IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC2 & SPF Dependency Removal

Barry Leiba <barryleiba@computer.org> Tue, 13 June 2023 01:09 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C25BC15106C for <dmarc@ietfa.amsl.com>; Mon, 12 Jun 2023 18:09:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.546
X-Spam-Level:
X-Spam-Status: No, score=-1.546 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.096, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0snQqQHfS8Vl for <dmarc@ietfa.amsl.com>; Mon, 12 Jun 2023 18:09:56 -0700 (PDT)
Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F13F1C14CE4C for <dmarc@ietf.org>; Mon, 12 Jun 2023 18:09:56 -0700 (PDT)
Received: by mail-ej1-f50.google.com with SMTP id a640c23a62f3a-974638ed5c5so1016024766b.1 for <dmarc@ietf.org>; Mon, 12 Jun 2023 18:09:56 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686618595; x=1689210595; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=q411y/nH2J3pX1GJfUPGc+oyqLqPqMC8mijv4wct/Q4=; b=M2C4kbO2g22pSk0WZ3Gfc1AR8kusDK5PjmGQSGTVnr7h7pLFD9C/6Dnd5eqAw4MFKm Mj2E+OL+mNnlKwgWzRoEsj/FW/8mNv6UpQxg6cD7vfaEJhQC/qJw5+4sNsVxToeSZwhX AqQnnJv1d3LFTu2+/E7IhVD9vbnW9S/qgqVQDSg5+zZxkSc7gX4WloO9FDiCyYyvmTyB Y4TF5ZzIJpEII+Mqi/h7PQUrMAbbtiHI1EzWKneERbz1BKOU1oWMOvJqZhtvZbTME+MH 1xvzuZBZLonR9+BHMV7AdwyJgpphTWjiLehPTgVHWMhBWGt7A00faDiE9M1SZijkcZjG /atQ==
X-Gm-Message-State: AC+VfDybq5oamDG/LX31ptX0P0IGU/Qw60CxeV2LcDwDSbn+XNScndqL 8RUiFy6U/3V9RJK26nFCh5eo39V+CN8PzIPv+l0=
X-Google-Smtp-Source: ACHHUZ4CRjgqgmBcFtJaSp4BbGYybJaGRtR0PivRWNDcLvu6KaV9zOWCCSM3ysWOtobkFVcTXvHNjj8Ccl5laHW6axc=
X-Received: by 2002:a17:907:3d9e:b0:977:e8ca:ab34 with SMTP id he30-20020a1709073d9e00b00977e8caab34mr8587988ejc.22.1686618595125; Mon, 12 Jun 2023 18:09:55 -0700 (PDT)
MIME-Version: 1.0
References: <30BB83B2-B454-41B8-992B-8E2569802D9C@1und1.de> <CAL0qLwbx6Y=kmB5pQZx8gNqD=rLBYz1vLOX6ngL=wUHHUm0Hjw@mail.gmail.com> <CAOZAAfMtsjcp+aCrwQ2QRc+SHsw3rhwMuTBugRYe44NeiMeKyg@mail.gmail.com> <CALaySJKrXJJXz3pgp85BPswoirhPJtD=uuefVfc9sX1fGkj-iA@mail.gmail.com> <7f854d28-d3b5-fd00-4613-b8baa1217bd7@tana.it> <CALaySJLeJ0xproB6Eg-37sSrNS7XrewUmdKZYVPsVeWddJ90MQ@mail.gmail.com> <CAL0qLwaFNYr0kYPn9ssGQGrSjmTgZnx2u0cxW4UT7M6zSr-sGA@mail.gmail.com> <f0db9dca-5547-7233-8ae6-08b762a92c67@tana.it> <CAL0qLwZGnecMW7ov=BFiXALfUY5m3_mGcQakgmjMbfttxSEWtQ@mail.gmail.com> <B851CF90-0266-41E9-A4F5-FE282146F443@bluepopcorn.net>
In-Reply-To: <B851CF90-0266-41E9-A4F5-FE282146F443@bluepopcorn.net>
From: Barry Leiba <barryleiba@computer.org>
Date: Mon, 12 Jun 2023 21:09:43 -0400
Message-ID: <CALaySJ+cbVN=zV9nwU4oGBNwOuc0jj87nKxN-ONDHt1w6Dy5WQ@mail.gmail.com>
To: Jim Fenton <fenton@bluepopcorn.net>
Cc: "Murray S. Kucherawy" <superuser@gmail.com>, dmarc@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Bzv0zDkIhJ6PXMT7MQY_t0vQFPg>
Subject: Re: [dmarc-ietf] DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jun 2023 01:09:59 -0000

The misconfiguration is changing it after the message was signed.
Once the message is signed and in the MTA-to-MTA relay system, no one
should be altering the message body any more until final delivery.

Barry

On Mon, Jun 12, 2023 at 6:02 PM Jim Fenton <fenton@bluepopcorn.net> wrote:
>
> On 9 Jun 2023, at 22:35, Murray S. Kucherawy wrote:
>
> >
> > You were previously talking about inserting ">" before a line starting
> > "From ", which is typically done on delivery when writing to an
> > mbox-formatted mailbox file, because in that format, "From " at the front
> > of a line has a specific meaning (i.e., "this is a new message").  If that
> > insertion is happening in transport, then a local mailbox convention is
> > leaking out into the transport environment, which means something is
> > misconfigured, and all bets are off.
> >
> > In any case, it is not a transport conversion anticipated by the section
> > you're quoting, so I've no idea why a DKIM signer might opt to handle it
> > specially.
>
> I’m not as definite that this is a misconfiguration, but might be a historical artifact. When we were editing RFC 4871, I remember discussing with Eric Allman the problem with “from” at the beginning of a line. At the time, we recognized that some messages would fail to verify because the message would be modified in transit to add the >. IIRC this was particularly a problem because message signing was done in a milter that operated on the incoming leg of the message path (through sendmail, for example), when ideally you would want signing to be done on the way out of the MTA.
>
> Your description of why the > was added is probably correct, but I think there are circumstances where the > leaks out that aren’t just due to misconfiguration. I have two messages in my bloated inbox that apparently have had > added (many of you may have the “Communications of the ACM, May 2023” message from April 24). They pass dkim verification, probably because they were signed after modification.
>
> -Jim
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email