IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC marketing

Jesse Thompson <jesse.thompson@wisc.edu> Tue, 28 July 2020 16:37 UTC

Return-Path: <jesse.thompson@wisc.edu>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 047DF3A0EA1 for <dmarc@ietfa.amsl.com>; Tue, 28 Jul 2020 09:37:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wisc.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kz53qCpaZbxt for <dmarc@ietfa.amsl.com>; Tue, 28 Jul 2020 09:37:39 -0700 (PDT)
Received: from wmauth3.doit.wisc.edu (wmauth3.doit.wisc.edu [144.92.197.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD9C73A0E85 for <dmarc@ietf.org>; Tue, 28 Jul 2020 09:37:39 -0700 (PDT)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2174.outbound.protection.outlook.com [104.47.55.174]) by smtpauth3.wiscmail.wisc.edu (Oracle Communications Messaging Server 8.0.2.4.20190812 64bit (built Aug 12 2019)) with ESMTPS id <0QE600L7UU6PUHA0@smtpauth3.wiscmail.wisc.edu> for dmarc@ietf.org; Tue, 28 Jul 2020 11:37:38 -0500 (CDT)
X-Wisc-Env-From-B64: amVzc2UudGhvbXBzb25Ad2lzYy5lZHU=
X-Spam-PmxInfo: Server=avs-3, Version=6.4.7.2805085, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2020.7.28.163017, AntiVirus-Engine: 5.75.0, AntiVirus-Data: 2020.7.23.5750001, SenderIP=[104.47.55.174]
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TeKeWG75qHZNdC8rMT9VpqBqJ7gOLVaL80JvQUaJhn06eBXmF2ChUyJgl3IQrBBqST08eh16qAXMoW7JxBJrl1vluSVdz/9NQQTyToY5DSleAiuI0rpVFhrqCKjk03TCTLFzJadhaxuta6poPU7q68xurqJad9++qQ+wyITIR5QkBFYaKHd9sj7702nH87pS5ltYZRlhmUTXbd2O2rRbn4w+lW3gJN5bcAUoJD2KWkbQfvgRYl5i8ieF5TFPx+t6G0xZdA25S3A8Lq+7jfKilnQdZs2Ai9qk8zZ0LpD7yJVv+jor48ZYmOYAg5t3wES4P4hf1XThPGNOBP3Dp54T6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5BA5QwvvmDhV6iql0OCoHCukxQdr4UL6h/B8fqVMvSs=; b=mjrsO0RddvMkCxy9uqIB60HzX5e1Nc7FjxTNP/n4wrS7XR6a17sF7qheKszf6GPRiKbWDH7ly3MRxgMj7tiHj7PjOQxkEhwJEWDNS3Ir7pBPQDa5U3LBLBhw/k98EWmCN7Zynjx6hsjlhkGUu5AzhPIyiGxGfwCIw4wPVeiqSKAxf26fAQ5fc2xqpmr+MBKAFAaFg+a+3CoNYipH563akT4F3KlVZ0qveRkYCRe/NxypihUdvEBQ9p3TF6lg1etUcoDTrxAVSrbJ99hiLzLEXY1cARVczBHd8BcLpX202XiLjhBNbcXrTVrZhxFgJ9yEobcqtTyV+RfMAklqRBuBdg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=wisc.edu; dmarc=pass action=none header.from=wisc.edu; dkim=pass header.d=wisc.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wisc.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5BA5QwvvmDhV6iql0OCoHCukxQdr4UL6h/B8fqVMvSs=; b=gdrVfcvR/OLiZ4jLb7lTxbKkikw1pf1n+vCgsNnorfwdYeH68ZnP3fBZyTeFt2L5h0bc3XhDeWpZaUAxkiTfuKQBYU+d208Bo4CojPKnJRj01RFdZBnltZDRBY2crrWrNFJofdoF9adW4Ty3pl4k4AmvuiKRXrIkRrx55ZfSFKQ=
Received: from DM5PR0601MB3671.namprd06.prod.outlook.com (2603:10b6:4:7b::16) by DM6PR06MB5849.namprd06.prod.outlook.com (2603:10b6:5:1a5::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.20; Tue, 28 Jul 2020 16:37:37 +0000
Received: from DM5PR0601MB3671.namprd06.prod.outlook.com ([fe80::a92c:9a15:1bb0:4bfa]) by DM5PR0601MB3671.namprd06.prod.outlook.com ([fe80::a92c:9a15:1bb0:4bfa%7]) with mapi id 15.20.3216.033; Tue, 28 Jul 2020 16:37:37 +0000
To: dmarc@ietf.org
References: <bf5b68c74a3c487ca8a07a0a27061e47@com> <87zh7ur069.fsf@orion.amorsen.dk> <3829fac4748a48d0b752403450843bd5@bayviewphysicians.com> <c9353a06-ab31-c397-449e-7d36afbf655d@wisc.edu> <c2ad22cd-8b35-733f-bc4c-839e2c4b3e98@dcrocker.net> <5F172EF5.7000508@isdg.net> <CAMSGcLAKowXYir-ueOaWxuPcESmCAQEW5OqeZmu0kq2Cpvxqtg@mail.gmail.com> <4c514db5-3f52-0e26-10dc-b7ed849da8d9@bluepopcorn.net>
