IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

Brandon Long <blong@google.com> Fri, 21 August 2020 21:18 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C962E3A1297 for <dmarc@ietfa.amsl.com>; Fri, 21 Aug 2020 14:18:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v-YZ_QHDJ0df for <dmarc@ietfa.amsl.com>; Fri, 21 Aug 2020 14:18:26 -0700 (PDT)
Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A33523A1294 for <dmarc@ietf.org>; Fri, 21 Aug 2020 14:18:26 -0700 (PDT)
Received: by mail-il1-x12c.google.com with SMTP id j9so2551647ilc.11 for <dmarc@ietf.org>; Fri, 21 Aug 2020 14:18:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=40cTUI5qy/btFmoDTwoY3bH8fyFTJs+WGE3sUVMAgdM=; b=u9T3uCkdLdoaLFZRw1m2UrBgyXfSA3hGOI6VXMqdjuwXQ1H/rciio7eZQ+z3dHPpy6 EOqYe8WffDwamP9Ef+e8TOe7zWM73CwcbBKwhES2HqCdrbZStBNekO51dGh3X+tqxUaJ 1zC3zRBvks6QY/d68rJ4NXfjvg5YqoFDKLVpar0cN28PGoorGiLoecY8z1ubN4+DFgus B1Y94JXt+LybRHbrOHBjgppb/endJmNfAvSj3QcPbi0wfkiJyViYKazu3P7m/L7SYL6v Jor5thtrIhwgddvUPv0LTf7lOZ6OZTfxrMw0w9JDUkPKwPrugjwpFYLdBC5QVZS5iiX1 2Zig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=40cTUI5qy/btFmoDTwoY3bH8fyFTJs+WGE3sUVMAgdM=; b=lCjxk8RL8K3CqE6Yx6XkcjX/HlTpRpOozURxs2oJ3cNh8Sn+nkrlENcHi5y4xPMJ82 RgqVv2ocZO0C9uietAnbPKejfKlN1yVIC5LoN5DY1/51edHJ6LKpDAl3UT802zrF6kpN Ua9VdESFY4I4FSnCRoom1LgqNcE9pk5n2eawVW/tHAMozU3gKX1K39nBjyP42AMcTb21 hyzXMdboVWeGI+S5/xQYxA7H7KkaWSDlAnruiuxfFfJBQwf687g7f7oA3UW+J5XS/ks2 Em4eB36yWnxDn3m/pInKoikmtok4CBE4CKwNbiQDJrsShgHZAKLAom5o4VAqLyIycETq swXw==
X-Gm-Message-State: AOAM531Wq7v5e950qFQmT0zxNeEpGzCwcPQI8LBiRBo2XliLwa4gelFB fdSoaT4x0QUhIDorg2OF2faVAlM+/D0PuTJzzE6FKtkEV/3O
X-Google-Smtp-Source: ABdhPJyEFE1VI+6XlTA3tGlTR+q28FlMOlOPBaaXiCWTnRVVDHPPqtNm9ygXDsYrUX/KVDRojHmMpoZ3pOvVQvwfvQ4=
X-Received: by 2002:a92:1fd9:: with SMTP id f86mr4100673ilf.250.1598044705574; Fri, 21 Aug 2020 14:18:25 -0700 (PDT)
MIME-Version: 1.0
References: <20200815225306.967CC1E9E41D@ary.local> <c1679087-6c6e-7147-fea5-b4513f2c060c@bluepopcorn.net>
In-Reply-To: <c1679087-6c6e-7147-fea5-b4513f2c060c@bluepopcorn.net>
From: Brandon Long <blong@google.com>
Date: Fri, 21 Aug 2020 14:18:09 -0700
Message-ID: <CABa8R6tz=HSbDCSwVZveyXuinQbKs_qmXUDjBqL_uTWvwdKbjQ@mail.gmail.com>
To: Jim Fenton <fenton@bluepopcorn.net>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000038e5205ad69c7f0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/JOGOySYneQm7Hb8L1QP5VIGUqCE>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Aug 2020 21:18:29 -0000

I think the DMARC RFC does a good job explaining why DMARC is better than
ADSP, even if the same mailing list issue is still there:
https://tools.ietf.org/html/rfc7489#appendix-A.5

And if you read the archives on the move to historic for adsp, there were
others then who objected to the reason put in the historic move as
likely as affecting the replacement .  Given the success of the
replacement, it stands to reason that the reasoning given in the move
to historic was not the full reason for the failure... and perhaps lends
credence to the thought that certain folks are more concerned about the
effects on mailing lists than the ecosystem as a whole is.

Brandon

On Fri, Aug 21, 2020 at 12:10 PM Jim Fenton <fenton@bluepopcorn.net> wrote:

> On 8/15/20 3:53 PM, John Levine wrote:
>
> Not really. DKIM was deliberately designed not to be tied to any
> visible part of the message. ADSP was a poorly designed hack that was
> never implemented other than small experiments, and that I don't think
> many people understood. I got a lot of grief for making the most
> strict policy "discardable" even though that's obviously what it was.
>
>
> And even with the kinder-and-gentler term "discardable" for its most harsh
> policy option, ADSP was moved from Standards Track to Historic. From
> https://datatracker.ietf.org/doc/status-change-adsp-rfc5617-to-historic/ :
>
> There is, however, evidence of harm caused by incorrect configuration and by
> inappropriate use.  There have, for example, been real cases where a high-value
> domain published an ADSP record of "discardable", but allowed users on their
> domain to subscribe to mailing lists.  When posts from those users were sent to
> other domains that checked ADSP, those subscriber domains rejected the
> messages, resulting in forced unsubscribes from mailman (due to bounces) for
> the unsuspecting subscribers.
>
> Assurances that are provided by ADSP are generally obtained out of band in the
> real Internet, and not through ADSP.  Current deployment of ADSP is not
> recommended.
>
> Is that not exactly the same situation with DMARC, except that the policy
> in question now is "reject" rather than "discardable"? Yes, it's just a
> keyword, but it reflects the semantics of the expected action as well.
>
> -Jim
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email