Re: [dmarc-ietf] ARC questions

Doug Foster <fosterd@bayviewphysicians.com> Mon, 23 November 2020 17:15 UTC

Return-Path: <btv1==5962ce4abb3==fosterd@bayviewphysicians.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FF163A0B89 for <dmarc@ietfa.amsl.com>; Mon, 23 Nov 2020 09:15:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bayviewphysicians.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wIGE-bXVpUcq for <dmarc@ietfa.amsl.com>; Mon, 23 Nov 2020 09:15:40 -0800 (PST)
Received: from mail.bayviewphysicians.com (mail.bayviewphysicians.com [216.54.111.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 004923A0B80 for <dmarc@ietf.org>; Mon, 23 Nov 2020 09:15:38 -0800 (PST)
X-ASG-Debug-ID: 1606151736-11fa313c0137730001-K2EkT1
Received: from webmail.bayviewphysicians.com (webmail.bayviewphysicians.com [192.168.1.49]) by mail.bayviewphysicians.com with ESMTP id FjgolAaFDV4D1Uba (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO); Mon, 23 Nov 2020 12:15:37 -0500 (EST)
X-Barracuda-Envelope-From: fosterd@bayviewphysicians.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.1.49
X-SmarterMail-Authenticated-As: fosterd@bayviewphysicians.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bayviewphysicians.com; s=s1025; h=message-id:subject:to:from; bh=q7bdxE1MJsYk6jGqEvIubie5fEUXXujcsClJJBjCvKo=; b=dT/xxmCnNCD/23yTJ5Qizlx2musgcpbrfYB9WwQSq5UROLGRfrc/8M4t6WPgl4N2a YLbKVZ2+MqrBOfKK/aETSaEVkuPs7wHZly37coL/qf6o3kUTsjTsv+fS5YCF1R/zc 8UkkUZLFVi6iptmS+jw1EgkZmAUETF5E6OzaF7/ds=
Received: from MSA189 (UnknownHost [192.168.2.194]) by webmail.bayviewphysicians.com with SMTP (version=TLS\Tls12 cipher=Aes256 bits=256); Mon, 23 Nov 2020 12:15:27 -0500
From: "Doug Foster" <fosterd@bayviewphysicians.com>
X-Barracuda-RBL-IP: 192.168.2.194
To: "'Dave Crocker'" <dcrocker@gmail.com>, "'Todd Herr'" <todd.herr=40valimail.com@dmarc.ietf.org>, "'Joseph Brennan'" <brennan@columbia.edu>
Cc: <dmarc@ietf.org>
References: <dcc265f9-a143-5093-eba0-94ee059c7cc7@mtcc.com> <20201122021417.B5E6E27B3E59@ary.qy> <CABuGu1pX=5ZC4RLsv19qrosRN9nCrPdeSk5Xg4O7ViEZit6dnA@mail.gmail.com> <CAMSGcLCzN5q_p_TtUqv5CvwC0ZTkAY9eFaT_za-1WJXgRUmF4A@mail.gmail.com> <CAHej_8nN+827KB+tTuyoeZXoUaKzcYoeizNmwSY-fKTquroPMA@mail.gmail.com> <e3d428f4-1a29-4c6f-4a31-96a24a347e54@gmail.com>
In-Reply-To: <e3d428f4-1a29-4c6f-4a31-96a24a347e54@gmail.com>
Date: Mon, 23 Nov 2020 12:15:26 -0500
X-ASG-Orig-Subj: RE: [dmarc-ietf] ARC questions
Message-ID: <004b01d6c1bc$3d9a1990$b8ce4cb0$@bayviewphysicians.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_004C_01D6C192.54C4FBF0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGXz+0WkBofX62NH9iXrOEFk3P74QI1TqT8AiMfSDYA2L0BEAHq4xAZAmU2bUGqB806cA==
Content-Language: en-us
X-Exim-Id: 004b01d6c1bc$3d9a1990$b8ce4cb0$
X-Barracuda-Connect: webmail.bayviewphysicians.com[192.168.1.49]
X-Barracuda-Start-Time: 1606151737
X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384
X-Barracuda-URL: https://mail.bayviewphysicians.com:443/cgi-mod/mark.cgi
X-Barracuda-BRTS-Status: 1
X-Virus-Scanned: by bsmtpd at bayviewphysicians.com
X-Barracuda-Scan-Msg-Size: 8349
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.86073 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/CZjtGFn_xHO-afQ6t7TTJhOAXTo>
Subject: Re: [dmarc-ietf] ARC questions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Nov 2020 17:15:43 -0000

My wishlist for ARC:

 

ARC tells me that somebody changed some data, but it does not tell me which MTA performed the forwarding operation, added content, or performed address rewriting.  If we could get HELO names into the ARC data, then those names could be correlated with the Received header chain to make better filtering decisions.

 

DF   

 

From: dmarc [mailto:dmarc-bounces@ietf.org] On Behalf Of Dave Crocker
Sent: Monday, November 23, 2020 12:02 PM
To: Todd Herr; Joseph Brennan
Cc: dmarc@ietf.org
Subject: Re: [dmarc-ietf] ARC questions

 

On 11/23/2020 7:38 AM, Todd Herr wrote:

On Mon, Nov 23, 2020 at 9:50 AM Joseph Brennan <brennan@columbia.edu> wrote:

On Sat, Nov 21, 2020 at 7:14 PM John Levine <johnl@taugh.com> wrote:

 

This also means that ARC isn't useful if you don't have a reputation
system to tell you where the lists and other forwarders that might add
legit ARC signatures are. 

 

And if you know which hosts are legit mailing lists or forwarders, you already know what ARC would tell you.

 

I believe, though, that the intent of ARC is that it be scalable in ways that manual enumeration of known legit mailing lists and forwarders is not. 

 

"if you know which hosts are legit" buries an assumption that is problematic, namely that you know who handled the message.  The fack that a message purports to be handled by a mailing list you trust does not mean it actually was.

That's the issue that ARC resolves.

ARC (and DKIM) produce noise-free uses of identifiers.  If the authentication validates, the receiver knows is really was handled by who is saying it was handled by.  Without these, you don't.

d/

-- 

Dave Crocker
dcrocker@gmail.com
408.329.0791
 
Volunteer, Silicon Valley Chapter
American Red Cross
dave.crocker2@redcross.org