Re: [dmarc-ietf] Add MLS/MLM subscription/submissions controls to DMARCbis

"Brotman, Alex" <Alex_Brotman@comcast.com> Mon, 01 May 2023 13:49 UTC

Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F687C13AE25 for <dmarc@ietfa.amsl.com>; Mon, 1 May 2023 06:49:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.093
X-Spam-Level:
X-Spam-Status: No, score=-2.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com header.b="SFW6eV3R"; dkim=pass (1024-bit key) header.d=comcastcorp.onmicrosoft.com header.b="bm+r9qxz"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2uo9QOTrT24t for <dmarc@ietfa.amsl.com>; Mon, 1 May 2023 06:49:15 -0700 (PDT)
Received: from mx0b-00143702.pphosted.com (mx0b-00143702.pphosted.com [148.163.141.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BFDEC15155B for <dmarc@ietf.org>; Mon, 1 May 2023 06:49:15 -0700 (PDT)
Received: from pps.filterd (m0156896.ppops.net [127.0.0.1]) by mx0b-00143702.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3419x7S9009473 for <dmarc@ietf.org>; Mon, 1 May 2023 09:49:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=20190412; bh=xmHZ688cbArbvw/K0sUUDEqUT50n0inPixAvqeIbKYU=; b=SFW6eV3RCKLd8PTrboHx01J1qm1LB9JmYeebjgQ/QRmmGc7ZB97G5NDrb757OVotEAsU U/k/5u5EaIzw7ZP3cYydeIElf4IRLtXztn37i0CW8jYFRZp2c2eXdRciCc2DyAfAeS6u M+gruMG9Tlqb8shyFOmQi/XaUPVxAlbIsFUXd62xnkqP1bVNp1SQMyk6+UDIfD16u5V4 T/27/S+KujaVvP9RFR0Av84ghCOtGlrpDBnP0vJp9NHuLJFTMJ7lPEb9H7p7wIZM1rzn JbZTRt1DL4iqxPRQOolgmaCEC53npM+NxlmUP5nxif/0odX92R2XrtK8+QeJuOziiDWY +w==
Received: from nam02-bn1-obe.outbound.protection.outlook.com (mail-bn1nam02lp2046.outbound.protection.outlook.com [104.47.51.46]) by mx0b-00143702.pphosted.com (PPS) with ESMTPS id 3q8x8cc45n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <dmarc@ietf.org>; Mon, 01 May 2023 09:49:14 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jLCv3kPvL8CP0RQzeH1gT9dD6HyPrc7zjc2KIYky1glDde99WB1JY8NBNENi0de32DuoxDeGXsoRBiQc9r3OTghU/WkUEymrfkBWAxJx8YJB6UQ9vFsR4m/nKj810gJeybcOL7ULohBX+pcpB1CE/kQTvGxu9PY3HXVgQASqiTrLt0dTQxAXVeyeDMXU0iSEFH10RA/YsvwIPs4wIyrHfGPdobQhF73fbwq1svUULKTGeQc4WSW2ndZ6FBmVfyNcGA9zZ9UwpjNOPNGADZslszlf/AZu7uEItr9uDamJPKHp05u7CgRYh4SrZFKEN+fiCx4weVX5ExaYj0sf1o1Q6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xmHZ688cbArbvw/K0sUUDEqUT50n0inPixAvqeIbKYU=; b=eMsaGUfFrWDpkhV3zKLPnnawsMgozh5wuKwp+Iq1qlHncy1EvafVkTyfStaiuQ2l+sMCiUgkKpIWhjiVFmlKM2W+bNi2Ta9FivdOxRmbUCv0VbPkEXX5ZuCROAPACsVb7Ars3PSvoxPPxH2E4TxsSbQs9XyVTQOW5MK+J4sbQ0mG9Z0MH/7XqfoM1RllJCPgIDW0lyo8sRuQawTdvSjxB7dMzPAeaVms0uCxQNaKTYtSt5ytmmmcj0gVvc95GKEmZhRXkvKGTzlsOFuHaj7FPTVxb4IWXQX/KO78ia9BmR4rtpT0Zum6RMZGEdD/T4LZaDZSZhP/bziHj3nAfJdADw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastcorp.onmicrosoft.com; s=selector1-comcastcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xmHZ688cbArbvw/K0sUUDEqUT50n0inPixAvqeIbKYU=; b=bm+r9qxz1Jly5wr/e1JyAPnMK2x16oBVy2YIuq1XOJIXXdbz4ZmI8Vb+zzLlZKPZjlg/gGpCmiVQuYLQiwF5Q0cQx1iFxcJHRFS2VyYgncV4D09mMLTe90RasuCgqcU0RfuBuqcMC+cLOckeSpemh4FjPT5xFUlFy7UM1xzZllg=
