Re: [dmarc-ietf] About user notification in the MUA
Дилян Палаузов <dilyan.palauzov@aegee.org> Mon, 08 June 2020 11:11 UTC
Return-Path: <dilyan.palauzov@aegee.org>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62F133A0913 for <dmarc@ietfa.amsl.com>; Mon, 8 Jun 2020 04:11:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=aegee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SATSm9Rod9ib for <dmarc@ietfa.amsl.com>; Mon, 8 Jun 2020 04:11:54 -0700 (PDT)
Received: from mail.aegee.org (mail.aegee.org [144.76.142.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11AE03A0874 for <dmarc@ietf.org>; Mon, 8 Jun 2020 04:11:52 -0700 (PDT)
Authentication-Results: mail.aegee.org/058BBkqA3711312; auth=pass (LOGIN) smtp.auth=didopalauzov
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aegee.org; s=k4096; t=1591614708; i=dkim+MSA-tls@aegee.org; bh=AaEjD2FXa9xOsznkFrTEBjgnVQeHjOu2Dn5R4HRX8Bk=; h=Subject:From:To:Date:In-Reply-To:References; b=RUAHaMpBFlFbPT7NigxtuiPya06VN67GNvufNuxyhyEidhhbWRUmVwEAOcY1ZQnlR KglZP2TakieXPb7fzoRwrkYNalIZQab0KBHS4aC/BhdEj5bWHWcSRB3urtVqEuC4s9 MKvOAfnA8dlwp6wt8a+63OJaGjDio+o83q7dunjkLMYMiA54N8AeASqjD1Bco2+mH3 j6NbqHpZYcHgeni7lSmGvDHYKPu2IpBdO1ttYyP2MvcinbhSFQ4T09vMgSNQ9lGryK JGWU8kAFMgcAw8v56VGLFdZzrKd45djDi5UHJRzbIbQ4MGvWmrFkLQTdmEJRW+xLKL r0fGmv/omLBx8MKtC7FynuFBT4tW2DjYre7XTgGy98XwQmRR6akyYyt9ubKquWaIuX WvUlsIYp8eS20khYyXlNGhhtlXSj4nEt5UDx1n82+mYZrJYlwQKH5wfMNTr8Y12r00 0jzlQd/IjXRe0SmJiDLftCP+nSHHHB3Qzd5iF77ht9z+ImS/emtrN3ZHn+Fs7Lg3FR ojJrhbcLp3UJin6awU5ZVI1IMa/WmcgIbHsI9IsuB0xSZ8wj11djPDBe+Y5dQvqysi 8+1c27ZF6u1rp3unVSn2wUo4z20TvLIQQVxiZzs+d3c629PjaXmDcBXeHZ3mIwELcS y6BC/kBb6MWBYPJhEJ/dATdA=
Authentication-Results: mail.aegee.org/058BBkqA3711312; dkim=none
Received: from Tylan (87.118.146.153.topnet.bg [87.118.146.153] (may be forged)) (authenticated bits=0) by mail.aegee.org (8.15.2/8.15.2) with ESMTPSA id 058BBkqA3711312 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Mon, 8 Jun 2020 11:11:47 GMT
Message-ID: <b749063f069ffcf849d3959601fd12c7a8f48040.camel@aegee.org>
From: Дилян Палаузов <dilyan.palauzov@aegee.org>
To: fosterd@bayviewphysicians.com, dmarc@ietf.org
Date: Mon, 08 Jun 2020 11:11:46 +0000
In-Reply-To: <dbcc34fb870e45b2b1cd3903b90b8a87@bayviewphysicians.com>
References: <DM5PR0601MB367115AD49513EAF3953716CF68B0@DM5PR0601MB3671.namprd06.prod.outlook.com> <11640715.3lbasgNmsr@sk-desktop> <25420528-d356-0273-ceb3-c44a3c94bc91@gmail.com> <3138524.EPDo7oxCqE@sk-desktop> <4620e21f-32c5-7735-9faf-a5b045f84c0d@bluepopcorn.net> <ac0f684a-4c00-0564-8cf9-5b955e037c87@tana.it> <14fe18acad53467a8027e680dfc1067e@bayviewphysicians.com> <46e045ae-9691-4f5b-86bf-142c066458d8@www.fastmail.com> <fbbcc299-98f3-5d23-15e1-1f89fa03b9a7@gmail.com> <dbcc34fb870e45b2b1cd3903b90b8a87@bayviewphysicians.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.37.3
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.102.3 at mail.aegee.org
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/KuJ8h89oDLORvP5fFOW-Fp3Z0-4>
Subject: Re: [dmarc-ietf] About user notification in the MUA
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2020 11:11:56 -0000
Hello, when a message is wrongly evalutated as spam, and is left therefore unnoticed, it is nobody’s fault. You can signal the users as you want, including the users, which just redirect mails on your host, and do not utilize the “Spam” store there. A message is either likely spam (subject to signaling), or it is not likely spam. When the message is likely spam, you can signal the sender by sending a non delivery report. That report can contain information, entered by the intended recipient, like snail mail address or phone number. If you signal the sender (by rejecting at SMTP level) you do not need a signaling method on the recipients’ side, that works across all MUAs. Besides, there is no “nobody is fault for the overseen signaled message”. If you run a server with 10 local users and 10 000 redirecting addresses (aliases), you have to use a signaling method, that does not break the DKIM-signature, and works for