[dmarc-ietf] A policy for direct mail flows only, was ARC questions
Alessandro Vesely <vesely@tana.it> Wed, 25 November 2020 11:28 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 6CD6B3A0E78
for <dmarc@ietfa.amsl.com>; Wed, 25 Nov 2020 03:28:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01,
RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key)
header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id BnmivwVm61xb for <dmarc@ietfa.amsl.com>;
Wed, 25 Nov 2020 03:28:17 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id ABE303A0E77
for <dmarc@ietf.org>; Wed, 25 Nov 2020 03:28:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta;
t=1606303693; bh=azR4BrNrfeBnOr9vqoZIgJEyuPCEe1AkBCniQCtzQlU=;
l=1288; h=To:From:Date;
b=BQaWGbv7KS1j0ObINWttTkezoHcExYtj/9WcRv+iwVKZ565TWkZZvvxagQUXrE7ai
xGq1xFKW4YLT/g9SPDnPhWwqsMRns3ig9uKUWdwZ4tRevnuVtl15swm96GkVxBOqTC
QH42q4xNmqcFdXvy1fmecVruMlMd+0cgv+mkJe3wIJTmK+g1Syb2kcNJR3s7y
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111])
(AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits,
ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA
id 00000000005DC0C4.000000005FBE3FCD.00002EFF; Wed, 25 Nov 2020 12:28:13 +0100
To: dmarc-ietf <dmarc@ietf.org>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <5f8cc7aa-79b2-dbed-23f5-7dfc45e4df1b@tana.it>
Date: Wed, 25 Nov 2020 12:28:13 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.12.0
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/AR96fxKIYo8p_rSLgwpgM1SR2m0>
Subject: [dmarc-ietf] A policy for direct mail flows only, was ARC questions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting,
and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>,
<mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>,
<mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2020 11:28:21 -0000
On Mon 23/Nov/2020 22:27:41 +0100 John Levine wrote: > ARC deals with the problem that most list software forwards everything > with a subscriber's address on the From: line and does a lousy job of > spam filtering. The question is if the entity sending the message to > the list was who it purported to be. > > For example, if a message from a list fails DMARC alignment, but ARC > says it was aligned on the way in, it's likely a real message from a > subscriber. If it was unaligned on the way in, it's likely spam. I publish p=none in order to avoid spurious rejections due to casual message modifications that happen in transit. However, I'm quite confident that SPF or DKIM verify, since users submit messages through the right mail server. Couldn't I address direct flows only? Doing so would prevent a casual spammer from abusing mailing lists I'm subscribed to by simply faking From:. A direct flow is one were SPF credentials (helo name or return address) are aligned with From:. That includes some simple forwarding, but not mailing list traffic. Direct policy could be expressed as dp=. Authenticate as usual, either SPF or DKIM. On failure, discard only if direct flow. For example: v=DMARC1; p=none; dp=reject; Makes sense? Best Ale --
- [dmarc-ietf] A policy for direct mail flows only,… Alessandro Vesely
- Re: [dmarc-ietf] A policy for direct mail flows o… Douglas E. Foster
- Re: [dmarc-ietf] A policy for direct mail flows o… Alessandro Vesely
- Re: [dmarc-ietf] A policy for direct mail flows o… Jesse Thompson
- Re: [dmarc-ietf] A policy for direct mail flows o… Alessandro Vesely
- Re: [dmarc-ietf] A policy for direct mail flows o… Michael Thomas
- Re: [dmarc-ietf] A policy for direct mail flows o… John Levine
- Re: [dmarc-ietf] A policy for direct mail flows o… Michael Thomas
- Re: [dmarc-ietf] A policy for direct mail flows o… John Levine
- Re: [dmarc-ietf] A policy for direct mail flows o… Alessandro Vesely
- Re: [dmarc-ietf] A policy for direct mail flows o… Brandon Long
- Re: [dmarc-ietf] A policy for direct mail flows o… Alessandro Vesely
- Re: [dmarc-ietf] A policy for direct mail flows o… Michael Thomas
- Re: [dmarc-ietf] A policy for direct mail flows o… Brandon Long
- Re: [dmarc-ietf] A policy for direct mail flows o… Brandon Long
- Re: [dmarc-ietf] A policy for direct mail flows o… Alessandro Vesely
- Re: [dmarc-ietf] A policy for direct mail flows o… devel2020
- Re: [dmarc-ietf] A policy for direct mail flows o… Michael Thomas
- Re: [dmarc-ietf] A policy for direct mail flows o… Alessandro Vesely
- Re: [dmarc-ietf] A policy for direct mail flows o… Brandon Long
- Re: [dmarc-ietf] A policy for direct mail flows o… Alessandro Vesely
- Re: [dmarc-ietf] A policy for direct mail flows o… John Levine
- Re: [dmarc-ietf] A policy for direct mail flows o… Michael Thomas
- Re: [dmarc-ietf] A policy for direct mail flows o… John Levine
- Re: [dmarc-ietf] A policy for direct mail flows o… Michael Thomas
- Re: [dmarc-ietf] A policy for direct mail flows o… Brandon Long