Re: [dmarc-ietf] Ticket #1 - SPF alignment

John Levine <johnl@taugh.com> Tue, 02 February 2021 17:49 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34C123A0CC7 for <dmarc@ietfa.amsl.com>; Tue, 2 Feb 2021 09:49:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.851
X-Spam-Level:
X-Spam-Status: No, score=-1.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=Aj33m1GB; dkim=pass (2048-bit key) header.d=taugh.com header.b=ig7Wrcoy
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VRfp3ovWfDKi for <dmarc@ietfa.amsl.com>; Tue, 2 Feb 2021 09:49:12 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AEBD3A0CC4 for <dmarc@ietf.org>; Tue, 2 Feb 2021 09:49:12 -0800 (PST)
Received: (qmail 60833 invoked from network); 2 Feb 2021 17:49:10 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=ed9d.60199096.k2102; bh=u5LR74786h+tiZ9mc6lLJgO2D9ZC65OEqqabG+iFtSc=; b=Aj33m1GB5BRcleLwpETssyUFa3TxURhEgmsfpIFixAP+sXfDBeYJRUH+ct4ZYvCfsfAjZXe6ZEdSsY25bMVu3mgGiAgVRNfZfdRZnOrIW3Q2WvhC002UtepNQBVJ/t9ne2nkQMaoZPgm1oAAjTiIjNqO5guQb1zeCGUQieG6UsRrk0IyyOtrz/Z/7ICIbzHgAorInAXRKQ11wumvT4ZEfur5EZmF8/s89fsNLXBA4S5hgmq8ShSLL8fVQAd/97hg3cn+BxaYuUyBy5x1a25RmzC8AwURLRlek0DSOgygU5GVq9NOifudeOlJWXHPEeK32vVgBBBhb87FJeN0+1sgQA==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=ed9d.60199096.k2102; bh=u5LR74786h+tiZ9mc6lLJgO2D9ZC65OEqqabG+iFtSc=; b=ig7Wrcoy8KsAk6YCEWq8u+uD0cSFjAlNr1vQTikaYFHqkPYdB1geQN5ULdcqOTKD7F9xE+1VJ9XixjRBjVhlaoD4riHbI19VsSMs8pGZIa4VxdFbiQcqx0lE/td4d0pmWvNwuBmw11KsBK83cwEWCa+L+/HVbAsNO41EMwb15erKAD2TIUNYcSggumxM5eOw8BE2P6i5K0anDImkCBREN09tVV9NcW45VSODYX+3AqpRc+MsfbA3j6Lc5jkMNmKBkX1vdLM0pCWe5fgzYe6jH9aYZnPQWlJbiB7SO9XwI8hqd7g3/49hvGw4VmPVId4JqmIZfwS9/TAQ9sFMa4T5wg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 02 Feb 2021 17:49:09 -0000
Received: by ary.qy (Postfix, from userid 501) id 517906D2C88B; Tue, 2 Feb 2021 12:49:08 -0500 (EST)
Date: 2 Feb 2021 12:49:08 -0500
Message-Id: <20210202174909.517906D2C88B@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: vesely@tana.it
In-Reply-To: <2e39680f-ed2d-fa38-daaa-7e0627cf0fc7@tana.it>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/9eghICgpldyoZ-0TXt7UUS4mTio>
Subject: Re: [dmarc-ietf] Ticket #1 - SPF alignment
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2021 17:49:14 -0000

In article <2e39680f-ed2d-fa38-daaa-7e0627cf0fc7@tana.it> you write:
>> My MTA adds an SPF clause in the A-R header whether or not there's a null
>> bounce address.
>
>How can it report, say, fail for helo and pass for mfrom in just one clause?

It doesn't.  It reports whatever the SPF library returns.

I'm fairly sure that every DMARC implementation uses an SPF library and uses
whatever the SPF library returns, so I don't see the point of this argument.

>>> OTOH, properly implemented SPF verifiers could skip producing a Mail From 
>>> result if the helo identity was verified successfully.
>> 
>> No, they could not.  That's not what the SPF spec says.

Sorry, that's not what the DMARC spec says.

Once again, what problem are we solving here?  Can we stop now?

R's,
John