Re: [dmarc-ietf] p=quarantine
Todd Herr <todd.herr@valimail.com> Tue, 22 December 2020 15:42 UTC
Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35E253A1117 for <dmarc@ietfa.amsl.com>; Tue, 22 Dec 2020 07:42:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vugmNRifa527 for <dmarc@ietfa.amsl.com>; Tue, 22 Dec 2020 07:42:01 -0800 (PST)
Received: from mail-qt1-x831.google.com (mail-qt1-x831.google.com [IPv6:2607:f8b0:4864:20::831]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3EFD3A1116 for <dmarc@ietf.org>; Tue, 22 Dec 2020 07:42:00 -0800 (PST)
Received: by mail-qt1-x831.google.com with SMTP id b9so9201431qtr.2 for <dmarc@ietf.org>; Tue, 22 Dec 2020 07:42:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=+n3lbDftU/YhGyLbuFA0dSD8JiE3S9kLw9UE+mIicFk=; b=Q9wMvyZQwv/ijbtERJBDZyR0/S7b5pajZXnoBtTzTwo29EUdHh5vtNP1j605a4i0+l kUAzXtII0/wVYljQvqBskBc4LouON2Jd7bFSKmxwmnX7U5cUfiFybzuVoLCyMUh9lqtg a+eAgZ8HyzOEsaCrhgBJ76VYm+0QK3484mlAUmT7EDypVqasKAorhradP92uQP9KRJZ3 xVXEMlcDRYQSIDGVitL1DB5vu6Mis9OHVfrfRJmO5ljS4jWtY1x2vAFLKjECDas6Q1Dc y7zRgOp99tIPQKGV84caSfrn4UHJbQEzWTvY9r7MkoeNwufAFFslttCRRaGwa8+ZPCT9 gD3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=+n3lbDftU/YhGyLbuFA0dSD8JiE3S9kLw9UE+mIicFk=; b=F/WBHtLnjAv5LkB8NDRQhXzC/C70fvLU4XxRE2K5Pea4MEnKrAeoYJkIgau330QvIC Ji3f2cdDKH9/PFDa5pKz8ApU538iHbh/LMOBn0I+vVCWNVD/+2chVGHfBkQ7CRM7pIOI Os7ykk0tRmy5aYF0DLM6AhmrsEmUSH+7V+lGjZyqfaCDSDReK/4ROAzq5bd6FOAP+uMn ItsXTN6t1iOvbKPdvDVAqfgKoJ4B9FxESAzw2SSd5fgWKSayffcZ117xqgomWO3aznBM sUU+eb3ORu7k6xpz03G/YHFCPkCwtKwwcA+oL4UOQKQS6XRWlFtLfYLhNABJI6XrrQnP KgZg==
X-Gm-Message-State: AOAM533Y2xyxTQQ4F5jHVM0KHUWi61c/Nkj1Qx501BlwgpihBo+tYlcH 2bFu4MtzT0NQ1Jrhbc9akGmfcvlFlNlycBF8gnVNvc5YH8s=
X-Google-Smtp-Source: ABdhPJwgZZ9GT1Q6U/pekJDb0VusJpOynD266jg4d5rWtZ2tn6wB8whH/3XjlvyC6hW2PQtFbbXgxjdkzBbkwWimMrw=
X-Received: by 2002:a05:622a:14e:: with SMTP id v14mr21800986qtw.298.1608651719520; Tue, 22 Dec 2020 07:41:59 -0800 (PST)
MIME-Version: 1.0
References: <20201211173722.6B4DF29782C7@ary.qy> <ea074aad-971b-abc6-d557-ea2f433b3cc7@gmail.com> <CAH48ZfxEjGHv99z3RGj+Z+KJaFVPvm6RG4UzkKuOoDQDVCmb3g@mail.gmail.com> <A5E108DC-2692-4927-B2C1-AE3FED6DA8AA@wordtothewise.com> <CAH48ZfwkPEgexwGvyMT_PevMM5ngBT_XRfHYi7Wy1yxMw1LP1A@mail.gmail.com> <A07FA3DE-4C51-48C4-A2E7-067987200E1F@wordtothewise.com> <CAH48ZfwykEJM9AXKrp+SS4SgM4N1W70eLqHW+PXB18a_TrV6iw@mail.gmail.com> <02f786e5-b7cd-9a89-e3e3-73594f3bcda0@mtcc.com> <CAHej_8nHfn4uT4oeFJN-pbd-u3vrv2WiSnmAH-2v35OBmSi1cg@mail.gmail.com> <e715de9a-5f24-8077-0038-14c664850bd1@mtcc.com> <CAHej_8=FoTmCg8goD-yC2nTPKzoMUTNjfJ4aeTC4j7vYJEf0sw@mail.gmail.com> <cb659179-a3f0-bec6-d6be-7d2bd665d78e@tana.it>
In-Reply-To: <cb659179-a3f0-bec6-d6be-7d2bd665d78e@tana.it>
From: Todd Herr <todd.herr@valimail.com>
Date: Tue, 22 Dec 2020 10:41:43 -0500
Message-ID: <CAHej_8k1Z-=_0gRrbV32r1vnGKAcB287utuEL5kR=Xru_Uth2A@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004f473405b70f6a96"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/8YCLqZlaX_UdwsfVk4J05t2XVHI>
Subject: Re: [dmarc-ietf] p=quarantine
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Dec 2020 15:42:03 -0000
On Mon, Dec 21, 2020 at 12:47 PM Alessandro Vesely <vesely@tana.it> wrote: > On Sun 20/Dec/2020 18:10:03 +0100 Todd Herr wrote: > > > > Lists are a specific instance of the more general case of indirect mail > flows. > > > How many kinds of indirect mail flows do rewrite From:? > > Specific methods might prove more effective than general ones. > > Sender Rewriting Scheme (SRS) exists for the rewriting of the RFC5321.From address, and is sometimes used in mail that is forwarded by rule, say from @ alum.institution.edu to @consumerMailboxProvider.com The larger point, though, is that mail that automatically passes through one or more intermediary hosts on its way to its final destination can fail authentication checks at the final destination due to the impact of changes on