IETF Logo Mail Archive

Re: [dmarc-ietf] non-mailing list use case for differing header domains

Jesse Thompson <jesse.thompson@wisc.edu> Sat, 08 August 2020 00:24 UTC

Return-Path: <jesse.thompson@wisc.edu>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7344A3A0A69 for <dmarc@ietfa.amsl.com>; Fri, 7 Aug 2020 17:24:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.048
X-Spam-Level:
X-Spam-Status: No, score=-3.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.949, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wisc.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WuxtgNAyZw7m for <dmarc@ietfa.amsl.com>; Fri, 7 Aug 2020 17:24:39 -0700 (PDT)
Received: from wmauth1.doit.wisc.edu (wmauth1.doit.wisc.edu [144.92.197.141]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05D313A07FB for <dmarc@ietf.org>; Fri, 7 Aug 2020 17:24:38 -0700 (PDT)
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam08lp2174.outbound.protection.outlook.com [104.47.73.174]) by smtpauth1.wiscmail.wisc.edu (Oracle Communications Messaging Server 8.0.2.4.20190812 64bit (built Aug 12 2019)) with ESMTPS id <0QEP00ABVYH1SY30@smtpauth1.wiscmail.wisc.edu> for dmarc@ietf.org; Fri, 07 Aug 2020 19:24:37 -0500 (CDT)
X-Wisc-Env-From-B64: amVzc2UudGhvbXBzb25Ad2lzYy5lZHU=
X-Spam-PmxInfo: Server=avs-1, Version=6.4.7.2805085, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2020.8.8.1518, AntiVirus-Engine: 5.75.0, AntiVirus-Data: 2020.7.21.5750001, SenderIP=[104.47.73.174]
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G7CC2h2XSN1EHrB5KEDREjDwKcH+PJxgW/H0NzvYTI2hHQHS5371RED/KUHmQJiJeIrRBfNQzKOj+jpthdgNpkkj6/6nygtTSVhglDqz0V6Y2spOd/uyk9Ric3Tm38PVxde/cJ/iMcj1pT1Re2lS+EpQ+qLKqs6GyqA8WxAAt4Mrzq3LXKnIcA2Am3+yu89wxYkBD9mXarZIeMo8DbmkNGepwpzlg2sYl5opqVCnbROMIr20de+PnlVplIM7hO4Hho+tcs+TuDf7+D9cbwo0kVmzHPKI7rLX8dV/3uYP9yZ66nnljsswe4PFaRKRHo0wiSyUU3gh0TykPnNgKlIvRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9VyYVayHZc/cGwTDpomq/kI8BkDmk4TgZ68XoOosdws=; b=QJwLcZhBrvkFOn03LUQCYtpCf8mz4aPzwkTr3++p20SvgH34Mwkor3favnb0loHmN/rW2ezfEoetleeuvPLZeiiyjDtuTbtTqt0zH2GHg8ZGpFo20dwPouPE9Sf3PEy4yNUb3XdLzHVQj8sleEDuWQN0yahb1yNL4nolKRRT+ycM5I3CQ6ulcMtYV1WorIqkRi7RAjE1R0lyhqIHpqHvkzmVyobehSoE3be+qEy9s5LFW7hNtxmuFfsGXMLmKozH4EZOZYi0Smb9LlShdDA+2ZG/26NDu+ROH/y/fhC+2LDgTGVkDOTKczuNEGdaWWfpNoXgUcIf7bdNm2lba1eWvw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=wisc.edu; dmarc=pass action=none header.from=wisc.edu; dkim=pass header.d=wisc.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wisc.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9VyYVayHZc/cGwTDpomq/kI8BkDmk4TgZ68XoOosdws=; b=N5ZjeTg3uXVI2n9ztvZ2Fg7lralY0JbKMP85FEzqiMYwDLZbkRHgJBX8fDX4jHHrEBWg3FQ+RV1IkaMu/yr1XAbvmmjecUCdoSjqp0K9/PLa5wVw+Ri7qmF5ePUnFB1BH9Eg3IDt9wqzfUwkZbqsDS4UG21uCLzWiHnhh9hzrf4=
Received: from DM5PR0601MB3671.namprd06.prod.outlook.com (2603:10b6:4:7b::16) by DM6PR06MB4396.namprd06.prod.outlook.com (2603:10b6:5:22::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.20; Sat, 8 Aug 2020 00:24:36 +0000
Received: from DM5PR0601MB3671.namprd06.prod.outlook.com ([fe80::a92c:9a15:1bb0:4bfa]) by DM5PR0601MB3671.namprd06.prod.outlook.com ([fe80::a92c:9a15:1bb0:4bfa%7]) with mapi id 15.20.3239.024; Sat, 8 Aug 2020 00:24:36 +0000
To: dmarc@ietf.org
References: <20200807191216.43E971E4014E@ary.qy>
From: Jesse Thompson <jesse.thompson@wisc.edu>
Message-id: <78fd8b26-0bed-ac36-842d-a851ec04d8b5@wisc.edu>
