IETF Logo Mail Archive

Re: [dmarc-ietf] auth-res vs. dmarc

Todd Herr <todd.herr@valimail.com> Wed, 30 December 2020 16:38 UTC

Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 642FE3A09A4 for <dmarc@ietfa.amsl.com>; Wed, 30 Dec 2020 08:38:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P5JwHMlVrqP9 for <dmarc@ietfa.amsl.com>; Wed, 30 Dec 2020 08:38:45 -0800 (PST)
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4DDC3A098A for <dmarc@ietf.org>; Wed, 30 Dec 2020 08:38:45 -0800 (PST)
Received: by mail-qk1-x72e.google.com with SMTP id 186so14344008qkj.3 for <dmarc@ietf.org>; Wed, 30 Dec 2020 08:38:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=u79dmb5XAJqRxsQCn2Tg+qfAoW5cwwCcfc3Rmlo0ogI=; b=fK1PCS+l+8DTKvpA78dVToJctZF6SFTJPOGUVsykLsgyrg23/0qIgfmragNBqrP8IG ZQog7wOQtlCf3fcjNzpGbjRsU1zrLUJg/MuB+ZlztSDFRVCIrSfH82oNOkFxt4uBnLdg aQiioVnER+45yjiCEjt8Ab2lsQdDualCQROWA5SjdwYdl3cA1dhWip885mAqZzEJZh49 2ceY1tz9yhbxis/boGKr8n3rFzZtLDdxz1STFEP6thYlyR42IEbnMEAH5rWwPHCkADoQ zrSQUJM6fs5wDMD6Fh+yF83myc4f0mgfNMIE8SxfrRjw2fHYH05LgL8OfR+yu5nrkGAE oAig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=u79dmb5XAJqRxsQCn2Tg+qfAoW5cwwCcfc3Rmlo0ogI=; b=XUlrO+DT6Cx1YPUw39d34emqQjSav5ByGYXULCxeH9MMolJW5uNCkSUEGcP7ghoneR bFBRz5u/DuY3sIg5snBPdqgUrpk5p8QEe8JEhxr2rzBkvEpoZUKhygygR/Q7sm0roGPQ LNASThLtyj26o3rZZkvtkpJuRynvzcqmxp+MmKkqa2+pkwcIoWj4m24SDhsDOL2B2nAV LWJk3blvCVBiVfQ5O4y3RU7SrjrHme9T8LKBkeGFqSmrJDoG2Ro30gE73URQ+65y06Se HuTMPxqiE3LTpCGTLttm1+R2FjRJtpQWIZLsYjZNiog5TuiQeWL3ni9f1T1Gye/iM3ff XC8Q==
X-Gm-Message-State: AOAM533YDCJQGjN+/f0q+PD+qygvrtRYyz3kGOQNWfyqiCX3tMA2jbzQ yriOwBAB5Z9okV16orDOgAmE7HtdIoAoA8ofbhbf8+bTS3rM2w==
X-Google-Smtp-Source: ABdhPJyasoHnBlT9iC1ru4eTJKp8L2mnJqJG7Ne6cvrvuG24Zzhv0oFtnD0pwhyijeuUSzb8JimDLDAR1XLJ7Ou5hxg=
X-Received: by 2002:a37:e20d:: with SMTP id g13mr54913992qki.325.1609346324382; Wed, 30 Dec 2020 08:38:44 -0800 (PST)
MIME-Version: 1.0
References: <9f6782b1-e85b-1a9c-9151-98feff7e18ea@mtcc.com> <CAHej_8m0OWsTt+tcSgUh+Fxu=HH_57nsb2O1Q_fgA2453ceh4g@mail.gmail.com> <140485eb-020f-4406-3f2f-e2c475ea51e5@mtcc.com> <CAHej_8mApfoF2ORgL+DoYTanrdhMjvT9H27kORwLKCQc1C9sRw@mail.gmail.com> <5588dbbe-b876-ed80-c80f-792380e3718f@mtcc.com> <CAHej_8=kW_t_JkOxUud1Uz8+PrbMh5CfwfxZK=mhe0wjW8wQpw@mail.gmail.com> <54dd9978-bcd1-6757-ad27-dcef6db6e5f7@mtcc.com> <CAHej_8kCi=7oqojDH_rbjn7kRg-PTDJWLgcKTGK9z-baUnKeMw@mail.gmail.com> <ef32de1e-d47e-1d0f-3cec-5994c7fdb7ae@mtcc.com> <CAHej_8kjSsQK_XEbdjWzV5npa29YjGadzD06Fmx3QLB4p+n_Cg@mail.gmail.com> <937f1019-a028-308d-2a0f-1e720fd49dcd@mtcc.com> <d8014c2a-c1c9-9eac-e64a-5f285bab7fd3@tana.it> <CAHej_8mgYr9ERAxmup+keZT5u8L+qgCxcSLH7Z=BEuZLouttpg@mail.gmail.com> <9c5f18c2-c5f6-4f66-a185-f684949738b5@mtcc.com> <CAHej_8mDb6MQk8y2mZZC6d4AD7Zi8xJDsbDn2=FoD+Bx-wVAkg@mail.gmail.com> <326d993e-0d92-206b-dd94-bef21ddfbaaa@mtcc.com> <CAHej_8=Gaou-Mb1vkwxABXLt7a_de03EVgPdyjZTdjR_+7DrrA@mail.gmail.com> <06474cf1-105a-b6fb-a7b5-de6f7dff761d@mtcc.com>
In-Reply-To: <06474cf1-105a-b6fb-a7b5-de6f7dff761d@mtcc.com>
From: Todd Herr <todd.herr@valimail.com>
Date: Wed, 30 Dec 2020 11:38:28 -0500
Message-ID: <CAHej_8mzQoLrXVCsXDiEjVJCKT=o-jjoSH-JcUQOpnnDZt2jjw@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fc5b5f05b7b123e4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/8TWzsQf-9TJCDHoURo7arq7Jh4U>
Subject: Re: [dmarc-ietf] auth-res vs. dmarc
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Dec 2020 16:38:54 -0000

