IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

Scott Kitterman <sklist@kitterman.com> Mon, 28 September 2020 03:53 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D09C3A0D52 for <dmarc@ietfa.amsl.com>; Sun, 27 Sep 2020 20:53:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=R1UOzlcO; dkim=pass (2048-bit key) header.d=kitterman.com header.b=UNUcar/V
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YXtFPaEZCsth for <dmarc@ietfa.amsl.com>; Sun, 27 Sep 2020 20:53:35 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 817573A0D4A for <dmarc@ietf.org>; Sun, 27 Sep 2020 20:53:35 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 3DAD0F80232 for <dmarc@ietf.org>; Sun, 27 Sep 2020 23:53:34 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1601265214; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=PXEiZHX2gSJXl+AMnmlDomFLJi0sQXS2Whf164ixPfg=; b=R1UOzlcOuWhqxBLvCfPhQfUJwLl9rvTqJSH4/2dpZSdbQrATAIhQg6yg2E/C3pBEsCSoD I24X6MzmWG4N6YtDQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1601265214; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=PXEiZHX2gSJXl+AMnmlDomFLJi0sQXS2Whf164ixPfg=; b=UNUcar/VSLQTTf8WfkQ5kNiSU8imqI2BXShOEQ1V8ALyB3Legzn1KQq3X3EidyPCPoLYm 6kYSJhBnckiS2c32FHQ/l8x20A6MX8i+T978Nh7P00SDFogRqKOYi9YcXkStxDKcEyOYOQ+ PXWj0Wafw568cJPoODpNZ5xqg/lk8ziMGq4pAYfMmxoiFM3M7tr+bGCBSqfyNrjGWz5t21u fWGmDhX6Ah4ptgOzy98w3XKpufipK0HubZUc5orRHUTsg9ZPet8nzzAnlE6Nxb3oeKmkQAb LPLG80dAHaZZ32+rrMYT5g2Uh/s9mmjmpNjS3ACOzL5gwDmD6SVmpW7WhebQ==
Received: from zini-1880.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTP id EACE7F8020E for <dmarc@ietf.org>; Sun, 27 Sep 2020 23:53:33 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Sun, 27 Sep 2020 23:53:33 -0400
Message-ID: <4499848.MezZmEGGVd@zini-1880>
In-Reply-To: <a4e016ba-673a-81f0-829b-b3b7adb6fcac@dcrocker.net>
References: <20200927171611.838B321D9BAD@ary.qy> <5069099.lO0Lvmlme3@zini-1880> <a4e016ba-673a-81f0-829b-b3b7adb6fcac@dcrocker.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/KPyn-nWoAC5b0FJ9ZHVFyFjayVI>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Sep 2020 03:53:38 -0000

On Sunday, September 27, 2020 11:44:11 PM EDT Dave Crocker wrote:
> On 9/27/2020 11:22 AM, Scott Kitterman wrote:
> > This seems to me to be an odd view because no RFC is needed to use From
> > and
> > it's relationship to either DKIM signing domain or SPF validated Mail
> > From.
> 
> The DKIM d= value establishes no relationship with any other identifer,
> such as the From: field.  At all.  None.
> 
> DMARC establishes the relationship. DMARC does other things, but for the
> above suggested alternative, this is the functional difference that
> requires DMARC.
> 
> To reiterate: Among currently published specifications, without DMARC
> there is no relationship between DKIM's d= value and the rfc5322.From
> domain name.
> 
> > Feeding data into an algorithm has no interoperability requirements.
> > 
> > That doesn't mean one can't use the data this way, because anyone can that
> > wants to can.  That doesn't make it the specified protocol.
> 
> It's not clear what your point is.  It's clear you believe it's a
> fundamental point, but I'm not understanding it's import.
> 
> > ...  Maybe it would help if someone who takes the latter view would
> > 
> > explain what they think RFC 7489, Section 6.6.2, Step 6 is for:
> >>     6.  Apply policy.  Emails that fail the DMARC mechanism check are
> >>     
> >>         disposed of in accordance with the discovered DMARC policy of the
> >>         Domain Owner.  See Section 6.3 for details.
> > 
> > I don't think that says "then toss the results into your classifier".
> 
> The issue is not what it says -- though it worth considering whether
> that's what it /should/ say.
> 
> The issue is how receivers actually /use/ DMARC.
> 
> There has always be a tension about how to write these statements
> seeking to affect receiver behavior.  The natural tendency is to write
> language of simple directives, such as Step 6 -- after all, that's
> common language for basic protocol behavior.
> 
> However Step 6 moves from protocol into policy.  It is based on the myth
> that receivers will blindly follow the instructions that are provided by
> sites with which the receiver has no relationship, never mind a
> contractual one.
> 
> The reality is that Step 6 results in a mandate that often produces
> unacceptable results.
> 
> Receivers, having their own quality assurance models, immediately
> adapted their actions to their own operating criteria, rather than
> following the simple, blind directives of  random DMARC publishers.

So we agree that you claim DMARC practice is in variance with what is specified 
and we should base the update to the specification on the usage you have 
claimed is popular?

Scott K

v2.23.0 | Report a Bug | By Email