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by DS0PR11MB8208.namprd11.prod.outlook.com (2603:10b6:8:165::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6340.30; Mon, 1 May 2023 13:49:10 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::5acd:7431:27b0:8d40]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::5acd:7431:27b0:8d40%7]) with mapi id 15.20.6340.030; Mon, 1 May 2023 13:49:10 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: [dmarc-ietf] Add MLS/MLM subscription/submissions controls to DMARCbis
Thread-Index: AQHZe8ClIWRLWLtOPECo4xFunlcaUa9EqDEAgAAIo4CAAI2LgIAAKyAAgAAFLOA=
Date: Mon, 01 May 2023 13:49:10 +0000
Message-ID: <MN2PR11MB435152293B779BD3B6DAA904F76E9@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <CALaySJ+NBg9vzqa0_t-sBf7EKXQ3A=DTyy-Vc7M-ZK9-vfJxmw@mail.gmail.com> <29216533.CRhL9lMF2B@localhost> <3141092.K83ThNGNZP@zini-1880> <CAH48ZfzS+MCC4-Dk3mZhF_bwc9hzWowApgPG3am14bjB9ZDz3Q@mail.gmail.com> <630A8A65-E04D-4C48-AE80-516F610EB93A@isdg.net> <CAH48ZfzmQJBb3xNSvVn84wpwf5SK2F0RSNQnSNObtxKfdHaY1w@mail.gmail.com> <B4E79EF6-E5F5-4969-824A-329576ECF20C@isdg.net> <CAH48ZfxaW5qO01HO-ESj4Sgy9gHM2rx8h_zA2-vHdS0s=yCcBg@mail.gmail.com> <CAFcYR_VBXmqT++8bS94Q1v9MPoHLXYn-0yCWy5U4FMj4gY6=XQ@mail.gmail.com> <8d9eda3e-6d72-ccbc-41ee-148a75698682@tana.it> <644FBDF6.3000207@isdg.net>
In-Reply-To: <644FBDF6.3000207@isdg.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_ActionId=e7a6e6ca-e36b-4e10-9abd-b3b868edf2dd; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_ContentBits=0; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_Enabled=true; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_Method=Standard; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_Name=Confidential (C); MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_SetDate=2023-05-01T13:44:44Z; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_SiteId=906aefe9-76a7-4f65-b82d-5ec20775d5aa;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR11MB4351:EE_|DS0PR11MB8208:EE_
x-ms-office365-filtering-correlation-id: cae389aa-2214-4ca0-2581-08db4a4ad727
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7wIYkBATMJdZhJ3nZOsToHnZCKcOOvQukiufPKlQutNS70SsTBGZA9sfE/CY20Bax1Ov4hOlZkOB7yvlOXj0l33WwtKkQpSn05zuHt5JwByIrG8NmNVU7VysXngXUpXUcynjacq5MQtZgfzC7ypqHP5RKg6GHtt5sRCQGtIQhWkluEiadmyp0PrN4Z13wlCpKtQwaAjnH1QVLDK3zWBDkHcsvQM/WYQJU0fNQ5tBGse80GZrSqikJw5ywXDRYevs5YSKDHC6NzZ/LFwFJRNpIDs6layNOwdprzgMvshuaUw3wlP5CXva0DQHuiMZ7NnHtIzs0ysZhmK21Gv7FMM8l9YbPy8D/o5ATQVezceW2hM+XQS1Es7FKR7ehL0DeI7aoZSc4jkYOae1CDie2C+O+snNyXEgCpmhQtaDExjl+BkGZ9kk3PNaQcJFYKVds6utH7/K1ACeeyvsr1e1i8ud4w4Vhye4KhZNL8JfEObOher4eA6JX4TXtnyYK3Zw/oIh4LX0dfQ6+I/jipLC5w9VMWvPdc4w7MTqubm4y/2XMNxQRDQwtQ9cBSi089yPqAffxuvLqsCm3RbLNEY70lrmRBYscYJ6v1