IETF Logo Mail Archive

Re: [dmarc-ietf] There is no pony, Overall last-call comments on DMARC

"John R. Levine" <johnl@iecc.com> Thu, 04 April 2024 20:32 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AEB1C151082 for <dmarc@ietfa.amsl.com>; Thu, 4 Apr 2024 13:32:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0AEjlHLiwrBi for <dmarc@ietfa.amsl.com>; Thu, 4 Apr 2024 13:32:03 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA7F4C14F721 for <dmarc@ietf.org>; Thu, 4 Apr 2024 13:32:02 -0700 (PDT)
Received: (qmail 34156 invoked from network); 4 Apr 2024 20:32:00 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding; s=856a660f0e40.k2404; bh=CXEe40LnlAFiOupE9Xop5mkpcwmieRLjm3fHxQFgohU=; b=3YgufsR1mKTRP/XVbJ35lRYEFpTRwgiZN0BZjGaEjw1+ovsaJCNg2t7CdEQ8jhTJc97Ki2dkF4jQrH/xth8LI4Uq65jajnhK2iPoLOqtNEcEmsLiO+F3bloju9vExaaoQhIE5kXM0cLxudJ3GlibF18z7Ev1LZYiPx3U32CjT6f0/bY2Vo9WBzdynYoQRUYqYHCsjx6RyJryCH4I9jHVQtuQzKrqnEK/IrmTWRLU8x1wQBkwvBJO97il8UPnIPZSWmDyEw9n871F5XT5TnM5EN7ONwoEqYz70iar/ZCnET6YvUulScuigvmE1IgvUR3dJ+4xHtsVqix3vjHwp4Z3jg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 04 Apr 2024 20:31:59 -0000
Received: by ary.qy (Postfix, from userid 501) id 65AB886E4551; Thu, 4 Apr 2024 16:31:59 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id 3793786E4533; Thu, 4 Apr 2024 16:31:59 -0400 (EDT)
Date: Thu, 04 Apr 2024 16:31:59 -0400
Message-ID: <4690f524-73a4-a549-12c5-a0744ccf2c94@iecc.com>
From: "John R. Levine" <johnl@iecc.com>
To: Jim Fenton <fenton@bluepopcorn.net>
Cc: IETF DMARC WG <dmarc@ietf.org>
X-X-Sender: johnl@ary.qy
In-Reply-To: <80DC41F0-7AF9-4C08-9374-37626FCA2BB3@bluepopcorn.net>
References: <CFEA2796-9213-4847-836B-81E8770973F5@bluepopcorn.net> <5208da1b-ecfb-4d41-8506-a734a27ab3a0@tana.it> <CAL0qLwbnSe77Wdt+M8bi2pBmZFCZjDUQc6je9bjCzP5TQ0N6XA@mail.gmail.com> <49859572-18a4-483b-bb99-62c1c231896e@tana.it> <CAL0qLwZc6idmMra11pVx2bbtk2Em9-vy6+962M7jDWOMnP+UHQ@mail.gmail.com> <1ee6df39-a622-4060-83db-bcc9a7a835d4@tana.it> <CAL0qLwYX_D7S_-Vn9RwwRzwyNO=8=3UVqbP8rz3SCWG4dvGZig@mail.gmail.com> <f5f55a39-127d-4a84-a66b-950379ecb013@tana.it> <CAL0qLwZzfnDA=7bwCu26S1SJPEE3hBq929674hH6naKXWuyh5g@mail.gmail.com> <ebf343ed-ee60-47b0-a02f-8518a8369bb0@tana.it> <CAL0qLwagtzjYYJmyyGpMeMTtKLtYyk_JjagkXGtscvN61kSDbw@mail.gmail.com> <CAH48ZfyKE6n2Q_GfW8oZv9y=MxOBV8sRPPMPV8akHdu6W_jn1A@mail.gmail.com> <CAL0qLwbt7A-9dUGphs5KLUhygYEd+4aY4Jr10efKpHZXAqMfmA@mail.gmail.com> <CAJ4XoYc5HYHE0EGhFw9jef3JXPQ5HKdUoZf8RD+YqzepHsWFmA@mail.gmail.com> <CAL0qLwbUzscPbk1mGj-c9fPYtMu+0VmMOm1KR4sGOrY6xapCCA@mail.gmail.com> <80DC41F0-7AF9-4C08-9374-37626FCA2BB3@bluepopcorn.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/GMMNSmNYHVSorxd4OAyxZOOSh0Q>
Subject: Re: [dmarc-ietf] There is no pony, Overall last-call comments on DMARC
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 20:32:07 -0000

> I don’t think it’s scope creep at all. The WG charter puts “Review and refinement of the DMARC specification” in phase III, after “Specification of DMARC improvements to support indirect mail flows”. It seems clear to me that standards-track DMARC needs to incorporate those improvements.
>
> IESG accepted ARC as an improvement to support indirect mail flows, and I think a complete solution needs to incorporate that. I wish there were better data to support advancing ARC to standards track, and not just from Google (it has to work for smaller players as well).
>
> But I am troubled by the possibility that ARC might require domain reputation to avoid ARC header fields supporting From address spoofing. One reason it might work for Google is because they’re big enough to derive their own domain reputation. We’ve not had success with domain reputation at internet scale.

No might about it -- ARC is only useful with domain reputation. Of course, 
DKIM is only useful with domain reputation, as were Domainkeys and IIM, so 
I don't see why it's a problem now.

We've been going around and around for years now.  DMARC works pretty well 
for direct mail flows, so-so for simple indirect flows (forwarders) and 
really badly for mediated indirect flows (mailing lists.)  There is 
nothing better than ARC to mitigate those problems and this WG certainly 
isn't going to invent anything now.  I agree that at this point we don't 
have enough evidence to advance ARC, so we can punt the question of what 
or when to do with it to MAILMAINT or something.

Our choices are to say here's what DMARC does, it has these problems, 
here's how to use it for the situations where it works, here's how to sort 
of mitigate the ones where it doesn't.  Or we can stamp our feet and say 
DMARC is BAD and we will not endorse it and NOBODY should use it, and the 
rest of the mail world will say isn't that cute, the IETF is having a 
tantrum.

R's,
John

v2.23.0 | Report a Bug | By Email