From: Jesse Thompson <jesse.thompson@wisc.edu>
Message-id: <369ea706-1f0d-2214-29b3-75ad9e6b5055@wisc.edu>
Date: Tue, 28 Jul 2020 11:37:35 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Thunderbird/80.0a1
In-reply-to: <4c514db5-3f52-0e26-10dc-b7ed849da8d9@bluepopcorn.net>
Content-type: text/plain; charset="utf-8"
Content-language: en-US
Content-transfer-encoding: base64
X-ClientProxiedBy: CH2PR17CA0005.namprd17.prod.outlook.com (2603:10b6:610:53::15) To DM5PR0601MB3671.namprd06.prod.outlook.com (2603:10b6:4:7b::16)
MIME-version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [146.151.213.183] (146.151.213.183) by CH2PR17CA0005.namprd17.prod.outlook.com (2603:10b6:610:53::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.21 via Frontend Transport; Tue, 28 Jul 2020 16:37:36 +0000
X-Originating-IP: [146.151.213.183]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 3a3681c7-926f-48b9-87d8-08d83314896a
X-MS-TrafficTypeDiagnostic: DM6PR06MB5849:
X-Microsoft-Antispam-PRVS: <DM6PR06MB58490C60E670B6C7F24C107DF6730@DM6PR06MB5849.namprd06.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: dkvMAZOd31ZJv4tF3iUkn+kgb4mRIpWrvyqNc181WjiXyucNX/0GjiEQKhPktfQGUx2qV+G4xJQwa5H8aXW/uXVGeAoHQ3lBJ+Nsz04CWhzyxiT4PcAnRfLuIp+EzD9GnOuA3u/eKlAyTbCXsZjDKxqFGHCmm5HmH8zHo9lEqWBlxlpGmHTDc6BeoQo5EfDMthdyIz42/C5/I4Ey5ZH/eOGScmidOIb5NK8XoE+7ieIT9W42MkSJ5iYrmSUrut+k6WTe0Ivj1Rto/ZppRsdxWr0r5OM94Z4e/pb8m2uL2YdQD0Rpez6TVezsBdeZgJyUiuKBcsqeEvc6ctZT+N+mN4UQlSL7mWpjzUNQtXdhmRBADs+tjqhaXUglpXeY8zxumQy/y66Gh3TQLMusothxxlbzM+q5VqEbrxGZXBdormk=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR0601MB3671.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(39860400002)(346002)(376002)(366004)(136003)(396003)(2906002)(66946007)(66476007)(66556008)(6486002)(478600001)(26005)(6916009)(6706004)(16576012)(2616005)(8936002)(786003)(45080400002)(956004)(36756003)(186003)(16526019)(316002)(5660300002)(8676002)(53546011)(75432002)(83380400001)(31686004)(86362001)(31696002)(44832011)(3940600001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: xUCt/gPn5fy9l703uG5CI08FCxNSYn3WzbgRCyfFuoZKIL9E3eO8ObZUAdu+AH/PnFzVWWGbA5YIX9G0K9liTkIG9J54Wh0HutRaJmllSHNTvugB2aRtTZeFYcjmkqFWAR3htHw0zuE5yNeZkYqPP0s7JT9x65hpFw6Xcc2KgRoL3iZne/Dnvw8FUkChbE5E52CP2z2MkJiUKuZ+MCMx3Rm73nq6/JfyOt0DjTo76EkqcNVnGaWoSomnFJ6RXj4A30ORJmIKzkihmQYlKqaNqxsEAKIg6oC8fnUOj3xc9IKUq9SORopWqDY3RWIjWpIpnKficvrAYplUiMo+Iz+/5rK/yp4jHNRo5RGpBd+uQ0Gm0hCUVFvV/z4wZhPCuUkopppNhAu/GsCFf+lWrajnEGyXkdc21l/imzwoOPQsQDhmrfXAteOd/RENPH4pWG44XYUH3cv/VAXreScpV3sfFQzz7akEITZSuZlnpurFzphlZWpGzi8yu2xHMlQWiMGg
X-OriginatorOrg: wisc.edu
X-MS-Exchange-CrossTenant-Network-Message-Id: 3a3681c7-926f-48b9-87d8-08d83314896a
X-MS-Exchange-CrossTenant-AuthSource: DM5PR0601MB3671.namprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jul 2020 16:37:37.2416 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 2ca68321-0eda-4908-88b2-424a8cb4b0f9
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: dubnn7vcM1I3NAx42urzn88+ZDk/NvodWFX3ytvTONUuZt2wUxxj+GjNMMlTr9eaZbZo3gu2IPYvGkKmIu3cAQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR06MB5849
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/IXRnzjEllevXgk0Dii8lDGavW90>
Subject: Re: [dmarc-ietf] DMARC marketing
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 16:37:42 -0000

