IETF Logo Mail Archive

Re: [dmarc-ietf] Signaling MLMs

Douglas Foster <dougfoster.emailstandards@gmail.com> Fri, 14 April 2023 21:51 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66FD8C14CF1F for <dmarc@ietfa.amsl.com>; Fri, 14 Apr 2023 14:51:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EKsv0ukDuUfu for <dmarc@ietfa.amsl.com>; Fri, 14 Apr 2023 14:51:44 -0700 (PDT)
Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75BF2C14CF12 for <dmarc@ietf.org>; Fri, 14 Apr 2023 14:51:44 -0700 (PDT)
Received: by mail-lf1-x133.google.com with SMTP id 2adb3069b0e04-4eb4105d00dso82225e87.1 for <dmarc@ietf.org>; Fri, 14 Apr 2023 14:51:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681509102; x=1684101102; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=V+dRltpFoEyNXxcSNV/Uq9KvFE9yVtrTR5CzvJs42bc=; b=Zug6Ztado1VW03Y9+df//A35+3uZ6i21NCSjrCUtsry2iAzAG8D3vFZT61z/9quQ0b p6exEmxKD8ap1GOFWOMll3MVPL9TLRTNcTlWLVpdlOca3+14GO+vSDuyxS7u7E00zyWt zkmEdgh5ejfq956cSxhAchkCXm6IH4LZ49gw5E9uF5fhRRMKYbw8RTGwUSUI98MmfqpL U5TArY1B79RPIejZjtgvZlTkTyeTfFxAFxMFI4P0Te9Fd2VmAxbPNPAZ71D3xUdBabs+ JZEFWphpiD2k1u1SHWgdBVKabZ47w3vMezACIaO+xLnTp6/pvtQrWjOr8hHWVPHdOyb9 HY4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681509102; x=1684101102; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=V+dRltpFoEyNXxcSNV/Uq9KvFE9yVtrTR5CzvJs42bc=; b=faZtyLd5bMnmxh+QUo8ajNHfiGtJZcpk0THYnAzYSfoanX88QGLPIBqnBdPyS4capM qUf5IlmRHNukWuU1d3l9utJdKUYyv1cR5z+q/qykUxrnX2vHI4UxKLsSri24C7kqa05s pHg/J4+YhTVQwexAbw2sKJmJ7Radp4ZSuijteB1yni9WSlgquD/Wb+MZYGwwBor4QTHa F7oLkAX8zHhNUhvWVK9kAw7dKuRdxcyLXkshyeW111ilChCzH7SXfB6fjGqzMhSCTCcS gCKYVOGrJST8e3Ht5y/Ee0SxFPDUrvwBVM7vVGO7ssZQxma0r2H2blaBXeG0aumAZrN6 en8Q==
X-Gm-Message-State: AAQBX9e8sVXCJLZL3keiVyPJ5x6mogpbV0G7KOyUbhZztnrCygtnk3f1 UAxiWhoDs9uYybg9Qezx0OgoNAhOmx+DavI7UBy7glcb
X-Google-Smtp-Source: AKy350ZKT4S8xVAMmrUBVvXMGpk+a4iQIUQ6WGcqdkqRjwCRCIuTKfBhaDPFh3HkrPXDpLx6qv5dbKMlJ+K9fXbraRs=
X-Received: by 2002:a19:f80a:0:b0:4ec:a112:4394 with SMTP id a10-20020a19f80a000000b004eca1124394mr112472lff.5.1681509102138; Fri, 14 Apr 2023 14:51:42 -0700 (PDT)
MIME-Version: 1.0
References: <CAL0qLwZc2X7tyP+_8vvL3Yb7uJk6td3XGbsXUB68BNUEMhV4yQ@mail.gmail.com> <909C826B-2745-4BE8-AD16-920E6DE86D1C@kitterman.com> <329db752-fdeb-7633-ede1-06e435db1c0e@tana.it> <6600461.14hOuAKI9C@localhost>
In-Reply-To: <6600461.14hOuAKI9C@localhost>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Fri, 14 Apr 2023 17:51:30 -0400
Message-ID: <CAH48Zfwgyr6EGb1Ty3v7gVzEDbMr5dig_GVz79gwqx4F0zsEZA@mail.gmail.com>
To: Scott Kitterman <sklist@kitterman.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b83f6d05f952d857"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/D_VWk3uvcvG0IEjWAo7eriCFB8s>
Subject: Re: [dmarc-ietf] Signaling MLMs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2023 21:51:48 -0000

Interoperability problems occur because MLMs believe they are exempt from
the security problems that lesser mortals face.

