IETF Logo Mail Archive

[dmarc-ietf] Reversing modifications from mailing lists

Wei Chuang <weihaw@google.com> Mon, 22 November 2021 23:28 UTC

Return-Path: <weihaw@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9804A3A094B for <dmarc@ietfa.amsl.com>; Mon, 22 Nov 2021 15:28:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.6
X-Spam-Level:
X-Spam-Status: No, score=-17.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oYml4Zh4RFna for <dmarc@ietfa.amsl.com>; Mon, 22 Nov 2021 15:28:17 -0800 (PST)
Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B6713A0944 for <dmarc@ietf.org>; Mon, 22 Nov 2021 15:28:17 -0800 (PST)
Received: by mail-io1-xd34.google.com with SMTP id y16so25528121ioc.8 for <dmarc@ietf.org>; Mon, 22 Nov 2021 15:28:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:from:date:message-id:subject:to:cc; bh=iwh2nDrW16HuJE1mlhFAsys30DNZjsSKwCM5ft/xquU=; b=U2asmq5S2rryaMKvvqX77NaMKi6SZoYz2hithxz0N/ntmbjnhPbLNawqGN9YtWu4Z5 HpP/FjsjPhlHhyjF0lT776pxs6vCWdZ2C5lZD5gPiEn81VNZAOFfynmQLNOyI51VG8B4 qADtruLW0WKT8MPIeusJpj0toQNGz/sxi+AkDepvK4ikKFui17x3XrAitn0G8p2gUILE 9ElMoHJBhbmMitaDAllBKfFe254aehD+SNF8db6IPTJepH5YkmueTtbksVwJcNTS6oB4 981SNaYlJDgJ2vTWZ+U4T2zwhQvTMM0+oG6aKjM0T+v4EmzYxRM8ZXrsPMD/YEf79FK5 v7tA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=iwh2nDrW16HuJE1mlhFAsys30DNZjsSKwCM5ft/xquU=; b=KLpnW42FkUEhJ2PoeM+TbQkVRu858ZZtgUSl2AdNGE9a7AT++6bGmJH/h0rHX+mFwN nyCRdP62r2YPEKIWYJU2GupOcq8aSBhAJDOBv2JLV1UkSBjIqjJWrx2961Fk2qxntgdH 87AAjrAFWXLT5MHSsQqfDQeLvG7Z82Cqs5/8Nl42dM6ZeNdWeTtx2ieO0NqRY/dk/oG+ hYXFn2pZT6SqmVYBm+CoXQ6dREowfhkJg5coSDruEhbX3+p9K00WiMm5HEmwad1BSEr6 XyKvcy2cCXua35kVJUK6IvnjSRmYRkvXFryuI3FaVurVnfdreW8MRFZIZFBgYxRadnW1 XiYA==
X-Gm-Message-State: AOAM531IiQ6EdhPtt+k+0hOvcxkdD19dzSuDktazRgG1OIsA3Payr2bM 1kHu7/u6AoKZgzEcEGScF7SHp8Sy3M51duf+HN5ViP5jXyl+eA==
X-Google-Smtp-Source: ABdhPJzcP9otbkYAGs6ZGA6/9UPTD6AcDOecwm6SsH2rT1H5kaeLeMGSufvdViPW7Z//x+6hQZbdYxLMmqppLSY7hzs=
X-Received: by 2002:a05:6638:2487:: with SMTP id x7mr209781jat.94.1637623694835; Mon, 22 Nov 2021 15:28:14 -0800 (PST)
MIME-Version: 1.0
From: Wei Chuang <weihaw@google.com>
Date: Mon, 22 Nov 2021 15:28:01 -0800
Message-ID: <CAAFsWK3qshdYDeeTOLPJEnk=gHFrRp==QJLvoG6RAYHau6Fy8g@mail.gmail.com>
To: dmarc@ietf.org
Cc: Alessandro Vesely <vesely@tana.it>, "Murray S. Kucherawy" <superuser@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000009bb60705d168fa66"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/BHdIec7-Meb6OgLhbw-XINN9e_o>
Subject: [dmarc-ietf] Reversing modifications from mailing lists
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Nov 2021 23:28:22 -0000

Hi all,

[Standard disclaimer, that the comments below are my own and don't
represent my employer at all]

I saw Ale's draft draft-vesely-dmarc-mlm-transform
<https://datatracker.ietf.org/doc/html/draft-vesely-dmarc-mlm-transform> in
the ARC list, and wanted to discuss some of the ideas.  Just to put in
context my points- My understanding is we have to trust the forwarders to
use the ARC authentication results, which we might not have because the
forwarder is new, or has low volume.  Moreover mailing lists do much of the
modifications that break DMARC.  This is a common enough scenario that I
think it's useful to consider alternatives such as the ideas found in Ale's
draft.  The numbered bullets are ideas summarized from Ale's draft, and
asterix * bullets are my comments about that.

1. Ale's draft suggests not reversing all possible transforms, and rather
focuses on a subset caused by mailing lists that are reversible
  * Could ARC be suitable for those other scenarios? Could we expect that
forwarders that do more substantial irreversible rewriting such as
modifying URLs in a spam/phishing filter MTA, already have a strong
relationship with the receiver?  Presumably, might they be trusted by the
receiver and their ARC result could be used?
2. Footers must only be added with as a) append on single text/plain part
b) mime part appended to multipart/mixed c) mime wrap where a footer is
added in a new multipart/mixed.
  * It's not very clear to me how Ale's draft handles the b) and c)
scenario.   (There is mention of "reason="transformed"", but this still
seems incomplete)  I saw that Murray has a draft
draft-kucherawy-dkim-list-canon
<https://datatracker.ietf.org/doc/html/draft-kucherawy-dkim-list-canon> that
identifies addition of new mime parts that could be helpful there.
3.  Footers added to text/plain must be identified with at least four "_"
as a separator.
  * Would the DKIM length "l=" field be helpful?  Understood there are
abuse risks.
4. "quoted-printable encoding must not be used for... single-part
text/plain messages, as it is impossible to guess original soft line breaks
after re-encoding"
   * Are you suggesting quoted printable encoding aren't fully reversible?
Actually, could the RFC2045 canonical encoding of the message be used as
the source for doing the DKIM content hashing?  This would bypass having to
worry about additional transfer re-encodings by forwarders.
5. Finding the original FROM by looking at From, Author, Original-From,
X-Original-From, Reply-To, and Cc.
  * Can this be standardized to a fixed location such as Author?  (Sorry
I'm unfamiliar with the discussion on Author)
6. Subject
  * Agreed that some simple heuristic as proposed in the draft is a good
approach.  Perhaps the original subject suffix length also might work here
too.

Comments and discussion are very much welcome.
-Wei

v2.23.0 | Report a Bug | By Email