IETF Logo Mail Archive

Re: [dmarc-ietf] non-mailing list use case for differing header domains

"Douglas E. Foster" <fosterd@bayviewphysicians.com> Mon, 03 August 2020 00:44 UTC

Return-Path: <btv1==484d4db2e1e==fosterd@bayviewphysicians.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E65B33A0E56 for <dmarc@ietfa.amsl.com>; Sun, 2 Aug 2020 17:44:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bayviewphysicians.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7zLZU7ONo6EJ for <dmarc@ietfa.amsl.com>; Sun, 2 Aug 2020 17:44:08 -0700 (PDT)
Received: from mail.bayviewphysicians.com (mail.bayviewphysicians.com [216.54.111.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4186A3A0E53 for <dmarc@ietf.org>; Sun, 2 Aug 2020 17:44:08 -0700 (PDT)
X-ASG-Debug-ID: 1596415444-11fa3118c7b6260001-K2EkT1
Received: from webmail.bayviewphysicians.com (smartermail4.bayviewphysicians.com [192.168.1.49]) by mail.bayviewphysicians.com with ESMTP id Be7lDM9JJLPIlig2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO); Sun, 02 Aug 2020 20:44:04 -0400 (EDT)
X-Barracuda-Envelope-From: fosterd@bayviewphysicians.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.1.49
X-SmarterMail-Authenticated-As: fosterd@bayviewphysicians.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bayviewphysicians.com; s=s1025; h=message-id:reply-to:subject:to:from; bh=W9bUStkIbqrhRU7dZXEhKLZV/8v5j+ZVTB6vuGErTQA=; b=pHsmyOtlGwzIo8dDIcSoxC2tX0vmWg8vQlDFcUinjsi1DuoTnhnu/O8n9PHSzPk/E nWy1HlwWDG8GL2WV5LMmRWWjeJHqcuSDGBgaeZAhHbKxfhqgqZ7H5oSv4OfwVpU/t Bfcik+TAo1LIieFHJy8YK6Lpz+kzHF6N6f7ze/WWk=
From: "Douglas E. Foster" <fosterd@bayviewphysicians.com>
To: dcrocker@bbiw.net, IETF DMARC WG <dmarc@ietf.org>
Date: Mon, 03 Aug 2020 00:43:56 +0000
X-ASG-Orig-Subj: Re: [dmarc-ietf] non-mailing list use case for differing header domains
Reply-To: fosterd@bayviewphysicians.com
Message-ID: <0bc56bf161c54870b4655e98d7297f64@bayviewphysicians.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="98fb3daf40474046a88018f8756fb733"
In-Reply-To: <fa39426a-c14b-493c-85f2-58a682461c2d@dcrocker.net>
References: <20200802165756.3892C1DC82FD@ary.qy> <719dce3edbc54b25b6ebf248170e7eb2@bayviewphysicians.com> <CAL0qLwYFoGHL13tLOnbgf97qtgLFDo4AmutZdQvMVsuX56Vz0Q@mail.gmail.com> <fa39426a-c14b-493c-85f2-58a682461c2d@dcrocker.net>
X-Exim-Id: 0bc56bf161c54870b4655e98d7297f64
X-Barracuda-Connect: smartermail4.bayviewphysicians.com[192.168.1.49]
X-Barracuda-Start-Time: 1596415444
X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384
X-Barracuda-URL: https://mail.bayviewphysicians.com:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at bayviewphysicians.com
X-Barracuda-Scan-Msg-Size: 7220
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.83652 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/FQc0Wupv0DKhYAu3ViI22_Q73as>
Subject: Re: [dmarc-ietf] non-mailing list use case for differing header domains
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2020 00:44:10 -0000

Murray took server too literally.   I have expressed before that a system could do a sender authentication lookup on List-ID as easily as on From.   In this respect, it is similar to Dave's proposal, without the added complexity of additional identifiers.   So think "Registerd List-ID plus DKIM signature (or SPF, but DKIM seems both sufficient and preferable.)

I am not sure what "Internet Scale" means to you.   Most of the major recipients have bulk mailer registration systems.   It does not guarantee whitelisting, but it tends to produce that effect.   I have had occasion to register with most of them.   So "does not scale" is not obvious to me.

Even more to the point, check out this link:
https://blog.postmaster.verizonmedia.com/post/616023179026202624/increasing-relevance-performance-through-vto 

Verizon appears to be offering a service (probably for extra cost) which is based on:
(a) a well-defined mail stream from a known sender, and 
(b) a mailbox user identifying that mail stream as subscribed, and therefore desirable.

It appears that the target senders are retailers who want to ensure that their sale announcements are read before the sale is over.   It is an "Internet scale" application of the type of registration I was suggesting:   Well-identified senders, coupled with end-user endorsement, receive preferred treatment.

As to the transparency question, it should be clear that there will be no simple solution to the ML problem.  As long as mailing lists appear identical to a malicious spoofer, their only protection is their own sterling reputation.   But the only way to establish an acceptable reputation is to either register with the receiver directly, or register with the sender in a way that the receiver will honor.    Your proposal does nothing to distinguish mailing lists from malicious spoofers, so it does nothing to solve the problem.   Mailing lists either need to send using the ML domain as the From address, not modify the message, or establish a credible reputation.   There are no other possibilities on this side of FantasyLand.

DF 

----------------------------------------
From: Dave Crocker <dhc@dcrocker.net>
Sent: 8/2/20 5:29 PM
To: IETF DMARC WG <dmarc@ietf.org>
Subject: Re: [dmarc-ietf] non-mailing list use case for differing header domains
On 8/2/2020 2:22 PM, Murray S. Kucherawy wrote:
> Ignoring for the moment the problems of scale with any "register your
> lists" solution, I don't think users can reasonably be expected to
> keep such a registration current if, say, the servers were to move. 
> Such a migration would no longer be transparent, as it is today.

+1

When someone proposes a scheme, it will help for them to list who the
relevant actors must be and what they must do and then deal with the
question of scaling.  That is, how will it be possible for this to work
at Internet scale?

d/

--
Dave Crocker
Brandenburg InternetWorking
bbiw.net

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email