Date: Fri, 07 Aug 2020 19:24:20 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:81.0) Gecko/20100101 Thunderbird/81.0a1
In-reply-to: <20200807191216.43E971E4014E@ary.qy>
Content-type: text/plain; charset="utf-8"
Content-language: en-US
Content-transfer-encoding: 7bit
X-ClientProxiedBy: CH2PR05CA0067.namprd05.prod.outlook.com (2603:10b6:610:38::44) To DM5PR0601MB3671.namprd06.prod.outlook.com (2603:10b6:4:7b::16)
MIME-version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [146.151.213.183] (146.151.213.183) by CH2PR05CA0067.namprd05.prod.outlook.com (2603:10b6:610:38::44) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.6 via Frontend Transport; Sat, 8 Aug 2020 00:24:35 +0000
X-Originating-IP: [146.151.213.183]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 4d686448-23f2-4b83-8a96-08d83b316e09
X-MS-TrafficTypeDiagnostic: DM6PR06MB4396:
X-Microsoft-Antispam-PRVS: <DM6PR06MB439662DD84A5750C069311F3F6460@DM6PR06MB4396.namprd06.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: JSJq/DOPRyHzaz30mAxmeE/IZwYUAJ/vd5pPgGr+XBfTxdimlDB9D1mcy1UWm4gC3qO+/R5Cl3LE05qaI/8ccXaRj48MBT1Q+qQbJFudVl/gJ/DJGsLUmxdwmdakQZsNSBlOyx6Q/TL0e56nhsVQooyEekOkR6o0z+WET7kzOJArxey8N+oGZ9s/LVdwzOKo1vPKHZoibPYd8kQHiyaTNG84MKib7Oh6XfEIvqxIeQ0cO7eWwEP1jxZEdAMOu1U2MwJHz9mXUboMDvxDTOUzrfpNa48VzuCqr9KK6K09coG1bQ5VIkKMYMWKC9Osza0qwDEl2PUmlIXn0YNu3OQ4/Wy51b8wlXktResj7HwJdzPRMXTo7mqfO0hChJk0+WL2aibCMKliK65rfoFBfJU01js4wVfTo4dIf5FA5OFWCrkBFHveWJsbv1u55lNKUXqiPZtQYL/01XI5yb/CQ809eP/6rcHACBcOBzj/Ow0goyE=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR0601MB3671.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(346002)(39860400002)(376002)(136003)(366004)(396003)(45080400002)(6486002)(2616005)(6706004)(75432002)(2906002)(5660300002)(31686004)(8676002)(186003)(16526019)(26005)(6916009)(53546011)(478600001)(66476007)(66946007)(44832011)(16576012)(956004)(86362001)(786003)(31696002)(316002)(8936002)(6666004)(36756003)(66556008)(83380400001)(3940600001)(43740500002)(130980200001)(223123001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: Q1Zm7mmfkO+C3aiYNKRfvT88yfZoFsobfn6P0aD3rmdvPMq0KMd2YaMPP+DGIS0j8xD3YC1Rf05JjCdXpJc2xYAzYC2ffHdl7kLj37Sn/O0V2KBr8zwVllFoQWFPmUET3xWTIMMe6m6Q5wMN6qKSivBcBJ1qaHV9+PCPqp1e3tDY/iBt68gWqEXzVAF8SGRkl/q4KygvoIUBp/xginD2weGK+9VVFbShzZINO2AwEpcXpC5Ml3R0OkUhwCG7vDVSXcQpPHbf4bTq0Xd5YisLlRBYW8diUhvbBRnUlZdG8GnpNbQohtFBVMUJNO38A6zaiuptTkwGcfdATSRl1w4OtHue+mZg0TIZGgBozuw5lm866tQIqs0Qe2Q3VM0jrb6gqIDEkUGGYlHulwZVmCnlKD8DNuJw9OWKBhvmYLhhCbluwp3Rqvg9z/OKHeHs/0dlpDqwcd3+XhgySXpyzxHVeuvkAJQkmdIqSwJJHQ7K1new0HUIhQaM4IK/cMpyQ1PLKu7ivTpaH9oDAt7AVfh7iSz4kob52HHGYobaoxaVbsrfw0OY4DEpLERRgHEo4zy2B0tQAV3T24WGveudFMOHnFi8xeMP/1/N/f9fztP6tjcTVZKaER3e3647i+4e18tk8Wc9itPy4OxtXB5CUzvrYg==
X-OriginatorOrg: wisc.edu
X-MS-Exchange-CrossTenant-Network-Message-Id: 4d686448-23f2-4b83-8a96-08d83b316e09
X-MS-Exchange-CrossTenant-AuthSource: DM5PR0601MB3671.namprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Aug 2020 00:24:35.9529 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 2ca68321-0eda-4908-88b2-424a8cb4b0f9
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: lov2WmgsPfTGatPwmOmR/enuXlAq0wgQj675QhwxWHIuVFHgW+rTWWMYimT/WungL3sB9mvEXJMgi5abSf+xKg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR06MB4396
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/9sgmW0utaJYhOVVH29dKYcvyrus>
Subject: Re: [dmarc-ietf] non-mailing list use case for differing header domains
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Aug 2020 00:24:40 -0000

