Re: [dmarc-ietf] DMARCbis WGLC Issue - Section 11.5
Todd Herr <todd.herr@valimail.com> Mon, 18 March 2024 14:24 UTC
Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 947E0C15198F for <dmarc@ietfa.amsl.com>; Mon, 18 Mar 2024 07:24:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QSFdpyboP3Km for <dmarc@ietfa.amsl.com>; Mon, 18 Mar 2024 07:24:33 -0700 (PDT)
Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com [IPv6:2607:f8b0:4864:20::b2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E6C3C151553 for <dmarc@ietf.org>; Mon, 18 Mar 2024 07:24:33 -0700 (PDT)
Received: by mail-yb1-xb2b.google.com with SMTP id 3f1490d57ef6-dcc73148611so4672517276.3 for <dmarc@ietf.org>; Mon, 18 Mar 2024 07:24:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; t=1710771872; x=1711376672; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=mjYxSt4nlRHwFf45b6ltMrIOeKz21e6A8dbs5oUfhRs=; b=XozgUTLkCUpzfiLdUOBG9gYi+QmVI+rEDf/7/9JymJR2WQ36O972jhvKTFVQ0XOtW1 Tdm8U/wj/cmm1uomoGFlxvaE1pRstO123AIE10+hNxLDFpjNwsm59UAEM3OaKDLT/p4I nmVrX2vnUf1TPbMwxm/PI1W3MZeBPsjbIRXLVUKWumBj/DN0qBNuYNvyxjR12sP+PJrt 6FzxWX2lRoXWeC0tIcxFNZxTwQUMf5ZlMmeCA0EXWyDNDfTZCN0VhERDzBZduyuP45nM TRpvb8bxAdBIwdgAnYFGoTbX084HQx+p2W8dlAmkDOAP2iEG59KADd6WWIJQzqKgAAAB rgTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710771872; x=1711376672; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=mjYxSt4nlRHwFf45b6ltMrIOeKz21e6A8dbs5oUfhRs=; b=u1NcWsVGgku1Q0kjuL5/w6o6FoRcJy/YcREpDDmpkTaSwrdFGCDFtGtyKDmvty3jKX r7SWxTh6PmDszWvHSie/qE/qzd4ywI+YzVYzt9PYv3iG1IGly8ZoRs15RT3DthQc/dEZ qEqqKUSbD60Je37wv+l3LYJCnck+6M4fEGn5RVcqQWxyr02t/INyyTSUCzCVALlUL8cK ZoHxJoDAV9p0OUnJlnMxjTDwB8lfelsj31ZB7FU/GonNQ0N1mJZiI6zckKcXbiXkzzod OXp4OqdiKbVXTPL3/w5hVG9cuffSpzTEnpFOR/kBPDh/t8zoc037U869O5UnmJTgfLNx VMTw==
X-Gm-Message-State: AOJu0YyuPobMvAhlD2mTDAYPkgnNGNPATJRDzPYrMgg5yI/Eet+98RYx hLiECd1Pa1/j3KUUE4atpZvAX43VQ6RhseoLktQEYidQXKNqyJhDoPpFla7SJzFfC5OiOzgv1js BxORFmFyndrxT6QknhjmEa3owgCiCo2OJN+FfVSKJDg3HPhWd
X-Google-Smtp-Source: AGHT+IGNJL3ai1w1+k3cZ42B+f11iq6LW+iMJovBx5LTqnTpAph5KhmNfhZxGlhlHOX4aBFhNraZr7wSPFhCDZAlACI=
X-Received: by 2002:a25:aaae:0:b0:dcf:464d:8ec3 with SMTP id t43-20020a25aaae000000b00dcf464d8ec3mr10959322ybi.3.1710771872051; Mon, 18 Mar 2024 07:24:32 -0700 (PDT)
MIME-Version: 1.0
References: <36398463.d7gn8dBsVb@zini-1880>
In-Reply-To: <36398463.d7gn8dBsVb@zini-1880>
From: Todd Herr <todd.herr@valimail.com>
Date: Mon, 18 Mar 2024 10:24:15 -0400
Message-ID: <CAHej_8=WMEPw13fW-3eVwTDEtzUWXXZPhwbWKFSvpqC0jrCi-Q@mail.gmail.com>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b9cbae0613f01d44"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/FkViULvJjBGunqk88t8lqsNS-jE>
Subject: Re: [dmarc-ietf] DMARCbis WGLC Issue - Section 11.5
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2024 14:24:37 -0000
Issue 138 has been opened for this. On Sat, Mar 16, 2024 at 5:35 PM Scott Kitterman <sklist@kitterman.com> wrote: > Not sure if this is "significant" or not. > > I don't particularly like the title, but that's been that way for quite > some > time, so for WGLC, meh. > > The particular concern I have is with the text that was added right before > WGLC about multi-valued RFC5322.From fields. It includes the statement: > > > Such an approach might prove useful for a small number of Author > > Domains, but it is likely that applying such logic to messages with a > larger > > number of domains (as defined by each Mail Receiver) will expose the > > Mail Receiver to a form of denial of service attack, and so applying a > > negative disposition decision to the message may be the best course of > > action. > > In particular, the word "likely" seems a bit much. Additionally, I think > beyond the Domain Owner DMARC policy published in a DMARC record, I think > discussions about message disposition are outside the scope of this > document. > How about this instead: > > > Such an approach might prove useful for a small number of Author > > Domains, but it is possible that applying such logic to messages with a > > large number of domains (as defined by each Mail Receiver) will expose > the > > Mail Receiver to a form of denial of service attack. Limiting the > number of > > Author Domains processed will avoid this risk. If not all Author Domains > > are processed, then the DMARC evaluation is incomplete. > > I don't think we need to tell people what to do with such messages. I > think > this is enough. > > Scott K > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > -- Todd Herr | Technical Director, Standards & Ecosystem Email: todd.herr@valimail.com Phone: 703-220-4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- [dmarc-ietf] DMARCbis WGLC Issue - Section 11.5 Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC Issue - Section 11… Todd Herr