On 7/22/20 5:55 PM, Jim Fenton wrote:
> These get to the heart of the problem: DMARC policy was designed for
> official mail that is about business transactions. If that was the way
> it is actually used, we wouldn't be having this problem. But it was
> oversold, and it is being used in use cases (like on domains that have
> mailing list users) that were not intended. 

Yes.  The cybersecurity IT community (at least, in Hi-Ed) largely don't know much about email's technical nuances.  But they they know that email phishing is a problem, and CISOs demand a solution.  They have their information sharing communities (ISACs), where email specialists are generally not included, to share knowledge and continue grasping for solutions to phishing.  Enter DMARC marketing: phishing is a spoofing problem and you're vulnerable unless you protect your domain with DMARC.  Cybersecurity IT tend to see things like DMARC as a checkbox towards compliance.  Once that box is checked (varying definitions) == job complete (email specialists are left to clean up the mess).  Since DMARC was ostensibly invented by the email community, there's not much room for local email specialists to convey that it's not a complete solution for phishing, and may not be worth implementing on domains used by end-users.  Momentum suggests that it's easier to just join the bandwagon, move forward with DMARC for every domain (to take advantage of the benefits it offers), and hope that Intermediaries can find a solution.


> I'm not convinced that this is a problem that has a satisfactory technical solution.

I think there may be technical and non-technical techniques that can be pieced together to arrive at a satisfactory solution, depending on the individual/evolving circumstances.  What's lacking is clear guidance for Intermediaries; both for people who provide software/platforms, and for those installing and configuring them.  What is the best avenue for providing guidance?

I mean, this isn't just a problem for MLMs.  Office 365 utterly fails at mailbox-level forwarding in a DMARC friendly fashion.  Their latest announcement to tenant admins suggest that they're more likely to coerce their customers' end-users users to stop forwarding via SMTP altogether.  Maybe that's the only generic solution for that type of Intermediary (whereby ARC might be an alternative solution to forwarding between trusted institutions).  Is it satisfactory?  Not to end-users who want to forward their email.  

Maybe the conclusion is that SMTP isn't even appropriate for many types of forwarding anymore, but rather pull-based OAuth solutions are more sustainable.  This solution is increasingly compatible with the mailbox hosting platforms, but isn't widely implemented by the receiving end of the equation.  Is there any point in recommending something like that as a solution as a way to move the industry in that direction?  

Or does something like this just tend to sort itself out?

Jesse

v2.23.0 | Report a Bug | By Email