On 8/7/20 2:12 PM, John Levine wrote:
> In article <BY5PR13MB2999AD95B4BD7C80971FDA4FD7490@BY5PR13MB2999.namprd13.prod.outlook.com> you write:
>> I feel like what is happening sometimes is that central university IT is trying to drag their whole institutions into a
>> more secure posture before anybody in a position to stop them fully understands what's going on lest they be told to
>> stop because it might make things a little inconvenient.
> 
> I was with you up until that sentence, since it trivializes the real
> problems that overly strict DMARC policies cause.

Maybe Autumn was reflecting the reality that the industry has already trivialized DMARC problems for these "misdeployments".  

 
> Just yesterday I was sorting out a problem with people trying to
> finish editing a revised IETF standard about real-time web
> applications. Some of the authors' messages were disappearing,
> apparently at random. I saw what the problem was, one of the authors
> is at a big company whose IT department insists on p=reject (and has
> blown off complaints from fairly senior people about the problems it
> causes), the other uses an MIT alumni address that recently moved its
> hosting to Microsoft without telling anyone that the new host enforces
> DMARC policy while the old one didn't.
> 
> My guess is that MIT figured Microsoft will host this for free, that's
> great, totally unaware that some of its users' mail would silently
> break.

Customers of Microsoft don't like to call things bundled in an expensive package "free".

My peeve in recent years is that universities were essentially coerced (economically) into being the customers of Microsoft/Google and then the email admins are told to sit down and let the adults talk about what they think customers need from DMARC, ARC, etc.  It's why I'm constantly sticking my foot in my mouth here and M3AAWG; trying to assert a voice.

We need faculty/alumni/emeriti forwarding to work without being told that Microsoft can't do it without breaking DMARC.

We need spoofing protection for all of our domains without being told we're misdeploying.

We know that we need advanced local policy controls for DMARC enforcement and we don't want to be blamed when the vendor doesn't give us those controls (to your MIT example) 


> I told them as a workaround they needed to directly cc each other when
> they send anything to the group list, but the whole thing is a
> self-inflicted wound.

Maybe it was inflicted by the domain owner onto the person maintaining the mailing list.  (In my experience, this is where people realize that no one has been maintaining/patching the mailing list, unaware of DMARC, etc.)

Again, I think MLM header munging is here to stay, and list recipients needs to get used to it (I'd like p=quarantine pct=0 be the default behavior so that domains choosing to misdeploy DMARC aren't second class).  

I'd like to see a way to un-munge mail from trusted intermediaries, but that sounds impractical.  

I think ARC has promise but it has some challenges that I hope can be overcome; notably a mechanism for the receiver to indicate trust to the intermediary (so that it knows it doesn't need to munge).

At that point, I can start to figure out how to deal with the mailbox-level forwarded mail for faculty/alumni/emeriti...

Jesse

v2.23.0 | Report a Bug | By Email