IETF Logo Mail Archive

Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal

Barry Leiba <barryleiba@computer.org> Mon, 26 June 2023 18:14 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 738E9C14CE5F for <dmarc@ietfa.amsl.com>; Mon, 26 Jun 2023 11:14:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.553
X-Spam-Level:
X-Spam-Status: No, score=-6.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.096, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n38bxAMbzwSA for <dmarc@ietfa.amsl.com>; Mon, 26 Jun 2023 11:14:06 -0700 (PDT)
Received: from mail-lj1-f175.google.com (mail-lj1-f175.google.com [209.85.208.175]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BECBBC14CE51 for <dmarc@ietf.org>; Mon, 26 Jun 2023 11:14:06 -0700 (PDT)
Received: by mail-lj1-f175.google.com with SMTP id 38308e7fff4ca-2b69ed7d050so24672401fa.2 for <dmarc@ietf.org>; Mon, 26 Jun 2023 11:14:06 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687803245; x=1690395245; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wRM7HcFMI5GtJXLxddBZuHduOZBKj6dUdhpllG4Jk4Y=; b=KdRZpoBtLCfnXDWBQjYUwihyh8bAJrdxda1h91/JabJX482kxPfeyU4YGzFpj83KRc zomyWYcuSKtnWBuB4pShEOyHu9BAeJlH3tvwFKD8ZXlX6w7mhEW1S2KPtBbWGSj7XGmo Np+jY2FX0NF9Kfse2UVKW/cPfJF2u7Tf2W+b62wlqYPKGpWctwtUWIf/aMy+fB5KyRXH XyJyEe5AJaX6Ny1dMaFeNIIumt/OpSaHmPjS8BygLzBXqw1xuaUfHUEXrBR/Yvd2Iru2 qX9QXv1W8EY488GrhJZ8N/C3zoSoCCLVtFTCQ4WgiNuepx+hrkDxLif2SYhJUYuZT2F/ w9bg==
X-Gm-Message-State: AC+VfDwatbtURazICkUaTJ3tJlbKRsl5Q5smdXuxrJvJWUqojBZVe+ZD +eq2SgQ6BR8HK3mThftChK5YIvUcEpi3HvTgMEM=
X-Google-Smtp-Source: ACHHUZ6gVquS+f+vMr85dhrKMwYru7iNvNeu6qB0DAhDqXxeWKKX5JnCHHTRnk1bdZ3ydbKCG1R6QfpDZjPIIoDcSyc=
X-Received: by 2002:a2e:9c51:0:b0:2b4:801b:8421 with SMTP id t17-20020a2e9c51000000b002b4801b8421mr14316984ljj.20.1687803244385; Mon, 26 Jun 2023 11:14:04 -0700 (PDT)
MIME-Version: 1.0
References: <20230623021810.E5F8DF9B3B94@ary.qy> <6495D504.4090809@isdg.net> <839aa10b-f7fa-c7a2-76db-6441189afca2@dusatko.org> <CALaySJ+gcVvpzJcrpUbOkOvjUFAhzw=pZovpZC7BhW_x7VW7nA@mail.gmail.com> <CAL0qLwasxzqJt7Hr7gZd86C=ivCrDUci_i6pkJJUTnqzL1pHMA@mail.gmail.com>
In-Reply-To: <CAL0qLwasxzqJt7Hr7gZd86C=ivCrDUci_i6pkJJUTnqzL1pHMA@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Mon, 26 Jun 2023 14:13:53 -0400
Message-ID: <CALaySJ+gjR6D-OSE_07iSH2zXa7wypUQwPN1cL-1s+NC2S4L8g@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: dmarc@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/8WMu2RlSZHOr2JVyCig8nspTXJ4>
Subject: Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2023 18:14:07 -0000

I'm saying I don't want "and" to be an option, because I think it's
damaging to DMARC.  There is no reason anyone should ever want to say
that, and providing the option asks for misconfigurations because
people think it's somehow "more secure".  It's not more secure.  It
would be very bad for deliverability of legitimate mail and would
provide no additional security.  It would be a terrible mistake.

Barry

On Mon, Jun 26, 2023 at 11:55 AM Murray S. Kucherawy
<superuser@gmail.com> wrote:
>
> Just to clarify something:
>
> On Mon, Jun 26, 2023 at 5:52 AM Barry Leiba <barryleiba@computer.org> wrote:
>>
>> I can accept some mechanism for the sender to say "SPF only", "DKIM
>> only", or "either SPF or DKIM".  I cannot except a version of DMARC
>> where *both* must pass.
>
>
> I think the proposal before us is to allow the domain owner to indicate it wants specific combination(s) of SPF and DKIM to pass in order for DMARC to pass.  I imagine the default would be "or" which is backward compatible with what we have today, as the charter demands.
>
> Are you saying you don't even want "and" to be an option if it is made configurable?  Or do you just not want the "or" to change to "and" without the proposed new tag?
>
> -MSK, participating

v2.23.0 | Report a Bug | By Email