IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

Dave Crocker <dcrocker@gmail.com> Wed, 03 June 2020 00:26 UTC

Return-Path: <dcrocker@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAF743A1153 for <dmarc@ietfa.amsl.com>; Tue, 2 Jun 2020 17:26:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dlqc7paVgsCg for <dmarc@ietfa.amsl.com>; Tue, 2 Jun 2020 17:26:14 -0700 (PDT)
Received: from mail-oo1-xc41.google.com (mail-oo1-xc41.google.com [IPv6:2607:f8b0:4864:20::c41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79B623A1158 for <dmarc@ietf.org>; Tue, 2 Jun 2020 17:26:14 -0700 (PDT)
Received: by mail-oo1-xc41.google.com with SMTP id q188so159924ooq.4 for <dmarc@ietf.org>; Tue, 02 Jun 2020 17:26:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=lSDKBTXlh8PxtDawBUFH7S9eh0pYVb23d7kwhahfhtI=; b=WUiZUGE0SpPx5Tf6d+oC8+u1O7W2uz8KGAIPgzkosj8W6xNBbEMXEw04gtF5dXwrab 3b/FoibKsrzN6i4pWdux+oWD8CeDcrKcqHs8STU8ScnrERdeRKnEgv5uBuKJ4dHmwQus /809uWmIgQ/Yn2qF+G1/mFx0IeXwdcc5y4T2g5+/joBU0OfWT4vlLdGBICLkBhzxYCGC Kn4F/zogg0UsqzPFn5+Mndx1cyHrxlG5FEmoSfGxNuAzxONi3/7Em7W3hTMNlOKAf+EN nMHyZTjJLbH4as3GNmRhLeLu1AvEQOXRhX6ScXyNQqmy17GIxbZfKOQ1USri0vIAqFdr 2UZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=lSDKBTXlh8PxtDawBUFH7S9eh0pYVb23d7kwhahfhtI=; b=S+FcQkOUri2SvBc52PoUSiPkkU741n8W2QdhFVvKPJ1vTMrxA/gAGsl4SJlABteEyU CbMXuqyvjZ7LUzKvjTDOhMcc3cp1ZdNnT2aM881In+ipvxFfZ3tQKP5/m8AokrP6a6YL wkxNJjie5uRMkxjxD2DkpHXMSe5DTPxjQTPkeWgsjhRHnXAk3fwxSl+CIVn3OmJx/64N dmGky9/+5zevEaPy8/gT07dLCNAbnA6XID7P0WW0Hw0D6CL0t833O9ROWATb8oLGGvwh mEbFdmc6ZFIPhwUFIZnZCAQP2Pb7Z7qqMkbkcGQBmUdczSupyMSPlDi5bo5R+ple8hnf gylw==
X-Gm-Message-State: AOAM531ImeO6tu6ADaG5W0vm0z4OiGwFsXJrZE673LFDHPPcckz8gCam W5u80UiI7Sp1ApCwmIINStKgzzup
X-Google-Smtp-Source: ABdhPJyYys2368x8IvihMCGvDBI0NLD08TGBSC7Vhf55qLIeUukFBWxSN01N2tfsqECsxEXVrLuWHw==
X-Received: by 2002:a4a:a20b:: with SMTP id m11mr5143088ool.20.1591143973579; Tue, 02 Jun 2020 17:26:13 -0700 (PDT)
Received: from ?IPv6:2600:1700:a3a0:4c80:74d5:2e17:a5f6:1e77? ([2600:1700:a3a0:4c80:74d5:2e17:a5f6:1e77]) by smtp.gmail.com with ESMTPSA id v79sm187380oia.29.2020.06.02.17.26.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 02 Jun 2020 17:26:13 -0700 (PDT)
To: Seth Blank <seth=40valimail.com@dmarc.ietf.org>, "dmarc@ietf.org" <dmarc@ietf.org>
References: <DM5PR0601MB367115AD49513EAF3953716CF68B0@DM5PR0601MB3671.namprd06.prod.outlook.com> <18441e8d-cf87-053e-4957-7b9d6ea9690c@gmail.com> <CABa8R6s7Lh_nihfH4Y8=JFCDFL6T_iEd+dBf7C=iW+5S3K4i3A@mail.gmail.com> <1093905c-7556-ab65-ae9f-6c97d1707878@gmail.com> <CAL0qLwYm=QnSLQ_n_+xq_vvEh47TJT+HXZKem5uKhtfRotKAbQ@mail.gmail.com> <c03d4ea4-20e1-12a6-9581-f51a81330ca5@gmail.com> <CAOZAAfO42WrYi6drByD=fdoU=1su-WO6nGH0OoEN1Txw2ONNvA@mail.gmail.com> <CAJ4XoYcyr-3Sdk+96AxJuKAjH124ziTLZV=1K__5ZF-ME3=G5Q@mail.gmail.com> <CAOZAAfMxVt8JsmXJcui-ejjvsjz3zdTegphA9jUJKQaVxEum-A@mail.gmail.com> <150bd1d9-dc9c-8183-308f-5e251caeac74@gmail.com> <CAOZAAfNh=mEWxJt81wOMnttM2CcYW8DVzjzOnUqQ3x4jh3E5bQ@mail.gmail.com>
From: Dave Crocker <dcrocker@gmail.com>
Message-ID: <fbe25bbb-a810-d36c-35e8-aabd85fa1f17@gmail.com>
Date: Tue, 02 Jun 2020 17:26:11 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.8.1
MIME-Version: 1.0
In-Reply-To: <CAOZAAfNh=mEWxJt81wOMnttM2CcYW8DVzjzOnUqQ3x4jh3E5bQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------AEFAF190710CF62CA2D9B892"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/FCThPgBnzKDWlEjBGb3g-BjhDgo>
Subject: Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2020 00:26:17 -0000

On 6/2/2020 5:13 PM, Seth Blank wrote:
> On Tue, Jun 2, 2020 at 4:02 PM Dave Crocker <dcrocker@gmail.com 
> <mailto:dcrocker@gmail.com>> wrote:
>
>     On 6/2/2020 3:53 PM, Seth Blank wrote:
>     > The point I was trying to make is that consumers are susceptible to
>     > fraud,
>
>     Of course they are.  Unfortunately, that point is irrelevant,
>     because it
>     isn't the question at hand.
>
>
> Dave, this is exactly the point where I think we're on different 
> pages. The From: domain matters because its contents affect user 
> behavior.

Apparently I wasn't simple enough, so let's reduce this to the absurd 
reality that typically applies:

      If a user doesn't see it, how can it affect their behavior?


> Alignment matters, because it ensures that the domain which is 
> authenticated matches what the user sees in the inbox (because, 
> rightly or wrongly, inboxes show the contents of the From: header field).

Except that most users don't see the From: domain name.


> When this match fails, a message can be rejected before it's ever in 
> front of a user and capable of causing confusion or fraud.

Exactly.  What matters is that unalignment is presumed to demonstrate 
bad faith by the originator.  THAT is what significant.  And it's 
significant to the filtering engine, not the recipient user.


>
> The point is NOT to change user behavior due to what is presented in 
> the From:, it is to prevent manipulation of user behavior by only 
> allowing From: domains to be displayed if they have been authenticated.

Yeah, but that's quite different from saying that a user who sees a bad 
from: field is manipulated.


>
> Your argument seems to be that you don't believe that spoofing the 
> From: domain leads to user impact, or am I completely misunderstanding 
> you?

Where is the clear and credible research data that says that a bad From: 
field domain name specifically tricks end users?

d/


> -- 

Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email