the message, either in path, or content, or both, as it traverses that journey. It seems to me that we can either work to find a way to ensure that such failures don't happen, or we can work to find a reliable and trustworthy way to record authentication results along the way so that the failures can be mitigated and not result in failed delivery of wanted mail. > > [...] > > > > Since the receiver typically can't perform the same checks under the > same > > conditions that existed when the intermediary performed them (if it > could, we > > wouldn't need something like ARC) then the receiver has to decide if the > > message is consistent with messages it's previously seen through direct > mail > > flows using that same authenticated identity that was captured by the > > intermediary in the ARC header set. > > > Doesn't that assume some kind of omniscience at the receiver's? > Consistency > with previous messages by the same source is not straightforward. Using > the > same selector? Signing more or less the same set of header fields? > Choice of > vocabulary? HTML vs. plain text style (e.g. line length)? A.I.? > > Not omniscience, no, but certainly a method of tracking an authenticated identity's reputation, and consistency of reputation is what I'm speaking of. Allow me to try again to get across the idea that I'm so far failing to make clear. I'm not currently working for a mailbox provider, but I have in the past, and so I will role play as one here. As a mailbox provider, I have a system for authenticating the identity or identities associated with messages that come directly to me. These authenticated identities can include some or all of: - The DKIM signing domain(s) - The DKIM signing domain(s) and selector(s) - The RFC5322.From domain (authenticated using DMARC) - The RFC5321.From domain (SPF) - The IP address of the client that passed the message to me - The domain associated with the PTR record of that IP address - Others as I deem useful For each of these authenticated identities, I can and will track how my users/customers/mailbox holders engage with the mail they receive, thus over time establishing in my system a reputation to associate with each authenticated identity. If, for example, mail that is DKIM signed using selector S and domain D is mail that my users demonstrate through their actions (opening it, clicking on links in it, etc.) is wanted mail, then that authenticated identity (S._domainkey.D) will be associated with a good reputation (however I define "good") in my system. Lather, rinse, and repeat for other authenticated identities associated with the message, and allow that both good and bad reputations can be earned. Now here comes a message that is DKIM-signed by D with selector S, and it fails DKIM validation when I do my checks. However, in scanning the message, I see that there is an ARC header set, one that was signed and sealed by A, and in that ARC header set is an ARC-Authentication-Results header that says that the message passed DKIM validation with signing domain D and selector S when A did its check. My conundrum here is "Do I trust A's claim that the message was correctly DKIM signed by domain D with selector S?" The answer to that question will depend on how my users treat the message and others like it, assuming that I accept it and deliver it. If my users treat such messages in a manner that's consistent with how they treat direct mail flow that is DKIM-signed by D with selector S, then A's reputation as an ARC-sealer/signer will be positive, because A will establish with me a history of being a source of ARC-sealed/signed mail with ARC header sets that can be believed. On the other hand, if my users consistently treat such messages differently than they do direct mail flow that is DKIM-signed by D with selector s, then A's reputation as an ARC-sealer/signer will be negatively impacted with me, because