IETF Logo Mail Archive

Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?

Dotzero <dotzero@gmail.com> Mon, 17 April 2023 20:59 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DE2AC13AE23 for <dmarc@ietfa.amsl.com>; Mon, 17 Apr 2023 13:59:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d7TR0ar1XmYZ for <dmarc@ietfa.amsl.com>; Mon, 17 Apr 2023 13:59:41 -0700 (PDT)
Received: from mail-ua1-x934.google.com (mail-ua1-x934.google.com [IPv6:2607:f8b0:4864:20::934]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB919C15155E for <dmarc@ietf.org>; Mon, 17 Apr 2023 13:59:41 -0700 (PDT)
Received: by mail-ua1-x934.google.com with SMTP id x8so9763411uau.9 for <dmarc@ietf.org>; Mon, 17 Apr 2023 13:59:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681765180; x=1684357180; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=S5pQOSF1R+n10JybgGWlEQYKdPvmRTaFNEfZc7dcLRY=; b=sRiqEC6i20ws0f2jWGKZ2O/sfm9VVPeJ0KOPr95llJcd+gGF8TolF3CuzPFKzxoEMI ucqeLUsAxLFd9fLRKZ7NKiQplrOde3teQyG6TzF1NBpF7JoVYFq+b/CO3F3n6Ylhayr1 +Zz9bWOOzgIutLBdQ3r0/9XJ+7QQDD9nBXOcbPiI2aeY0oG92CsmLcY00qftPItm1cX0 88LvBPUVqqLlpzOSuUoBQBbpdfsxu85aeojybfw7tyZ8HWCcWyOLaDYAno8zU1hqEkRY px19hJMUwgMIUg9bkV5eBP1rlnTT0BgDAwR4x+ayKKcOXxc+qH29zs0HPiJ6EWnrhXps Wk9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681765180; x=1684357180; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=S5pQOSF1R+n10JybgGWlEQYKdPvmRTaFNEfZc7dcLRY=; b=f3RClzL7WXfqZAmUC42oFyL9Oy1Be1m1AjHxijuj0uZEzdqa4Ud8F37ZRvUY4U/0j3 j4gBZnIzs0sh/gYyURDWlpG0FwtzTjns1Apk9P5fRA2zYBmYP/6yJjMsLmmkfVhRjCxN c+vyXew+98OOJg52Q6X2voyukKCKQ6ua1iEXaml6a0PAgUOBi4FzSb1MooGEzA7laMR0 XXemmzqdLgTIuiZywSxi5Ec/JRXAIW+pNq4NlczseBAmynbY3O6/HyguUwZhBqhvqsT6 9VsWgZ6fwuFlTelchvGtF3fjhyOy4m7BxXu2z4a4w60kagGFoRBAJpBPIaAsaW/hOoi3 I3LA==
X-Gm-Message-State: AAQBX9dPCQ34n0jIM3YKy9S4CXBkI8DWYvxJr54288EhAstta/UYaf5b o8xGLZK0lCNUFlrg+qhO+ILawL3pSt5UkF9Q4dD6G9EU
X-Google-Smtp-Source: AKy350ai3BCKDgiPLxXg8JHrk03v1xp6p/eKkAMAOUJPCB7IXfWGxXQwBmuu24TR5RGjEDTePFLOEKNjpqcSe50lkts=
X-Received: by 2002:a1f:4106:0:b0:43f:e323:88f9 with SMTP id o6-20020a1f4106000000b0043fe32388f9mr4770285vka.0.1681765180575; Mon, 17 Apr 2023 13:59:40 -0700 (PDT)
MIME-Version: 1.0
References: <4FD1C711-7A7D-40E5-88DE-95CDD248F92B@wordtothewise.com> <20230417160520.0398EBF3F4F7@ary.qy>
In-Reply-To: <20230417160520.0398EBF3F4F7@ary.qy>
From: Dotzero <dotzero@gmail.com>
Date: Mon, 17 Apr 2023 16:59:29 -0400
Message-ID: <CAJ4XoYenNNNaiWJooioZDo9GhKUgZ2G+CmHSpXmt4jm9OD1ueg@mail.gmail.com>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002f258205f98e7870"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/8jlTiA2HQxX_bpO_Bf77xDKMdjY>
Subject: Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Apr 2023 20:59:42 -0000

On Mon, Apr 17, 2023 at 12:05 PM John Levine <johnl@taugh.com> wrote:

> It appears that Laura Atkins  <laura@wordtothewise.com> said:
> >Is this another issue we should document and make recommendations about?
> I was thinking along the line that transactional SaaS
> >providers should fully support DMARC and should not allow companies using
> p=reject in their business mail to access the
> >service?
>
> Section 2.4 says that everything other than the From: header is out of
> scome. Section 11.4 describes display name attacks and it looks OK to
> me. I suppose we might tweak 2.4 to clarify that anything other than
> the mailbox in the RFC5322.From field is out of scope to avoid any
> implication that we're talking about the comment part.
>
> +1
>
> It's not exactly a secret that bad guys can use misleading connents as
> easily as good gyys. If we tried to enumerate all the ways that people
> might do dumb things, we would die of old age before we finished so I
> would prefer not to start.
>

+1

>
> At M3 people occasionally have talked about extending DMARC to cover
> the From comment but it's such an ill-defined problem (what's
> allowable? how could you tell?) that it has never gone anywhere.
>

There are things that can be done but to me they fall under local policy
and not interoperability. For example, if an email address is displayed but
doesn't match the From email address, don't display it. Some sites never
display the comment and only display the From email address. Things like
that.

Michael Hammer

v2.23.0 | Report a Bug | By Email