IETF Logo Mail Archive

Re: [dmarc-ietf] There is no pony, Overall last-call comments on DMARC

Hector Santos <hsantos@isdg.net> Thu, 04 April 2024 21:14 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ACCAC14F6EC for <dmarc@ietfa.amsl.com>; Thu, 4 Apr 2024 14:14:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, PDS_OTHER_BAD_TLD=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b="a2Roadqi"; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b="NE8VqQ8A"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SfqLCxza3Ski for <dmarc@ietfa.amsl.com>; Thu, 4 Apr 2024 14:14:39 -0700 (PDT)
Received: from mail.winserver.com (mail.winserver.com [3.137.120.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AA77C14F61F for <dmarc@ietf.org>; Thu, 4 Apr 2024 14:14:39 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha256; c=simple/relaxed; l=9024; t=1712265273; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:From:Message-Id:Subject: Date:To:Organization:List-ID; bh=ArBl/HkRStpCXQQPMTw290U00ZvHbX0 9NmsapiS7uO4=; b=a2RoadqiORzKThavYlWHtFsYGMzx3yqazJx8c8pzY6f079z 8yKfRxhOd4PtnVJXuOjYblyMfCT+DvYOTjVjm4H03pfCB6tJUCMyOS7+ryaOyvdS ruXVs8dyhofM/vTz+mmZ117E/HanCP3ku64aHrK6vp0g/cJuwsjtBRqKPuMQ=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.14) for dmarc@ietf.org; Thu, 04 Apr 2024 17:14:33 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=none author.d=isdg.net signer.d=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([3.132.92.116]) by winserver.com (Wildcat! SMTP v8.0.454.14) with ESMTP id 2592625291.1.4532; Thu, 04 Apr 2024 17:14:31 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=9024; t=1712265266; h=Received:Received:From: Message-Id:Subject:Date:To:Organization:List-ID; bh=ArBl/HkRStpC XQQPMTw290U00ZvHbX09NmsapiS7uO4=; b=NE8VqQ8A5p+FGhdWwVhrg1214QFy Mfae1FMlWLPOQ6+hBvtfiaIXZkdXwFqWjouPQ/HbtvZ7iQJXc+7dgjzkMAuaO8dK i0e3Pjb86PW+q05fNJ0Az35/kk8GmdZ45/D6YYLwsa+oIZ1BNL3fRyIjld/wBQ1b ZMsFSneG49aHNzU=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.12) for dmarc@ietf.org; Thu, 04 Apr 2024 17:14:26 -0400
Received: from smtpclient.apple ([99.122.210.89]) by beta.winserver.com (Wildcat! SMTP v8.0.454.12) with ESMTP id 3038883869.1.8552; Thu, 04 Apr 2024 17:14:25 -0400
From: Hector Santos <hsantos@isdg.net>
Message-Id: <071E6716-FE79-42A9-88E1-34FDE61F5EFC@isdg.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B03A5F76-9F13-4D84-A743-9D13C65F2293"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
Date: Thu, 04 Apr 2024 17:14:14 -0400
In-Reply-To: <FCABED32-40FB-4BD7-AC53-718D10685F71@bluepopcorn.net>
Cc: "John R. Levine" <johnl@iecc.com>, IETF DMARC WG <dmarc@ietf.org>
To: Jim Fenton <fenton@bluepopcorn.net>
References: <CFEA2796-9213-4847-836B-81E8770973F5@bluepopcorn.net> <5208da1b-ecfb-4d41-8506-a734a27ab3a0@tana.it> <CAL0qLwbnSe77Wdt+M8bi2pBmZFCZjDUQc6je9bjCzP5TQ0N6XA@mail.gmail.com> <49859572-18a4-483b-bb99-62c1c231896e@tana.it> <CAL0qLwZc6idmMra11pVx2bbtk2Em9-vy6+962M7jDWOMnP+UHQ@mail.gmail.com> <1ee6df39-a622-4060-83db-bcc9a7a835d4@tana.it> <CAL0qLwYX_D7S_-Vn9RwwRzwyNO=8=3UVqbP8rz3SCWG4dvGZig@mail.gmail.com> <f5f55a39-127d-4a84-a66b-950379ecb013@tana.it> <CAL0qLwZzfnDA=7bwCu26S1SJPEE3hBq929674hH6naKXWuyh5g@mail.gmail.com> <ebf343ed-ee60-47b0-a02f-8518a8369bb0@tana.it> <CAL0qLwagtzjYYJmyyGpMeMTtKLtYyk_JjagkXGtscvN61kSDbw@mail.gmail.com> <CAH48ZfyKE6n2Q_GfW8oZv9y=MxOBV8sRPPMPV8akHdu6W_jn1A@mail.gmail.com> <CAL0qLwbt7A-9dUGphs5KLUhygYEd+4aY4Jr10efKpHZXAqMfmA@mail.gmail.com> <CAJ4XoYc5HYHE0EGhFw9jef3JXPQ5HKdUoZf8RD+YqzepHsWFmA@mail.gmail.com> <CAL0qLwbUzscPbk1mGj-c9fPYtMu+0VmMOm1KR4sGOrY6xapCCA@mail.gmail.com> <80DC41F0-7AF9-4C08-9374-37626FCA2BB3@bluepopcorn.net> <4690f524-73a4-a549-12c5-a0744ccf2c94@iecc.com> <FCABED32-40FB-4BD7-AC53-718D10685F71@bluepopcorn.net>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/HU4EaN9pWZorGnLw0J_wzbM5U4E>
Subject: Re: [dmarc-ietf] There is no pony, Overall last-call comments on DMARC
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 21:14:44 -0000