bcN2c3oWg9ufyJgOrxCxUV11wWqm3PUrrUaCH4/WUEWdwfTlchfvxzmw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(39860400002)(136003)(346002)(366004)(396003)(376002)(451199021)(83380400001)(966005)(7696005)(71200400001)(6506007)(186003)(9686003)(53546011)(52536014)(2906002)(33656002)(5660300002)(38100700002)(122000001)(66446008)(64756008)(66476007)(66556008)(66946007)(76116006)(82960400001)(6916009)(41300700001)(8676002)(8936002)(38070700005)(55016003)(316002)(86362001)(478600001)(66899021); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: WTlz6lZx7dLuB5QspZQ+qQp4WD5+gNgjk3nNrt1GUGcHUdMMGlJvTztRVPhuzz7vlGMOSDkKdaWmgYBM46vUtLaFW1zmqyVKWS1kZlPI2luHnpxGWMFnoQqRm5QIXH/2HUWEkMkzpqelizRVpslv+l8Mp/ENk60D1xmI3r5YOXo8zPMhyjvhIjmtnDfkJl1GVmW61/mDx6jQ123q22DCNhm8+0Rp4lHEOaWH/5XyiGqPhBpCcEjNOace7fchF328PGJLAzoGbv3AZtPH+k7Jik/NGFgdMsAehrhqY22jT22addhB2bdqgIHtPAO0QpTwVbLZNqT3ZpGbVQFUc6f+x6TyOtVezCR22R0QO+HzRKyJ5Nax0DNN3lpa/V4dcZDXK7ot1h5xqtpqtiqeSfqfpY80BQJSH0oQRt58pIjX5EbyzXA78zItdy9M5pGdSvs6i3zFvwLOUgTV7ZntAOVPohxw9zunWj/aCGOIys7Wv+AIi3rDESu9I7lqybU1lQlvoh5jcd5GC+mhc2uzxZ5knX8Rd3tHQUcEhLqUivsph7OFS1m9ZSIAzTb/btU9GkCfq6pUyGJeScv+T84g8qv4678IDHKAcibhMrVyQ+7oab3ULlPkqQBv1wJNAvuW9+KjjCaJA5IuMy6qF/+0SF3tgGNJ1JuinP74cbJbMhoQYWUeQgfW99Tkyb+Zo+9BGvURPGM02YBUiD4u6KZQOQxVhhejCpndV9HQnaR+AkbdTTloNFFrUYB8/L6SFTf/iYbCeXXvbyQrRYXHqmhjVkz7FtkcZqrNQR8My7hN0NdJtKMVQSWbS24rVIducZ1u4cd/1weX5nPGIF81GEBHFJKepx6dr9D8/k1/AMGTWOrYfk3PvP+ZtzqA1+e4hVwh0DrDOohZzipP4bKb8UOIDwHuB33v2/BZDFtCBh8rzi/Qie5aHfat0QUuYVY+AZHyIU8OIaVmVyF0O4iFm5jkIPFC3BfPKcTR+VK6OQglKXrjWxDHk/a09gfSW8+7eMeR6Pyb99v/OVuZETrxER483QF7N4BFspfjq3wuaQpMkTxfJehYlU8uokpTKwkmuzKSPKAxAcM7cmtWcHa/6tAxLuKyunPBwHeCPy1ihhqDUkcjEtcIUiDIHyQGSXyrN1pK19dCHuCn8yDqxy9XgF6L3ct8flQQFtelsy3PFBRdGomShsXjRaF6yCiLkG95nwGBWQQCHUsuddUrKbJutDyxZBhffbn1gutNw/Mbpxiw8K+Wx0lDdcnAGQpgnmuxKKjnoz1TGhRJkPoFxSAU8DiHf23WkXXsGWNWHFEVIXK7Xvyw3itrSWQQac14/ayL14CfCMklNbobC9SDdbeP96ELod8VF+5ulgrJmF2bhE/k6LCj1P2S/j0V49zH/tjYPNUtqwQEAbeukgZ189JHeV9HExihF0jkXm1isPExBzELTVhK5pyYt+BkMySzil37yfwId0RqRmXjKlQDPRO7NPSueVz47066KI8cTkbOrVnbjDncc5OyY9ejb+sdLqBWvJbb7ia6wcmYuwC+BkpxHeReBhB4IlRht5V9BNrDanamcMxzQqXv2GLlubIPOffnqopngt45txQdgUAWqyysMOWFUrqBPJJoUSemyxbFLgY9GIqXZxvOMZAIT6R4//peyXuOO6V4
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: comcast.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB4351.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cae389aa-2214-4ca0-2581-08db4a4ad727
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 May 2023 13:49:10.0542 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: x+DGdEbbdLxYEcfBudoiLMTHhiY9sEySPm5msdya0d5BZmAX5J2bBxdzkpBfiVo9FhwD2rlw4Go3h/n+M0QfOBo5xOnujSrhKQCqA8P/wZU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR11MB8208
X-Proofpoint-GUID: -XotXJ_xzCGCortdG5ijYFOkITAR8c4Y
X-Proofpoint-ORIG-GUID: -XotXJ_xzCGCortdG5ijYFOkITAR8c4Y
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-05-01_07,2023-04-27_01,2023-02-09_01