redirected emails. For users that utilize just redirecting there is no “neither likely spam, nor unlikely spam” category. And the other users also do not need such category. Greetings Дилян On Sun, 2020-06-07 at 23:04 +0000, Douglas E. Foster wrote: > I am trying to play by the rules and not chase topics outside the one > assigned, but since several have jumped on my comment, I will follow > up briefly. > > Dave Crocker wrote > Since there has been a demonstrated lack of efficacy in this sort of > display, there needs to be an objective basis for knowing that any > new such requirement will be useful. > > Every email filtering product that I have examined has provided a > user-signaling system, using one or more of the following: > * tagging the subject, > * adding text as a body header or body footer > * converting the suspect message into an attachment of a > replacement message, > * soft-quarantining, where the user has unrestricted control to > release the message from quarantine. > Given that market reality, I conclude that most vendors and their > customers believe that user-signalling is useful. The signalling > system does not have to prevent every mistake for the signal to be > useful. > > The problem with all current notification methods is that they are > relatively primitive, often communicating nothing substantive about > the suspicious message characteristics. They also work against other > security mechanisms. > * Any form of tagging breaks DKIM signatures, reducing the > credibility of the message if it is auto-forwarded for any reason. > > * The tagging also becomes tattooed to the message and its replies, > rather than being restricted to the trust domain that assigned the > tag. One example should suffice: a message was tagged with [SPAM?] > because the sender had an error in his SPF record and I was trying to > enforce SPF. Then when my staff replied, the originator treated the > reply as spam because the word SPAM was still in the subject line > when he received it! > We need a user notification mechanism that is local to the trust > domain and does not break DKIM signatures. You have already done the > heavy lifting for this interoperability problem with Authentication- > Results and ARC I am not expecting a "Standard" that requires every > implementation to notify every user in the same way. I am looking > for a guidance document that helps vendors to deliver products which > permit an organization to implement a notification policy which they > find to be effective and appropriate. IETF is the right > organization to take this on because the email filter, the mail > system, and the multiple MUAs are almost always a multi-vendor > configuration. > > df > > > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc
- [dmarc-ietf] DMARC alignment conflicts with RFC 5… Jesse Thompson
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Brandon Long
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Pete Resnick
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Pete Resnick
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Murray S. Kucherawy
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Kurt Andersen (b)
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Hector Santos
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Douglas E. Foster
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] About user notification in the M… Douglas E. Foster
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] About user notification in the M… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] About user notification in the M… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Murray S. Kucherawy
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] About user notification in the M… Douglas E. Foster
- Re: [dmarc-ietf] About user notification in the M… Murray S. Kucherawy
- Re: [dmarc-ietf] About user notification in the M… Дилян Палаузов
- Re: [dmarc-ietf] About user notification in the M… John Levine
- Re: [dmarc-ietf] About user notification in the M… Stan Kalisch