Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions

Brandon Long <blong@google.com> Wed, 02 December 2020 02:22 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C52D63A0EAA for <dmarc@ietfa.amsl.com>; Tue, 1 Dec 2020 18:22:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z0H1MRwepezZ for <dmarc@ietfa.amsl.com>; Tue, 1 Dec 2020 18:22:09 -0800 (PST)
Received: from mail-ua1-x92f.google.com (mail-ua1-x92f.google.com [IPv6:2607:f8b0:4864:20::92f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7B5E3A0E8E for <dmarc@ietf.org>; Tue, 1 Dec 2020 18:22:08 -0800 (PST)
Received: by mail-ua1-x92f.google.com with SMTP id a10so24776uan.12 for <dmarc@ietf.org>; Tue, 01 Dec 2020 18:22:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kv7GK+r8cp58AfxicM7m8kxMoi3D1SdBitrTS8nnhE8=; b=Vb0EhPtiWrEVJNCiGnw8yub6YC0+4Fob+ByvjorYvmOoyOq+sSh2WLT72W5y60e73M FVUlMlrEuc2ssW+eVV6T9qnevBiHpTPvaG1UT1coTuTSCppFm+vwVbxtfIXI4P7wM+E2 tmVyfJcEPw2dKyMzRqX5u3MmpT4ysbvk2tH8v2CX8IKOfFHSWT/dJ2bxvZhoi5j3/+xm RWypwetPuCL50Kr9IgDsDUZjb+Ed73dhB4Y+2vw78kdNdN96qgBCrhevCWczW3ngQ9vp jOcI5/IQiX3y7RSDUVGruD8PHUkVnFtkZ7hTwHkKvDv+hIweDA4UFgH+/u5hqdek1ww1 3pwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kv7GK+r8cp58AfxicM7m8kxMoi3D1SdBitrTS8nnhE8=; b=pyQH9ryrVUkJgm7r/nfvRF7aczhfnuK+iD4CH4YpTYQWgFWfvhmPTieRyrydV6CnQR eBd9obziWgpaN3fHxegBMRwmsfML6vFI5H2t3U2bM8u+H0I5UHEG8yH6wPuoJ/bfIR9T TRdGt9e7BWXmMfjuTw9yFQkr+pWOHY5mNuqzuy4vTc7TQ286uKRHXvAj5Qudj3Oig0rd cfDnEM7SzjbWpvbvbK2OXEN8eupEwQPVwgcALde5qMZgR6srRexfE1u0yxBA5G6ZUx9D 10TM3unqMl+a1xOSoFD1sUyELtxU2XcAXDuRlbknZufkue794wzmoIdKmDHaV2Lr7XuF DtxA==
X-Gm-Message-State: AOAM532ylGWzI2yxnj4pui1eaGQBuHKGSA4T+J2j8+n4UolMQNqplo6X lfSCI1wMntdtH+SJOrKWSIjhKM+dp4vHrP/4XPFM6xaI3w==
X-Google-Smtp-Source: ABdhPJwoJ8QrXVySWMBH+J+UG1y/ogJgmknoX9L5dukv/W5KvT2D238HlzHmPMito8bXAfhf9rEhH/tXmHqQOPudQP8=
X-Received: by 2002:ab0:2c05:: with SMTP id l5mr507441uar.40.1606875727590; Tue, 01 Dec 2020 18:22:07 -0800 (PST)
MIME-Version: 1.0
References: <e9166148b9564102a652b4764b4f61ff@com> <8c83fffc-077d-9ddb-db2f-b9763361c60f@tana.it> <39eafc5e-3d9c-0bea-1173-7277070195ea@wisc.edu> <081c42a3-492b-89b7-ad76-ccec48dea091@tana.it> <b0f72407-81ce-9990-4a5b-7b0e5b76e3d7@mtcc.com> <2d1dca4f-e46a-646c-9fa3-d9ca56c72196@tana.it> <CABa8R6sV0x8wWmggp98JfXz8jh0GfAmZ+tNkvqnMPnVK534uPQ@mail.gmail.com> <8353c6ab-adac-d0c2-a809-1384aac9b39f@mtcc.com>
In-Reply-To: <8353c6ab-adac-d0c2-a809-1384aac9b39f@mtcc.com>
From: Brandon Long <blong@google.com>
Date: Tue, 1 Dec 2020 18:21:51 -0800
Message-ID: <CABa8R6sTYySBAew+oPTCjH-88xynsWUesaFKzTkCLfmcA690ig@mail.gmail.com>
To: Michael Thomas <mike@mtcc.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f1671305b571e863"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/CByCfwyIyaddz4uI0gkATR41OBY>
Subject: Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 02:22:11 -0000

On Tue, Dec 1, 2020 at 10:07 AM Michael Thomas <mike@mtcc.com> wrote:

>
> On 11/30/20 8:56 PM, Brandon Long wrote:
>
> Right, some of the other dkim-light or diff concepts we discussed would be
> better than using l=
>
> We again got hung up on the 100% solution, though... something that
> handled subject-prefix and
> footer in a transport agnostic way might have worked.  The fact that DKIM
> isn't transport agnostic
> is an achilles heel to even that, though, since we'd have to come up with
> a new canonicalization
> and get it to widespread adoption before the simple diff could work.  Or
> require mailing lists to
> be a lot more strict in how they do their email rewriting, but I imagine
> that's harder work than
> even ARC.
>
> Frankly all it would take is a google or another large mail provider to
> publicly state that unless a mailing list supports BCP XYZ, your mail will
> be subject to very strict scrutiny and likely not delivered to get the
> attention of mailing list providers. That was my suggestion back in the day
> but it was scoffed at because people could point to some edge case that
> generates .001% of list traffic and thus invalidating the entire approach.
> The best is definitely the enemy of the good here.
>
> People really need to keep in mind that service provider email is not the
> only game in town. That point keeps getting lost.
>
arguably we're all here because a large mail provider did make such a
change (though to be fair, there were plenty of others who wanted to make
that change).

While Google might be able to help move things along, there would need to
be strong community support for that, no one wants to go this alone and
look like the big bully.

I also think that you're overestimating what we could do.  Ultimately, we
serve our customers, and they want their legitimate email, even if it
doesn't support BCP XYZ.

Brandon