that's a faulty
analogy.  DMARC does not deserve elevation in our calculus to the
equivalent of a force of nature.  It was built and deployed by humans, who
often make mistakes or have agendas.  The same cannot be said of the ocean
or tides.

Finally, and for the only part with my AD on but askew: Scott has proposed
a couple of good alternatives to consider, though one of them includes
"MUST consider".  I have placed a DISCUSS on formulations like this in
other documents before because I don't know how one would evaluate
compliance with such a normative assertion.  It reduces in my mind to "OK
I've thought about it, thus I have complied", so it doesn't actually say
much in defense of interoperability.

-MSK, participating

v2.23.0 | Report a Bug | By Email