My overall assessment as an early adopter and implementation:

<implementator.review>

DMARC SHOULD NOT be declared a Standard Track document.  We still have the potential to develop a sound 1st, 3rd party DKIM Policy model. Declaring DMARCBis a STD will only hamper future development.  Keep it experimental or informational. DMARC/Bis has represented a big IETF “Elephant In The Room” change in allowing External 3rd Party Organizations to put barriers of entry to correct the IETF protocol development.. 

Change is needed.  DMARCBis is not it. Is there is an Update Document minus the subjectives considerations.   It has been a fair process but a very high hurdle to correct a serious IETF protocol problem.

</implementator.review>

All the best,
Hector Santos



> On Apr 4, 2024, at 4:47 PM, Jim Fenton <fenton@bluepopcorn.net> wrote:
> 
> On 4 Apr 2024, at 13:31, John R. Levine wrote:
> 
>>> I don’t think it’s scope creep at all. The WG charter puts “Review and refinement of the DMARC specification” in phase III, after “Specification of DMARC improvements to support indirect mail flows”. It seems clear to me that standards-track DMARC needs to incorporate those improvements.
>>> 
>>> IESG accepted ARC as an improvement to support indirect mail flows, and I think a complete solution needs to incorporate that. I wish there were better data to support advancing ARC to standards track, and not just from Google (it has to work for smaller players as well).
>>> 
>>> But I am troubled by the possibility that ARC might require domain reputation to avoid ARC header fields supporting From address spoofing. One reason it might work for Google is because they’re big enough to derive their own domain reputation. We’ve not had success with domain reputation at internet scale.
>> 
>> No might about it -- ARC is only useful with domain reputation. Of course, DKIM is only useful with domain reputation, as were Domainkeys and IIM, so I don't see why it's a problem now.
> 
> Much of the objective of DomainKeys/IIM/DKIM was to provide a reliable domain identifier that could be used by a reputation system. They avoided saying that they were doing anything about spam and phishing. OTOH, DMARC is explicitly saying that it’s there to do something about phishing.
> 
>> We've been going around and around for years now.  DMARC works pretty well for direct mail flows, so-so for simple indirect flows (forwarders) and really badly for mediated indirect flows (mailing lists.)  There is nothing better than ARC to mitigate those problems and this WG certainly isn't going to invent anything now.  I agree that at this point we don't have enough evidence to advance ARC, so we can punt the question of what or when to do with it to MAILMAINT or something.
>> 
>> Our choices are to say here's what DMARC does, it has these problems, here's how to use it for the situations where it works, here's how to sort of mitigate the ones where it doesn't.  Or we can stamp our feet and say DMARC is BAD and we will not endorse it and NOBODY should use it, and the rest of the mail world will say isn't that cute, the IETF is having a tantrum.
> 
> Or we can say that it’s not ready for standards track yet. The only time I can think of in this space that we have stamped our feet and said something is BAD was with ADSP. But I am troubled by the mandatory requirements imposed by organizations citing an informational RFC, RFC 7489. It makes it seem like standards track doesn’t mean as much as it should.
> 
> -Jim
> 
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email