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/AA4fMANXDZF-ykZRwVSaGTmfZI8>
Subject: Re: [dmarc-ietf] Add MLS/MLM subscription/submissions controls to DMARCbis
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 May 2023 13:49:20 -0000

This sounds like a separate document to me. (yes, I see Ale's draft below) And IMO, I don't think we should hold up DMARCbis for that work.

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

> -----Original Message-----
> From: dmarc <dmarc-bounces@ietf.org> On Behalf Of Hector Santos
> Sent: Monday, May 1, 2023 9:26 AM
> To: dmarc@ietf.org
> Subject: Re: [dmarc-ietf] Add MLS/MLM subscription/submissions controls to
> DMARCbis
> 
> On 5/1/2023 6:51 AM, Alessandro Vesely wrote:
> >
> > Been there, done that.  For the message I'm replying to, I have:
> >
> > Authentication-Results: wmail.tana.it;
> >   spf=pass smtp.mailfrom=ietf.org;
> >   dkim=pass reason="Original-From: transformed" header.d=google.com;
> >   dkim=pass (whitelisted) header.d=ietf.org
> >     header.b=jAsjjtsp (ietf1);
> >   dkim=fail (signature verification failed, whitelisted)
> > header.d=ietf.org
> >     header.b=QuwLQGvz (ietf1)
> >
> > However, not all signatures can be verified.  Mailman tries and
> > preserve most header fields, but not all.  For example, they rewrite
> > MIME-Version: from scratch and don't save the old one.  So if a poster
> > signs that field and writes it differently (e.g. with a
> > comment) MLM transformation cannot be undone.
> > https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/draf
> > t-vesely-dmarc-mlm-transform__;!!CQl3mcHX2A!DfPhD9QIFk5QZaU-
> JPkz748sZC
> >
> QtLXqL1FIxGonW_xDwc9pXdioEnY546GZUnzjzSNW1BdDF27VjLabqZaB5XtMgrS
> WZ9HPP
> > m2s$
> >
> 
> And this was my result for your message, separating lines for easier
> reading:
> 
> Authentication-Results: dkim.winserver.com;
>   dkim=pass header.d=ietf.org header.s=ietf1 header.i=ietf.org;
>   adsp=none author.d=tana.it signer.d=ietf.org;
>   dmarc=fail policy=none author.d=tana.it signer.d=ietf.org (unauthorized
> signer);
> 
>   dkim=pass header.d=ietf.org header.s=ietf1 header.i=ietf.org;
>   adsp=none author.d=tana.it signer.d=ietf.org;
>   dmarc=fail policy=none author.d=tana.it signer.d=ietf.org (unauthorized
> signer);
> 
>   dkim=fail (DKIM_BAD_SYNTAX) header.d=none header.s=none header.i=none;
>   adsp=dkim-fail author.d=tana.it signer.d=;
>   dmarc=dkim-fail policy=none author.d=tana.it signer.d= (unauthorized signer);
> 
>   dkim=fail (DKIM_BODY_HASH_MISMATCH) header.d=tana.it header.s=delta
> header.i=tana.it;
> 	 adsp=dkim-fail author.d=tana.it signer.d=tana.it;
> 	 dmarc=dkim-fail policy=none author.d=tana.it signer.d=tana.it
> (originating signer);
> 
> Four signatures were added to your submission and the only one that counts is
> the top one, the last one added.
