Re: [dmarc-ietf] dmarc and forwarding

Matt Simerson <matt@tnpi.net> Fri, 31 January 2014 06:52 UTC

Return-Path: <matt@tnpi.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 398891A0553 for <dmarc@ietfa.amsl.com>; Thu, 30 Jan 2014 22:52:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rhL5fdktnnFX for <dmarc@ietfa.amsl.com>; Thu, 30 Jan 2014 22:52:06 -0800 (PST)
Received: from mail.theartfarm.com (mail.theartfarm.com [208.75.177.101]) by ietfa.amsl.com (Postfix) with ESMTP id 952741A0550 for <dmarc@ietf.org>; Thu, 30 Jan 2014 22:52:06 -0800 (PST)
Received: (qmail 47392 invoked by uid 1026); 31 Jan 2014 06:52:03 -0000
Received: from c-67-171-0-90.hsd1.wa.comcast.net (HELO [10.0.1.141]) (67.171.0.90) by mail.theartfarm.com (qpsmtpd/0.94) with (AES128-SHA encrypted) ESMTPSA; Fri, 31 Jan 2014 01:52:03 -0500
Authentication-Results: mail.theartfarm.com; auth=pass (plain) smtp.auth=matt@theartfarm.com; iprev=pass
X-Virus-Checked: by ClamAV 0.98.1 on mail.theartfarm.com
X-Virus-Found: No
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=tnpi.net; h=content-type:mime-version:subject:from:in-reply-to:date:content-transfer-encoding:message-id:references:to; s=mar2013; bh=kEirEmjMpaJ2yaMtvHGW/ucTo1ny0hHoI+1xHsB8S5k=; b=J2nVKZHvW3VJJ11W740wPdM0jWfVPofJ/2SBgIHC3QUODR5viSlI4OSQ+9+vTMYzf41xRAATDUSb8N40n9KaJ95PLyWxpRk3E+f8itvDuWb4ouV3qLcCQTvhUWlmFCMSGFdaEAStG2VjrwZfpfjXgivJa0vm2i73UgITaBgft7llFSRCcfco4WxGaTWSsfzsuHmPGphfupV0f1FyeKAUEB991fPPhNYkjBA8fazOM25Yz29MqQJJQfrQRFddqhoj73tdXR7E9FpPNtHd4RCKCHPvrbWTd921VQVtsLq2JGNKN3kPg2HW5gruY571TW1PjZkGla1wySSOIOEJcJ64ag==
X-HELO: [10.0.1.141]
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Matt Simerson <matt@tnpi.net>
In-Reply-To: <CABDkrv2d=T9+bJTZr5Qq6dzANj7L5dLBnPb=V436ayh-6QX_mg@mail.gmail.com>
Date: Thu, 30 Jan 2014 22:52:07 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <A13B6466-933F-4822-A8A0-2136B58ABEE7@tnpi.net>
References: <20140130220330.GA25608@roeckx.be> <52EACDBF.2050003@bluepopcorn.net> <20140130222320.GB25641@roeckx.be> <WM!6bb3f78a7feaec45cd6e16db08822359f618288053561e2a2c08e397644e063795fab5be7076e0d2e8163de4e710e3ff!@asav-2.01.com> <1762762424.26365.1391121588323.JavaMail.zimbra@peachymango.org> <20140130225152.GA27685@roeckx.be> <CAL0qLwbpy7R0gF9YPXJwFqrYr0F_ESxjLFS7ZSaxxTHpBF6KPA@mail.gmail.com> <20140131001732.GA29928@roeckx.be> <CAL0qLwaZfyTYkUcowWSOBtmC-UQFHC70CO+9cPfyyGRpRM3WLQ@mail.gmail.com> <CABDkrv2d=T9+bJTZr5Qq6dzANj7L5dLBnPb=V436ayh-6QX_mg@mail.gmail.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
X-Mailer: Apple Mail (2.1827)
Subject: Re: [dmarc-ietf] dmarc and forwarding
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2014 06:52:08 -0000

On Jan 30, 2014, at 10:38 PM, Mike Jones <mjones@agari.com> wrote:

> One point in his reply I will disagree on though is that domains without a current spoofing problem should not implement a DMARC quarantine or reject policy.  This thing about spoofing is that one never knows when one will become a victim.  We often see domains that go periods of time without a spoofing issue and then are hit hard on one day.  If the your domain has excellent SPF and DKIM with a high overall DMARC pass rate, you have fully analyzed your DMARC reports to understand the risk of failures due to mailing lists or forwarding, and everything looks good then why not protect yourself from future attacks with a DMARC quarantine or reject?  

+1

Matt