Re: [dmarc-ietf] From: munging, was Ratchets - Disallow PCT 1-99

Alessandro Vesely <vesely@tana.it> Mon, 26 July 2021 08:38 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1170A3A2109 for <dmarc@ietfa.amsl.com>; Mon, 26 Jul 2021 01:38:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SmQPfHuGSgGc for <dmarc@ietfa.amsl.com>; Mon, 26 Jul 2021 01:38:05 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22A703A1C10 for <dmarc@ietf.org>; Mon, 26 Jul 2021 01:38:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1627288680; bh=fa96hHyJbCrZKF7f3Mt8Yj2RLiYZAWO+oXpZvcFeN78=; l=1593; h=To:Cc:References:From:Date:In-Reply-To; b=AJqg38uu+mYD9MGoAbbwFu4/LznfmkWiN44ovI8cLIeoALh307vSZ6+Ki/5dM1iRc z/xhRcYmAPnhCVkw1tyDTXjjvpIJ1p4YFXXuzac19uUWSZoSBvzg1UXqisFJv/Kghr WkotBFMbpQI6r594WkW1e32aZe3+3+CVX66h7GXk1ZYu4SGigtD1dSp0utb9C
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Original-Cc: IETF DMARC WG <dmarc@ietf.org>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC008.0000000060FE7468.00003DE7; Mon, 26 Jul 2021 10:38:00 +0200
To: Douglas Foster <dougfoster.emailstandards@gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
References: <20210722185106.15C9F24DEDF0@ary.qy> <8b90752d-d4ea-e242-4c59-1b340f9bc400@tana.it> <88e9cce0-5510-7818-275-525ab5fc97ff@taugh.com> <128283c2-2607-ecf1-b261-3839a52383e1@tana.it> <324e6035bd8909039f0d16242a2f403f@junc.eu> <74841b3d-29e6-d54f-47b8-652a2f1eb5b9@tana.it> <CAH48ZfxHe6GGGvuv6qkOvyVz3xhemdFK5MDNBo9zCsoGjx-VHQ@mail.gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <51862153-274c-09df-4690-983470a30131@tana.it>
Date: Mon, 26 Jul 2021 10:38:00 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <CAH48ZfxHe6GGGvuv6qkOvyVz3xhemdFK5MDNBo9zCsoGjx-VHQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/GGnYQzThFEN21HLNFs4GuqmhP3Q>
Subject: Re: [dmarc-ietf] From: munging, was Ratchets - Disallow PCT 1-99
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jul 2021 08:38:10 -0000

On Sun 25/Jul/2021 19:28:12 +0200 Douglas Foster wrote:
>     Ale said:
> 
>> "ARC is not a part of DMARC, despite the acronym being a substring."
> 
> Is this really true?  Some time ago, the chairs said that ARC was the candidate 
> solution to the mailing list problem, and that DMARCbis would not fly without a 
> mailing list solution.


The mailing list solution that seems to be emerging is From: munging.  There 
are other possibilities, see Section 4.1.3.3 of rfc7960.  A MLM needs to adopt 
a solution that works for all subscribers, not only for the ones whose 
receivers implement DKIM or some other solution-specific protocol.

There are several ways to munge From: in order to minimize end-user 
inconveniences.  Among these, there are cooperative methods that allow 
receivers to unmunge From: on delivery.  The MLM munges From:, which works for 
all, but some of the receivers restore the original From: value based on 
additional authentication techniques.  ARC is one such technique.  MLM 
transformation reversion is another one.

Are such additional authentication techniques, that help repairing DMARC 
damage, themselves part of DMARC?  In a proper sense they're not, in some other 
sense however they have to be.  For example, for questions concerning DMARC 
reports:

* It has been established that ARC data is part of aggregate reports, but it's 
not clear what data is to be included in which reports.

* In what cases should results of MLM transformation reversion be included in 
the aggregate reports destined to the original author domain?


Best
Ale
--