Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions

John Levine <johnl@taugh.com> Sat, 05 December 2020 20:56 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 806ED3A0D07 for <dmarc@ietfa.amsl.com>; Sat, 5 Dec 2020 12:56:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.851
X-Spam-Level:
X-Spam-Status: No, score=-1.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=gNX0GA1m; dkim=pass (2048-bit key) header.d=taugh.com header.b=bgTNBbET
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RQHCQ3HVFdZJ for <dmarc@ietfa.amsl.com>; Sat, 5 Dec 2020 12:56:11 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4D7C3A0D06 for <dmarc@ietf.org>; Sat, 5 Dec 2020 12:56:10 -0800 (PST)
Received: (qmail 73343 invoked from network); 5 Dec 2020 20:56:09 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=11e79.5fcbf3e9.k2012; bh=ZmN6SdkLVnnYMqYQw6/Copm+hFT9aeOWD30HbEmCmNA=; b=gNX0GA1ma6EQtAx39sL9zrtFqGP1E0cl/3FznPPuUIEaf9Krr3Xo7Am6hZ+Z5cWSADVUZ4uqxpLIC1QN8pkJVLJnw7LgY3boIly43WcUt6SSX6ml0Bt7GDK9HyckrDF6O86h41hjq8oKBGrpiiKKXGuXGMOhiueADbjrkVWmSKlIZzMZgfkG2o7/cM8SC55DF60MmFXQpmRFbTb7s36jmuhjmntWrG1NjQzLi/3HsvFqEUQG5NjHkap4OPqOY540VN7ujhGPnqAYpsWNfvj0ePSkixJZMc7iuXjNbFDwWkgG3cqD1WsIIc/rXVSb4pGUcJaWw1w/REFt+1FPRY29iQ==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=11e79.5fcbf3e9.k2012; bh=ZmN6SdkLVnnYMqYQw6/Copm+hFT9aeOWD30HbEmCmNA=; b=bgTNBbETCJlZMPV4ZHdf/aE/TcGOGJl6PY4G/TZC5LM87l842GeGD7icV3F0cW++Hy4+iMAhMFlW1k8YDFoLxybSahzUZtBLMpA9Ko4zh1H123mR0+rmKUplt5Uf94ZsncVsUrxGqzuXZ9UuNXOEZ2CmpXx7ul2lvhbEgB+5xSXC10C9I804eLbfWjRDLx2tP+AMVZkoEP3BqFup2J2os6qrPOswBeu/hHMo/1DqrynDcttEe7vLrofN0Mn9aGwLDzfz/7uwdhfxA6mnc6dsTR4NAFk6xXwoCFyT7nznLEz9P5oxd7q5KTt6X2fIKuNXa89dMtavy+/2nWqermlo9g==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 05 Dec 2020 20:56:08 -0000
Received: by ary.qy (Postfix, from userid 501) id 7AC122904381; Sat, 5 Dec 2020 15:56:07 -0500 (EST)
Date: 5 Dec 2020 15:56:07 -0500
Message-Id: <20201205205608.7AC122904381@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: mike@mtcc.com
In-Reply-To: <f1c434bf-e42f-6b70-0916-29c78280c551@mtcc.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/FwTzFUOoly4YtsccMExWFqxKrNg>
Subject: Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Dec 2020 20:56:12 -0000

In article <f1c434bf-e42f-6b70-0916-29c78280c551@mtcc.com> you write:
>> I dunno how special that case is, but there are lots of cases where mail passes
>> through multiple layers of ARC signing mutations.
>>
>> I routinely get mail from Microsoft's farm with an ARC seal or two
>> that has never been near a mailing list. Any time a MS user sends a
>> message to one of my lists, it'll emerge with at least two ARC
>> signatures.
>
>Getting multiple signatures from the originating domain doesn't hurt 
>anything. It's a little wasteful, but that's it.

a) The point of ARC seals is that the cv=pass in seal N tells you that
the signature in seal N-1 was good when the message arrived, so you
can do your filtering based on the state of the message each time it
was modified. DKIM doesn't do that.

2) Last week someone was complaining about the expense of the
signatures in ARC seals, now multiple signatures don't hurt anything.
While I agree with the latter sentiment, what changed?

R's,
John