On Wed, Dec 30, 2020 at 10:48 AM Michael Thomas <mike@mtcc.com> wrote:

>
> On 12/30/20 7:40 AM, Todd Herr wrote:
>
> I already said there is a thunderbird extension called dkim-verify that
> does exactly that. It says "DMARC: fail". That is highly misleading to the
> user.
>
>>
>> I see.
>
> I wrote "MDAs and local clients (web and mobile) at the mailbox
> provider",  and I was referring to things such as Gmail's web client,
> Gmail's mobile client, etc.
>
> You are talking about an extension for Thunderbird, which is different
> from what I'm talking about.
>
> Thank you for the clarification.
>
> This would be a problem for any MUA. That's the point. It's not different,
> it's the exact same problem for every MUA. There is no normative mechanism
> that gives anything downstream from the DMARC check producing the auth-res
> to be able to use that information correctly. And we sure don't want
> billions of MUA's doing DMARC checks on their own because of the inadequacy
> of auth-res. There is code in that extension to do exactly that. If that
> were widespread, it would be disastrous.
>
>
>
As I attempted to communicate in a different message, we're making
assumptions about the use of the A-R header that may not be entirely valid.
RFC 8601 says in its Abstract:

   Any receiver-side software, such as mail filters or Mail User Agents
   (MUAs), can use this header field to relay that information in a
   convenient and meaningful way to users or to make sorting and
filtering decisions.


It does not say, however, "can use this header field, AND ONLY THIS HEADER
FIELD, to relay that information"; it doesn't even require that the header
be included.

There are quite a number of headers inserted into messages at the major
mailbox providers, and I'd wager that some of them are used by the MDAs and
local clients instead of the A-R header when executing their message
delivery and display actions; I might be wrong, but I imagine the folks
who've put together these enormous email systems do things in such a way
that maximizes efficiency for them.

-- 

*Todd Herr* | Sr. Technical Program Manager
*e:* todd.herr@valimail.com
*p:* 703.220.4153


This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.

v2.23.0 | Report a Bug | By Email