Re: [dmarc-ietf] Policy Enforcement Considerations
Dotzero <dotzero@gmail.com> Tue, 19 September 2023 13:13 UTC
Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC960C151555 for <dmarc@ietfa.amsl.com>; Tue, 19 Sep 2023 06:13:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZGrZUX5rd-_k for <dmarc@ietfa.amsl.com>; Tue, 19 Sep 2023 06:13:09 -0700 (PDT)
Received: from mail-vk1-xa2f.google.com (mail-vk1-xa2f.google.com [IPv6:2607:f8b0:4864:20::a2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66B40C15106A for <dmarc@ietf.org>; Tue, 19 Sep 2023 06:13:09 -0700 (PDT)
Received: by mail-vk1-xa2f.google.com with SMTP id 71dfb90a1353d-493639d616eso1983820e0c.0 for <dmarc@ietf.org>; Tue, 19 Sep 2023 06:13:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695129188; x=1695733988; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=5RBcskEl7g3590xyLvaDHwCQRJdRIA5m5Tlz4Fb7VDE=; b=ZonkV421pxxbul+6e0REaL9XIxaQpuGzKof3R/6d7yQixQOU2Ov4P3xFg6W3zlKiQz S+7zx8riVm3lWz1Y147UEwwg/NjdebOliOrH+DXKAYYsP5+GbZhlvY45QGTqDVI2FmT7 vCPYZA5J06lszo+a+7ZSNFDPmMx2XmxXN7W+cAz8a3TXZjseYafQm8fwk4DAt7Lf4VR8 1ZDA3gBMSrnEz3oVrA/sSQ+eBeMJilVm+6HEyRaMZO5iNHMENDwCMu8jG5CMdUeBoSNw 8GuqyPXL0E8cKZfuakHxISXpNn8QpecVQx0XL9CzPkdnKnQ/FkdyQsO8lLMVRKBu0jOG RLaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695129188; x=1695733988; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5RBcskEl7g3590xyLvaDHwCQRJdRIA5m5Tlz4Fb7VDE=; b=pJtcecuGEAkEqU35LTfguLfOt7TMSTRicE2Izd2r+K7WHf7ADzHxXnSxIXZTbXlyX0 DsvTGx4EcH51n4R0R8maooDMYIFSZMS7vumfHtwVy9plB6oPMcaDyRk1YoHeVRtP2uEC HquaEqN2NPadmZaOq1qs2noftrTo/+Tw5xJqAhCQhp+BULIs1Dy4HrsxNQjNGo4F/kkL Z35e85z+grpsEMyecrKU4hgnE72TWKEE4lbKgRxjGSnbiCSn5BmsdIPf+OBhWnRocnP9 PUWUyAvBNysMcCAA9iXnBo9GxNENqGtzV45kwHCJe/390yaDlaTbVQSar3PN56RU3bGE 6OjQ==
X-Gm-Message-State: AOJu0YwpC+ghfh4eLH39caNosDstjjkw7b/F6exB+C3xCfJhkpQiqECw HPrtO/7OUPWbOSk1bOS/vbAU2zI7zpKrHKpKYzIIBxNb
X-Google-Smtp-Source: AGHT+IEP/vUntGFyzBvFbE3OItonC4fPj7qNLODj+vyZtzR3ih4cFOy9Kqz1PNDjENqZp6O2WyoByBpM5XW4hUS63rk=
X-Received: by 2002:a1f:4c41:0:b0:495:ffe6:8d8d with SMTP id z62-20020a1f4c41000000b00495ffe68d8dmr6538136vka.11.1695129188024; Tue, 19 Sep 2023 06:13:08 -0700 (PDT)
MIME-Version: 1.0
References: <c371f5b3-6133-1dc1-aa59-d3c6718a6ff2@tana.it> <92100200-55C3-47A2-9756-12A4AFD94E69@kitterman.com>
In-Reply-To: <92100200-55C3-47A2-9756-12A4AFD94E69@kitterman.com>
From: Dotzero <dotzero@gmail.com>
Date: Tue, 19 Sep 2023 09:12:58 -0400
Message-ID: <CAJ4XoYe6xTz0ef7WR5pbckWwJXcCvhYaLeqKwc=BbAmHgXVL0g@mail.gmail.com>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="00000000000019c8400605b60531"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/CNPcKUXhtOrFfSb6h_UNMqoswiI>
Subject: Re: [dmarc-ietf] Policy Enforcement Considerations
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Sep 2023 13:13:13 -0000
On Tue, Sep 19, 2023 at 8:20 AM Scott Kitterman <sklist@kitterman.com> wrote: > > > On September 19, 2023 8:50:02 AM UTC, Alessandro Vesely <vesely@tana.it> > wrote: > >Hi all, > > > >the second sentence of the second paragraph of Section 5.8: > > > >OLD > > In particular, because of the considerations discussed > > in [RFC7960] and in Section 8.6 of this document, it is important > > that Mail Receivers not reject messages solely because of a published > > policy of "reject", but that they apply other knowledge and analysis > > to avoid situations such as rejection of legitimate messages sent in > > ways that DMARC cannot describe, harm to the operation of mailing > > lists, and similar. > > > >I have the feeling that most readers understand that allusion to /other > knowledge and analysis/ to mean content filtering. Thence the lemma that > if we can relay on content filtering then we don't need strong > authentication. Instead, referenced Section 8.6 presents forwarding as > /the/ scenario where DMARC fails. Accordingly, this section could be more > precise on the kind of semantically acceptable enforcement exceptions. Let > me try a wording: > > > >NEW > > In particular, because of the considerations discussed > > in [RFC7960] and in Section 8.6 of this document, it is important > > that Mail Receivers seek additional knowledge and mechanisms whereby > > published policies of "reject" and "quarantine" can be safely > overridden. > > Mailing lists, and forwarding in general present cases where messages > are > > legitimately sent beyond the author domain's reach, breaking SPF and > > possibly also DKIM. The combined effort of Mail Receivers and > Forwarders > > can lead to establishing a strong recognition of such mail flows, > warranting > > discharge from DMARC policy enforcement while still respecting the > > semantics of the author domain policy, thus avoiding the harm that > > otherwise DMARC causes to the operation of mailing lists. > > > > > >Is that cool? > > No. I think this section is currently, correctly, focused on what to do > with only references to why. I don't think we should change that. If the > current references are inadequate, then we should improve them, not attempt > to restate them. > > I don't think "other knowledge" is limited to content filtering and your > attempt to be more precise is problematic because it doesn't actually > achieve the goal. > > "The combined effort of Mail Receivers and Forwarders ...", for example, > leaves out mailing lists, which is one of the things you said you were > trying to solve. > > Scott K > I agree with Scott. Michael Hammer
- [dmarc-ietf] Policy Enforcement Considerations Alessandro Vesely
- Re: [dmarc-ietf] Policy Enforcement Considerations Scott Kitterman
- Re: [dmarc-ietf] Policy Enforcement Considerations Dotzero
- Re: [dmarc-ietf] Policy Enforcement Considerations Barry Leiba
- Re: [dmarc-ietf] Policy Enforcement Considerations Alessandro Vesely
- Re: [dmarc-ietf] Policy Enforcement Considerations Murray S. Kucherawy
- Re: [dmarc-ietf] Policy Enforcement Considerations Murray S. Kucherawy
- Re: [dmarc-ietf] Policy Enforcement Considerations Alessandro Vesely