IETF Logo Mail Archive

Re: [dmarc-ietf] Dmarcbis way forward

Laura Atkins <laura@wordtothewise.com> Tue, 24 October 2023 09:13 UTC

Return-Path: <laura@wordtothewise.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA711C14CE2F; Tue, 24 Oct 2023 02:13:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wordtothewise.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25t4YFiM5MBV; Tue, 24 Oct 2023 02:13:04 -0700 (PDT)
Received: from mail.wordtothewise.com (mail.wordtothewise.com [104.225.223.158]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EE53C15108B; Tue, 24 Oct 2023 02:13:03 -0700 (PDT)
Received: from smtpclient.apple (unknown [176.61.50.187]) by mail.wordtothewise.com (Postfix) with ESMTPSA id B3E549F21D; Tue, 24 Oct 2023 02:13:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wordtothewise.com; s=aardvark; t=1698138782; bh=NFmbhotrSOk+AsnomhECCM3yXUCNDhDR3uhqYioCu+8=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=CmK/okEQPflQRPc3i7xOZtIoUO074Dd+QNpyYhyw1J82Iw1emoFPglOH3VTFnHOdo j2JbaHEnCrlrb+cCl0Y9WzWT6GmwN/tS+sFcMcDXiaYLNJeCPOW3MAYA16A96N9uif GiOWN/qhmerx9y3ZwGJ0ajG2ExiDT/mwW4X/1dNk=
From: Laura Atkins <laura@wordtothewise.com>
Message-Id: <85A1AB57-6346-4B38-A200-9EF245987F4D@wordtothewise.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4B902887-47EA-472C-B84C-49A09325CD40"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Date: Tue, 24 Oct 2023 10:12:50 +0100
In-Reply-To: <AS1PR07MB861698DF23A8C6CBCC93983B98D8A@AS1PR07MB8616.eurprd07.prod.outlook.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>, "dmarc-chairs@ietf.org" <dmarc-chairs@ietf.org>, "art-ads@ietf.org" <art-ads@ietf.org>
To: Francesca Palombini <francesca.palombini=40ericsson.com@dmarc.ietf.org>
References: <AS1PR07MB861698DF23A8C6CBCC93983B98D8A@AS1PR07MB8616.eurprd07.prod.outlook.com>
X-Mailer: Apple Mail (2.3731.700.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/E5aykcHoTYmGc34k-91pODEulB0>
Subject: Re: [dmarc-ietf] Dmarcbis way forward
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2023 09:13:09 -0000

I think for interoperability reasons a MUST NOT is the correct decision: Domains that choose to use p=reject and then allow their users to post to mailing lists damage interoperability for uninvolved third parties. However, for rough consensus purposes I would support Barry’s SHOULD NOT language. 

laura 


> On 23 Oct 2023, at 09:03, Francesca Palombini <francesca.palombini=40ericsson.com@dmarc.ietf.org> wrote:
> 
> I have been asked by Murray to assist with a consensus evaluation on the discussion that has been going on for a while about the dmarcbis document and how to move forward.
>  
> I have made an attempt to evaluate consensus on the topic, trying to look at it from a complete outsider’s point of view and trying not to let my personal opinion bias my assessment. This is a summary of that evaluation. It is based on several threads in the mailing list: [1], [2], [3] and recordings of the IETF 117 wg meeting [4]. I also tried to pay attention to chronology of comments, because some people have expressed different support for different proposals, in which case I consider the latest email I can find as the person’s latest opinion.
> Although that was mentioned, I believe there is no consensus to move the document status to Informational. I believe there is a rough consensus that a change needs to be made in the text to include stronger requirements admonishing operators against deploying DMARC in a way that causes disruption. The mails go in many directions, but the most contentious point I could identify is if there ought to be some normative MUST NOT or SHOULD NOT text. Many people have suggested text (thank you!). I believe the ones with more tractions are Scott’s MUST NOT proposal [2] and Barry’s SHOULD NOT proposal [3]. I believe most people who’d prefer just descriptive text have stated that they can live with the SHOULD NOT text, but they have stronger objections towards the MUST NOT text. There also a number of people who strongly believe MUST NOT is the way to go, but these people have not objected strongly to Barry’s latest proposed text in the mailing list (although they have made their preference clear during the meeting [4]). As a consequence, I believe there is a stronger (very rough) consensus for going with Barry’s SHOULD NOT text. I also believe there is consensus to add some non-normative explanatory text (be it in the interoperability or security consideration sections, or both) around it.
> I suggest the authors and the working group start with Berry’s text and fine-tune the details around it.
> In particular, as another AD that might have to ballot on this document, I suggest that you pay particular attention to the text around the SHOULD NOT, as also Murray suggested in [5]. I have often blocked documents with the following text: “If SHOULD is used, then it must be accompanied by at least one of: (1) A general description of the character of the exceptions and/or in what areas exceptions are likely to arise.  Examples are fine but, except in plausible and rare cases, not enumerated lists. (2) A statement about what should be done, or what the considerations are, if the "SHOULD" requirement is not met. (3) A statement about why it is not a MUST.”.
> I appreciate everybody’s patience and constructive discussion.
> Francesca, ART AD
> [1]: https://mailarchive.ietf.org/arch/msg/dmarc/Z2hoBQLfacWdxALzx4urhKv-Z-Y/
> [2]: https://mailarchive.ietf.org/arch/msg/dmarc/wvuuggXnpT-8sMU49q3Xn9_BjHs/
> [3]: https://mailarchive.ietf.org/arch/msg/dmarc/k6zxrKDepif26uWr0DeNdCK1xx4/
> [4]: https://www.youtube.com/watch?v=8O28ShKGRAU
> [5]: https://mailarchive.ietf.org/arch/msg/dmarc/Ld-VObjtihm5uWd9liVzMouQ1sY/
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org <mailto:dmarc@ietf.org>
> https://www.ietf.org/mailman/listinfo/dmarc

-- 
The Delivery Expert

Laura Atkins
Word to the Wise
laura@wordtothewise.com

Delivery hints and commentary: http://wordtothewise.com/blog

v2.45.0 | Report a Bug | By Email | System Status