IETF Logo Mail Archive

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

Jim Fenton <fenton@bluepopcorn.net> Tue, 18 April 2023 22:00 UTC

Return-Path: <fenton@bluepopcorn.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D593C15154C for <dmarc@ietfa.amsl.com>; Tue, 18 Apr 2023 15:00:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8bbPp-5iW_bq for <dmarc@ietfa.amsl.com>; Tue, 18 Apr 2023 15:00:49 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A07DC14CE2B for <dmarc@ietf.org>; Tue, 18 Apr 2023 15:00:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bluepopcorn.net; s=supersize; h=Content-Transfer-Encoding:Content-Type: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=G+2mTYKN09ahUmARJOV5Ic/FKUg4aap5tZ9/wN/QV/A=; b=Ctnsym2CcCOOhw9pnNecU3buWn 5T6I+XVBZ6ncvZTPkLGNMgZGw2vU6n9/lT+shjVS2TWyl1xp9eyK4fbzCKPwLjjSquNHk9tqKBtGY H6Mbn9b9mUYT+wBIqzDqMTmnM6b9ODhguKCJgx5kmGqe1KMg7ck84pZQ06mtk4Gzo900=;
Received: from [2610:20:6b01:197::8a] (helo=[132.163.197.138]) by v2.bluepopcorn.net with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <fenton@bluepopcorn.net>) id 1potNY-00082Y-TP; Tue, 18 Apr 2023 15:00:47 -0700
From: Jim Fenton <fenton@bluepopcorn.net>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: dmarc@ietf.org
Date: Tue, 18 Apr 2023 15:00:45 -0700
X-Mailer: MailMate (1.14r5852)
Message-ID: <3F55F853-C422-4925-9FA6-4CB08A43E570@bluepopcorn.net>
In-Reply-To: <CAL0qLwaKO5A_OSjod00msw+8EALOUqYzeXb_aPjVhQ2R1wZKJg@mail.gmail.com>
References: <CALaySJ+NBg9vzqa0_t-sBf7EKXQ3A=DTyy-Vc7M-ZK9-vfJxmw@mail.gmail.com> <13603D87-4FDE-4768-9712-E6DB0818C802@kitterman.com> <CALaySJLY-9O1Wauk50WMMobNs3cKUzmB+=np080nYCHEZa32UA@mail.gmail.com> <3129648.WqDQmVRvLn@localhost> <CAJ4XoYe3Z8=G8H6hQFuiMMwfZQt1JvLpK3bQmrtGCz=b-w=CJA@mail.gmail.com> <86E22FA6-759F-40F3-AEA3-119EE90F64A0@kitterman.com> <80086446-effa-7ee2-91c7-1f44449d92fb@tekmarc.com> <CAL0qLwaKO5A_OSjod00msw+8EALOUqYzeXb_aPjVhQ2R1wZKJg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/L1JELYhg8mXF8LbVsDucAnejPJs>
Subject: Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Apr 2023 22:00:54 -0000

On 9 Apr 2023, at 0:50, Murray S. Kucherawy wrote:

> (Note, here, that Barry has in his proposed text limited the constraint to
> those types of deployments where the damage is likely.  I concur.  DMARC,
> as currently defined, works just fine when deployed in transactional
> situations.  Or, at least, I haven't seen that identified as a problem
> case.)

I have been trying to point out a problem in even for transactional messages. Some receive-side forwarders that people use break DKIM signatures, and of course break SPF. So a transactional message sent to a forwarded address might be rejected if the address to which it is forwarded enforces DMARC.

IMO, receive-side forwarding is an important use case. It allows people to maintain a consistent email address if they change mail providers. For people whose email provider is their ISP, that keeps them from being locked into that ISP.

It’s possible that this might be solved if the forwarder implements ARC, but only if the address to which it is forwarded knows how to implement ARC. I suspect that many DMARC enforcers currently don’t.

-Jim

v2.23.0 | Report a Bug | By Email