IETF Logo Mail Archive

Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal

John R Levine <johnl@taugh.com> Fri, 23 June 2023 19:30 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5F85C151069 for <dmarc@ietfa.amsl.com>; Fri, 23 Jun 2023 12:30:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="2E/d1te7"; dkim=pass (2048-bit key) header.d=taugh.com header.b="VGTjXndY"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QWjI7C_QNY6z for <dmarc@ietfa.amsl.com>; Fri, 23 Jun 2023 12:30:08 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 493A4C14CE53 for <dmarc@ietf.org>; Fri, 23 Jun 2023 12:30:07 -0700 (PDT)
Received: (qmail 90597 invoked from network); 23 Jun 2023 19:30:05 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding; s=161e0.6495f2bd.k2306; bh=PODaFwi61uPVvVxEhw3iMPF1B09nUXBUQ7mO++zX/no=; b=2E/d1te783xVMdGun1x7TA+d8xQEnPMxJT2NVj4BcaPek0NG7/wg/QdvC1h/l8PQQ3e/t8tyzXcUTeF3BhuTIJqtUNGcY/zQ/y1PXrnZAozi0Ltvr4yvngtjc3pXjxerHu66i4f78yM1i0DazuGExhqbG0+b1WeqCCOqU7/8ZbcIdLavzKCH4OCs7MNuheDQpRJuM14n67CdGzA/qsMDo00NPIbAiE7/mPJSeEOTQj7TY45OXmHSsi873+W2PBXV/+Krp7NvG2Vaz9L0z0TqcrZ0k0u5kNc+a40yxlE+1tziETqDc7a6aIrKJavgf0hvkihW+Gt3svrEEZGLHFHY3w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding; s=161e0.6495f2bd.k2306; bh=PODaFwi61uPVvVxEhw3iMPF1B09nUXBUQ7mO++zX/no=; b=VGTjXndYmmvx0XdS3oa69yycjkikbiQGCSt0UoWhUfAdGzb6OYT06F1GK7U3akG9D4ZnCqKdDAyOAmVbNGl9tcfswMkQ1ndRMEdL23hY6adA5uFcrf6dFmlPDw0N0BqT0xhr5l7Vbd3r7KFaUEqcO5U4YtH1Qkf/viD4KIew/rtLWngQ5xYXBF5BNj5SyiyDNgteddKIYEYQlEBuq0qKVkpkLPofPEPfvdrfa0xdY3WJUc7rRW+RIvCg/7eCdIiYhwDr3jGj1w8xN0nmJtAdKiHcQS4irc/aYqkSd5A8YlCLGm9Z2bnacwY/yLMgTMmb12a2t98J2pYjFf8d1oDPwg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 23 Jun 2023 19:30:05 -0000
Received: by ary.qy (Postfix, from userid 501) id 0D97FFA40910; Fri, 23 Jun 2023 15:30:05 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id 085ADFA4090F; Fri, 23 Jun 2023 15:30:05 -0400 (EDT)
Date: Fri, 23 Jun 2023 15:30:04 -0400
Message-ID: <024535ba-5845-fe35-5cfe-1302bae55659@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Barry Leiba <barryleiba@computer.org>
Cc: dmarc@ietf.org
X-X-Sender: johnl@ary.qy
In-Reply-To: <CALaySJ+tKTCEJcNR0ehCNq6rGz-ARe=P72OTgOuKoAj1G1zjmA@mail.gmail.com>
References: <CABZJ8kmg75qo70V-N65b6C4w+g7gX0ehv3CsqG-765BbBGcn=A@mail.gmail.com> <20230623021810.E5F8DF9B3B94@ary.qy> <CAFcYR_WY8MEag7sup_7DnmzRuZJ7zeyJT6TATL45wCKBrsF3UQ@mail.gmail.com> <bfbe77ad-8aba-d803-de06-d734a177066b@taugh.com> <CAFcYR_U=qW0k5EC2_y+B1roXK91uzscT+vS5Y7jrNkG1bTxw5Q@mail.gmail.com> <c1b091c1-86a9-d3e3-5fcb-0b8d7d33fcf2@taugh.com> <CALaySJ+tKTCEJcNR0ehCNq6rGz-ARe=P72OTgOuKoAj1G1zjmA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/EzXMrpz8X65Mj5Li_WKimLboGcs>
Subject: Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jun 2023 19:30:13 -0000

> Presumably, a sender who uses DMARC might publish SPF to cover
> recipients who don't use DMARC, but would prefer that recipients use
> DMARC (authenticated by DKIM only).

I get that, but that's still simultaneously saying "use SPF to 
authenticate me" and "don't use SPF to authenticate me."  If SPF is so 
unreliable that you don't want people to use it for your DMARC alignment, 
why would you want them to use it otherwise?

I worry this is encouraging security theater, look I have super secure 
DMARC p=reject and, we won't get our deliverability numbers without a big 
fuzzy SPF record.

R's,
John
>
> Barry
>
> On Fri, Jun 23, 2023 at 1:54 PM John R Levine <johnl@taugh.com> wrote:
>>
>>> My understanding is that if `auth=dkim` then SPF would be ignored from the
>>> perspective of DMARC. So  if a receiver sees DKIM is not DMARC aligned and
>>> only SPF is DMARC aligned then it would still be treated as a DMARC fail.
>>
>> That's my understanding.
>>
>>> It would be a way for senders to say "yes I checked that all my DKIM
>>> signatures are working and aligned, I don't need you to look at SPF and
>>> don't want to have the risk of SPF Upgrades.
>>
>> So why do you publish an SPF record?  Presumably so someone will accept
>> your mail who wouldn't otherwise, except you just said they shouldn't.
>> Still not making sense to me.
>>
>> Regards,
>> John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
>> Please consider the environment before reading this e-mail. https://jl.ly
>>
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>
>

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email