I am not obligated to deliver every message that arrives for my users.  If
DMARC causes an evaluator to block a message that his user wants, they have
a  customer service problem, not an interoperability problem.   The
protocol correctly provided information which the evaluator used as he saw
fit.

The Sender or MLM may be unhappy if lost eyes mean lost revenue, but an
evaluator is tasked with disappointing senders, many times per day.

Document the issue as a customer service problem and I am on board.

Doug

On Fri, Apr 14, 2023, 1:59 PM Scott Kitterman <sklist@kitterman.com> wrote:

> On Friday, April 14, 2023 1:20:28 PM EDT Alessandro Vesely wrote:
> > On Fri 14/Apr/2023 15:47:12 +0200 Scott Kitterman wrote:
> > > On April 14, 2023 1:29:58 PM UTC, "Murray S. Kucherawy"
> <superuser@gmail.com> wrote:
> > >> On Fri, Apr 14, 2023 at 4:31 AM Alessandro Vesely <vesely@tana.it>
> wrote:
> > >>> Heck, MLMs should start rejecting messages sent from domains that
> > >>> publish a
> > >>> blocking policy *when they fail authentication on entry*!!
> > >>
> > >> That's not enough to avoid the damage we're talking about.
> >
> > Agreed.  Yet, it is a sane half-way between crazy rejecting always and
> > completely ignoring ABUSE.
> >
> > >>> From: rewriting is the de-facto standard.  In DMARCbis we can only
> > >>> substitute "de-facto" with "proposed".  Better methods, implying
> > >>> different, possibly experimental, protocols are to be defined in
> > >>> separate documents. >>
> > >>
> > >> Are you suggesting we put that forward as our Proposed Standard way of
> > >> dealing with this problem?  It's been my impression that this is not a
> > >> solution that's been well received.
> >
> > I agree there are better solutions, but they're not yet developed.  As
> ugly
> > as it may be, From: munging is the emerged solution.  It is a _fact_.
> Now
> > repeat again that the IETF standardized facts, not theories...
> >
> > >>> Let me recall that when I proposed something like that, I was told
> that
> > >>> that was phase II and the WG was then already in phase III.  So,
> let's
> > >>> complete DMARCbis /without cannibalizing the spec/ by saying that it
> > >>> MUST NOT be used (as it is being used already).
> > >>
> > >> What you describe as "cannibalizing" is actually a matter of
> presenting
> > >> the
> > >> correct normative advice about interoperability.
> >
> > It is nonsensical.  It means DMARC is only useful for looking at the
> > reports. If that's really what we think, we'd be better off deprecating
> p=
> > completely. Otherwise, let's wait until next April 1st and publish it as
> > such.  It's ridiculous.
> >
> > >>  So I don't agree at all with that characterization.
> > >
> > > Agreed.  If people can't get over saying some domains will have
> > > interoperability problems when that's demonstrably a technically
> accurate
> > > statement (and I don't see anyone claiming it isn't), I don't see how
> > > progress is possible.
> >
> > I agree that we have to say that some domains have interoperability
> problems
> > as a consequence of DMARC.  Let's say that MLMs MUST do From: munging
> > unless (or until) better solutions arise, or unless they don't alter
> > messages.
> >
> > We're proposing email authentication, not anything less.
>
> Yes, but we don't get to close our eyes and pretend the rest of the world
> doesn't exist.
>
> If we want to change this, we're going to have to update RFC 5321, which I
> think is out of our scope.  In the section on aliases and lists (3.9), it
> says:
>
> >    However, in this case, the message header section (RFC 5322 [4]) MUST
> >    be left unchanged; in particular, the "From" field of the header
> >    section is unaffected.
>
> I think it would be wrong to mandate From rewriting for a lot of reasons,
> but
> I don't think we get to just ignore an Internet Standard.  I think we
> particularly don't get to ignore an Internet Standard and make it through
> an
> IETF wide last call.
>
> I still don't hear anyone claiming there's no interoperability problems
> when
> some domains publish p=reject.  Can we please just agree to document
> reality
> and move forward?
>
> Scott K
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email