Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
Tim Wicinski <tjw.ietf@gmail.com> Sat, 26 September 2020 16:33 UTC
Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4B7C3A0AF5 for <dmarc@ietfa.amsl.com>; Sat, 26 Sep 2020 09:33:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02RnBnhujMcY for <dmarc@ietfa.amsl.com>; Sat, 26 Sep 2020 09:33:32 -0700 (PDT)
Received: from mail-oi1-x236.google.com (mail-oi1-x236.google.com [IPv6:2607:f8b0:4864:20::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A99D73A0AE7 for <dmarc@ietf.org>; Sat, 26 Sep 2020 09:33:32 -0700 (PDT)
Received: by mail-oi1-x236.google.com with SMTP id v20so6363808oiv.3 for <dmarc@ietf.org>; Sat, 26 Sep 2020 09:33:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TzMjvEIEHSSfeWL071GUugSkD3Dw/cn0k4WqOrkd9Cg=; b=GybBJ4rgf71lY9D4JBAx/Fy4N/4wGayWSdDMcf9fLwwnMKaLe8HOmFaOyFir8Q5vWa sf6wOdu2zZAZXtIzk6JoIoIzpxev/eygEHaF7/sFYpNbPGAL6EDk2+Rvs6nV3y2dL9qi iKiOGpmCJXF78gUckreUyif/OfMVUHaFW2hzN3PEep1r5nNkME5KTyY0JcS5u4n6dADC LdkXw4ufvQiNHI7HGIXXwf6hCvE+/a04Uyu18dEtzYGOT1GDXqMmQfr43SIz6cAyylYB VOXddCtnMH3mcV8qpA4w+e8RCp4qE+qy9BfmZiCut8ilAV5QoUVDotwwqiMRn3Sr89VS UVvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TzMjvEIEHSSfeWL071GUugSkD3Dw/cn0k4WqOrkd9Cg=; b=PN4iQtlUNdoBCaAD8gDfVJ6iFmtOzb4dXPFpE8SMlY3mwe1MHkYXkUcVNTAHnPLySu Sn3BMbCG5DrwJDtIA4Ub3fv4+2zqmBIwBX2T6opzzgtUj5iTnaakOVOB79ErUNOily/4 +q5m6LVK9/8m1sPfCHH8popNhwAOM37X1/JqJhptolXeBRv/fdwd3catz1ijzwfT9ciZ 176x2VvU6aV/jV9rneB5gBQoH05vLwbrTPrzd8BRx1YDXdy9jb921uncPrVsCoXvu9eK 1gbWYI4w1VYjjTjCkUydI5O4Sh/d3+DCPHT4R4HK4qka2HvrFzSupMkJI98+i88Y8Qye zl3w==
X-Gm-Message-State: AOAM5318+rhOLkgzbUrc7mGz0nwCr4Ou+EaKP5KKO4fJkOIr9opQpxaN H7dSloBM1s49+hfuEimK5uf6f2GIQJI5Rixf/D4ByNLuSJc=
X-Google-Smtp-Source: ABdhPJwKITOukckkykWd0emDXihrBrkLMK02kdougAxB92vD3t9lzux0OZtL5LzdFia2sTuGGRY9sQJRwal72bJSbwU=
X-Received: by 2002:aca:38d6:: with SMTP id f205mr1696871oia.6.1601138011861; Sat, 26 Sep 2020 09:33:31 -0700 (PDT)
MIME-Version: 1.0
References: <20200815225306.967CC1E9E41D@ary.local> <6089649.VB6F1bvo3X@zini-1880> <159dc0da-0f34-fa71-e20f-89135f14182e@dcrocker.net> <6484002.GchzCIbhPQ@zini-1880> <aa8eb7e5-e16f-e99d-2164-5654ed0024dd@dcrocker.net> <9c10a1fa6f0f4d729563168ccabf326c@bayviewphysicians.com>
In-Reply-To: <9c10a1fa6f0f4d729563168ccabf326c@bayviewphysicians.com>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Sat, 26 Sep 2020 12:33:19 -0400
Message-ID: <CADyWQ+GYNkTOAytGYPF9VZL3SJMzKQGz=b9fjCH7qrRRav7qaQ@mail.gmail.com>
To: fosterd@bayviewphysicians.com
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006ef84c05b039feae"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/BLeN9lQZtwi4A6IkKobIObnNQhE>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Sep 2020 16:33:35 -0000
And here we were getting along so well! Mr Foster, it's perfectly fine to disagree with Mr Crocker technical points, and you are welcome to have your own opinion on whether he chooses to hear or not. But those opinions should be kept to yourself. I see a lot of these heated discussions as a sign that people really care about this issue. That's a good thing. For the record, I'm a DNS person. I see most problems as being solved with more DNS, or less DNS. I will say that I have had "passionate discussions" with Mr Crocker on several issues and I found that it was not that he did not listen, but figuring out how to better explain my point of view. Surprisingly to many, he does listen. Whether this work is in scope for DMARC or not, I would plead guilty for not considering this carefully. In the DNSOP working group I co-chair, *everything* DNS is in scope, until it is not in scope. These types of discussions I was leaning on Seth, Alexey and of course Murray the AD. thanks for listening. tim On Sat, Sep 26, 2020 at 8:55 AM Douglas E. Foster <fosterd= 40bayviewphysicians.com@dmarc.ietf.org> wrote: > The problems with your proposal have been well documented, but you > apparently choose not to hear. The single paragraph that Scott quoted has > multiple problems within it. > > The group has considered other and better technical proposals (conditional > signatures, ATSP, RHSWL), but they have all been dropped because the group > did not believe that Domain Owners would have any desire to implement them, > and because Mailing List Operators would have no way of knowing which > mailing lists had implemented the new feature. > > If you have solutions to these problems, please put them forward. > Otherwise, why are we dragging this back up? > > ------------------------------ > *From*: Dave Crocker <dhc@dcrocker.net> > *Sent*: 9/25/20 11:04 PM > *To*: Scott Kitterman <sklist@kitterman.com> > *Cc*: IETF DMARC WG <dmarc@ietf.org> > *Subject*: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the > RFC5322.Sender Header Field > > On 9/25/2020 4:21 PM, Scott Kitterman wrote: > > On Friday, September 25, 2020 7:05:22 PM EDT Dave Crocker wrote: > > I think the obligation to justify is on the advocate for change. > > That means you are demanding I prove negative. Which, of course, is an > impossible assignment. > > Rather, the obligation is on the person claiming the affirmative, which in > this case means the claim that this proposal somehow 'breaks' or otherwise > hurts DMARC. > > > Because the current email protection behavior involves the > RFC5322.From field, and pertain to the human author, it is common to > think that the issue, in protecting the field's content, is behavior > of the human recipient. However there is no indication that the > enforced values in the RFC5322.From field alter end-user behavior. > In fact there is a long train of indication that it does not. > Rather, the meaningful protections actually operate at the level of > the receiving system's mail filtering engine, which decides on the > dispostion of received mail. > > Please provide references for your long train of indications, speaking of > making overly broad assumptions. If that's accurate, I'd like to understand > the data that tells us that. > > I'm not going to do that, because there's a long history of that work > being ignored, in spite of it being reviewed repeatedly in thse and related > fora over the years. It's gotten tiresome to have people claiming an > effect that they lacks evidence for, and the data to the contrary that they > are somehow unaware of. > > Again, the real requirement is focus on the affirmative. > > In this case, an affirmative claim that end-users are relevant to the > efficacy of DMARC. I don't recall seeing any research results validating > such a view, but perhaps I missed it. > > Well, ok, here's one that shows lack of efficacy, and it's a big one: > EV-certs > > *Google to bury indicator for Extended Validation certs in Chrome because > users barely took notice* > > > https://www.theregister.com/2019/08/12/google_chrome_extended_validation_certificates/ > > "The reason is simple. "Through our own research as well as a survey of > prior academic work, the Chrome Security UX team has determined that the EV > UI does not protect users as intended... users do not appear to make secure > choice..." > > > If this is just an input into an algorithm, then your assertion that you are > only providing another input is supportable, but that's contrary to the DMARC > design. > > Perhaps you have not noticed but the demonstrated field use of DMARC, to > date, tends to be contrary to the design, to the extent anyone thinks that > the design carries a mandate that receivers follow the directives of the > domain owners. > > So the text in the draft merely reflects real-world operational style. > > > d/ > > -- > Dave Crocker > Brandenburg InternetWorkingbbiw.net > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- [dmarc-ietf] Call for Adoption: DMARC Use of the … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Kurt Andersen (b)
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Jim Fenton
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Brandon Long
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John R Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John R Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Joseph Brennan
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Rolf E. Sonneveld
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Brandon Long
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … David I
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Jim Fenton
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Brandon Long
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John R Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … ned+dmarc
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Kurt Andersen (b)
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Kurt Andersen (b)
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- [dmarc-ietf] I Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- [dmarc-ietf] Objections to Sender header as overr… Brandon Long
- Re: [dmarc-ietf] Objections to Sender header as o… Brandon Long
- Re: [dmarc-ietf] Objections to Sender header as o… Murray S. Kucherawy
- Re: [dmarc-ietf] Objections to Sender header as o… Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Jesse Thompson
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Vittorio Bertola
- Re: [dmarc-ietf] ARC usage, was Call for Adoption… John Levine
- Re: [dmarc-ietf] ARC usage, was Call for Adoption… John Levine
- Re: [dmarc-ietf] ARC usage, was Call for Adoption… Jesse Thompson