> 
> It failed DMARC because tana.it did not authorized ietf.org.   You can
> easily resolve this by adding atps=y to your DMARC record:
> 
>      v=DMARC1; p=none; atps=y; rua=mailto:dmarcaggr@tana.it;
> ruf=mailto:dmarcfail@tana.it;
> 
> and add an ATPS sub-domain record authorizing ietf.org in your dana.it
> zone:
> 
>      pq6xadozsi47rluiq5yohg2hy3mvjyoo._atps  TXT ("v=atps01; d=ietf.org;")
> 
> Do that and all ATPS compliant verifiers should show a DMARC=pass:
> 
> Authentication-Results: dkim.winserver.com;
>   dkim=pass header.d=ietf.org header.s=ietf1 header.i=ietf.org;
>   adsp=none author.d=tana.it signer.d=ietf.org;
>   dmarc=pass policy=none author.d=tana.it signer.d=ietf.org (ATPS signer);
> 
> 
> For a short list of signers, I updated my DMARC evaluator to also support ASL
> "Authorized Signer List" to avoid the extra ATPS record.
> So doing this will work across my evaluator for smaller scale mail senders
> 
>      v=DMARC1; p=none; atps=y; asl=ietf.org; rua=mailto:dmarcaggr@tana.it;
> ruf=mailto:dmarcfail@tana.it;
> 
> 
> This will skip atps=y because asl=ietf.org was satisfied. It was show
> how it was authorized:
> 
>   dmarc=pass policy=none author.d=tana.it signer.d=ietf.org (ASL signer);
> 
> 
> Any ATPS or ASL idea will give us the author-defined trust of ietf.org
> as a 3rd party signer.
> 
> That said,  keeping with the suggestion DMARCBis should add MLS/MLM
> semantics, I believe when the Receiver is receiving mail for a
> MLS/MLM,  it should have the following updated modern consideration
> for a MLS/MLM:
> 
> 1) It should honor policy first, by check for restrictive domains
> 
> 2) It should honor the domain restrictive policy to avoid creating new
> security problems and avoid delivery problems.  This means to
> implement subscription and submission controls.  DMARCbis should pass
> the buck back to the restrictive domain who must deal with user's
> needs or not.
> 
> 3) It should check if the submission's author domain authorizes the
> MLM signing domain by finding a ATPS record, if so....
> 
> 3.1) it can continue as the 3rd party signer and also keep the From as
> is, unchanged, or
> 
> 3.2) it can also consider to rewrite.  If rewrite is performed, the
> signing domain should have a security that does not allow any Display
> Attack Replays with the now altered 5322.From identity.
> 
> 
> --
> Hector Santos,
> https://urldefense.com/v3/__https://santronics.com__;!!CQl3mcHX2A!DfPhD9
> QIFk5QZaU-
> JPkz748sZCQtLXqL1FIxGonW_xDwc9pXdioEnY546GZUnzjzSNW1BdDF27VjLabqZa
> B5XtMgrSWZ3guWaPw$
> https://urldefense.com/v3/__https://winserver.com__;!!CQl3mcHX2A!DfPhD9Q
> IFk5QZaU-
> JPkz748sZCQtLXqL1FIxGonW_xDwc9pXdioEnY546GZUnzjzSNW1BdDF27VjLabqZa
> B5XtMgrSWZOlLgxbE$
> 
> 
> 
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/dmarc__;!
> !CQl3mcHX2A!DfPhD9QIFk5QZaU-
> JPkz748sZCQtLXqL1FIxGonW_xDwc9pXdioEnY546GZUnzjzSNW1BdDF27VjLabqZa
> B5XtMgrSWZiFT7qwo$