IETF Logo Mail Archive

Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal

John Levine <johnl@taugh.com> Mon, 26 June 2023 18:56 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69B88C14CEFF for <dmarc@ietfa.amsl.com>; Mon, 26 Jun 2023 11:56:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.147
X-Spam-Level:
X-Spam-Status: No, score=-4.147 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="EouRKkZK"; dkim=pass (2048-bit key) header.d=taugh.com header.b="U3DOiUKh"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qq-BPYzSuPGZ for <dmarc@ietfa.amsl.com>; Mon, 26 Jun 2023 11:56:44 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9750FC14EB17 for <dmarc@ietf.org>; Mon, 26 Jun 2023 11:56:44 -0700 (PDT)
Received: (qmail 17209 invoked from network); 26 Jun 2023 18:56:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=4337.6499df6a.k2306; bh=XZB6MMTkdSyDAMhRQiwa79dUPTt4GzGZ970hs4Rjm5c=; b=EouRKkZKqsiuo6q6uCpNqcb2xY/LPe0iSlNOgglUn5ZqolhlqQ29UiM1OPpeRfj3zAhDBu63Jh98FVU7VpPUsDHp5dFPMaRSC6Yr10CBByyKVcsbrnAB4p4O8hDJ4lBR7Sf+yVkBCK/hHt75bTHnep+rlvMl+1McxUvAn/ywOeQk5JI4YkjnkM5sMDxF0RMuzEIOX/FYFlEzA2ZceQ4kBOL8rP5VD/jfj24hcRXJhOZpaTN9ye/UoJRIDMZ7BIwBRKhvhKpc7OtG1ZPf4lJtrRIzIYAKN5XJsNDKTLCbWaGvkmTl0AMRDN3lEmzM5PKWeulg18nBrhZdTQDd2IOoYQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=4337.6499df6a.k2306; bh=XZB6MMTkdSyDAMhRQiwa79dUPTt4GzGZ970hs4Rjm5c=; b=U3DOiUKhiX0323MKRG9xx2kzXNqED39/3MrHyXfwn+8TtzFh/fS+HfFwnca8183C1Bf7Abo6MnWZP1lG3/VTEw6WkQUiIqtarQAc5ierlMHpmkep/JKBozsCEiAc/vDb2YG9eZtMdUwDZSKEJ6LHAGTH3xAe1bkPP9mozaY9pdvI/wrUttzCoyQGxnB34Z2mYy0k+KwsiiiHIdt3fFfMYRMB4Spt+6Oa6KN0KCbXAxJTZ0cef/mcIJXMPBQQVHxSvSFVekz+4XZXgbBS1giMJVYeIknra56hRAQbiKyA8JZRxzswrYpJn6W8ChPjatBpbYT5QNOOZCIkFQWAOfT0dA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 26 Jun 2023 18:56:41 -0000
Received: by ary.qy (Postfix, from userid 501) id 33FD5FCAE5CD; Mon, 26 Jun 2023 14:56:41 -0400 (EDT)
Date: Mon, 26 Jun 2023 14:56:41 -0400
Message-Id: <20230626185641.33FD5FCAE5CD@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: barryleiba@computer.org
In-Reply-To: <CALaySJ+gjR6D-OSE_07iSH2zXa7wypUQwPN1cL-1s+NC2S4L8g@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/IhcO8tkIh3vPBFoRrCaqSvO-AAY>
Subject: Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2023 18:56:49 -0000

It appears that Barry Leiba  <barryleiba@computer.org> said:
>I'm saying I don't want "and" to be an option, because I think it's
>damaging to DMARC.  There is no reason anyone should ever want to say
>that, and providing the option asks for misconfigurations because
>people think it's somehow "more secure".  It's not more secure.  It
>would be very bad for deliverability of legitimate mail and would
>provide no additional security.  It would be a terrible mistake.

What he said.  The group that invented DMARC thought about using
both and specifically rejected it.  I see no reason to believe
they were wrong.  (If someone's going to say that using both fixes
DKIM replay, it really doesn't and it still has all the other problems.)

It's still not clear how we would know whether anyone was paying
attention to the "SPF only" flag, but since I don't think it's useful,
I'm not worrying about it.

R's,
John

v2.23.0 | Report a Bug | By Email