I will not have evidence in hand that this is a path for mail with an authenticated identity of S._domainkey.D to take. The point here is that ARC (or any system designed to capture intermediate authentication results) can only succeed if the downstream recipients of the message trust the information that the intermediary host(s) record in the message. What I'm describing above is one way to determine if that information can be trusted, one that I'm trying to design to scale beyond "Let me just whitelist these X hosts as reliable ARC sealer/signers." -- *Todd Herr* | Sr. Technical Program Manager *e:* todd.herr@valimail.com *p:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- [dmarc-ietf] p=quarantine Michael Thomas
- Re: [dmarc-ietf] p=quarantine Dotzero
- Re: [dmarc-ietf] p=quarantine Dave Crocker
- Re: [dmarc-ietf] p=quarantine Dotzero
- Re: [dmarc-ietf] p=quarantine Benny Pedersen
- Re: [dmarc-ietf] p=quarantine John Levine
- Re: [dmarc-ietf] p=quarantine Dave Crocker
- Re: [dmarc-ietf] p=quarantine tjw ietf
- Re: [dmarc-ietf] p=quarantine Dave Crocker
- Re: [dmarc-ietf] p=quarantine Kurt Andersen (b)
- Re: [dmarc-ietf] p=quarantine Dave Crocker
- Re: [dmarc-ietf] p=quarantine Dave Crocker
- Re: [dmarc-ietf] p=quarantine Kurt Andersen (b)
- Re: [dmarc-ietf] p=quarantine Michael Thomas
- Re: [dmarc-ietf] p=quarantine Dave Crocker
- Re: [dmarc-ietf] p=quarantine Dave Crocker
- Re: [dmarc-ietf] p=quarantine Michael Thomas
- Re: [dmarc-ietf] p=quarantine Dave Crocker
- Re: [dmarc-ietf] p=quarantine Michael Thomas
- Re: [dmarc-ietf] p=quarantine Hector Santos
- Re: [dmarc-ietf] p=quarantine Dotzero
- Re: [dmarc-ietf] p=quarantine Hector Santos
- Re: [dmarc-ietf] p=quarantine Kurt Andersen (b)
- Re: [dmarc-ietf] p=quarantine Dave Crocker
- Re: [dmarc-ietf] p=quarantine Laura Atkins
- Re: [dmarc-ietf] p=quarantine John Levine
- Re: [dmarc-ietf] p=quarantine Hector Santos
- Re: [dmarc-ietf] p=quarantine Dave Crocker
- Re: [dmarc-ietf] p=quarantine John R Levine
- Re: [dmarc-ietf] p=quarantine Michael Thomas
- Re: [dmarc-ietf] p=quarantine Douglas Foster
- Re: [dmarc-ietf] p=quarantine Dotzero
- Re: [dmarc-ietf] p=quarantine Laura Atkins
- Re: [dmarc-ietf] p=quarantine Douglas Foster
- Re: [dmarc-ietf] p=quarantine Dave Crocker
- Re: [dmarc-ietf] p=quarantine Douglas Foster
- Re: [dmarc-ietf] p=quarantine Laura Atkins
- Re: [dmarc-ietf] p=quarantine Laura Atkins
- Re: [dmarc-ietf] p=quarantine Dave Crocker
- Re: [dmarc-ietf] p=quarantine Dave Crocker
- Re: [dmarc-ietf] p=quarantine Michael Thomas
- Re: [dmarc-ietf] p=quarantine Dave Crocker
- Re: [dmarc-ietf] p=quarantine Michael Thomas
- Re: [dmarc-ietf] p=quarantine Tim Wicinski
- Re: [dmarc-ietf] p=quarantine Michael Thomas
- Re: [dmarc-ietf] p=quarantine Douglas Foster
- Re: [dmarc-ietf] p=quarantine Michael Thomas
- Re: [dmarc-ietf] p=quarantine Dotzero
- Re: [dmarc-ietf] p=quarantine Alessandro Vesely
- Re: [dmarc-ietf] p=quarantine Todd Herr
- Re: [dmarc-ietf] p=quarantine Douglas Foster
- Re: [dmarc-ietf] p=quarantine Michael Thomas
- Re: [dmarc-ietf] p=quarantine Alessandro Vesely
- Re: [dmarc-ietf] ARC vs p=quarantine John Levine
- Re: [dmarc-ietf] ARC vs p=quarantine Dotzero
- Re: [dmarc-ietf] ARC vs p=quarantine Alessandro Vesely
- Re: [dmarc-ietf] p=quarantine Todd Herr
- Re: [dmarc-ietf] ARC vs p=quarantine John R Levine
- Re: [dmarc-ietf] p=quarantine Douglas Foster
- Re: [dmarc-ietf] ARC vs p=quarantine Benny Pedersen
- Re: [dmarc-ietf] ARC vs p=quarantine Michael Thomas
- Re: [dmarc-ietf] ARC vs p=quarantine Benny Pedersen
- Re: [dmarc-ietf] ARC vs p=quarantine Alessandro Vesely
- Re: [dmarc-ietf] p=quarantine Alessandro Vesely
- Re: [dmarc-ietf] ARC vs p=quarantine Benny Pedersen
- Re: [dmarc-ietf] ARC vs p=quarantine Alessandro Vesely
- Re: [dmarc-ietf] p=quarantine Todd Herr
- Re: [dmarc-ietf] p=quarantine Michael Thomas
- Re: [dmarc-ietf] p=quarantine Alessandro Vesely