IETF Logo Mail Archive

Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC and What To Say About SPF -all

Neil Anuskiewicz <neil@marmot-tech.com> Sun, 07 April 2024 16:32 UTC

Return-Path: <neil@marmot-tech.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0AB0C14F6B1 for <dmarc@ietfa.amsl.com>; Sun, 7 Apr 2024 09:32:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=marmot-tech.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id piCRdqDxYzkw for <dmarc@ietfa.amsl.com>; Sun, 7 Apr 2024 09:32:33 -0700 (PDT)
Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8498C14F6AF for <dmarc@ietf.org>; Sun, 7 Apr 2024 09:32:26 -0700 (PDT)
Received: by mail-pl1-x62c.google.com with SMTP id d9443c01a7336-1e3ca546d40so14735515ad.3 for <dmarc@ietf.org>; Sun, 07 Apr 2024 09:32:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marmot-tech.com; s=google1; t=1712507546; x=1713112346; darn=ietf.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=R6S19gXw2QvGcZ4YAEYrFF5rAstGqioToyhjBPlnKLE=; b=St0bh73ge8rC5p3yHjCGqRjLd87oXP8mZsJX09HQiRLbtkwn/lF6R1yEcTK8h9PMkl ksP5YUv9cv+MCddc5UzwnkpBSpk1kyexYp5UkWL3eu00olRLm54Bh04GzcP5Oh0RkMyM vGIap7S6iZhy9x57tYTenswam9XUcyURiV4iRzohO890ikH8uizuFbSDCTmcx9cz2P82 M9K1D+voKB35OgsEGCbIxi3HCxCSimvuCOQWkuXL1SWCI5lpKyVUeIzejrzPao61p4fR oBwpY6Pkz5Q21ngZdC0O2IQ2fIy7SOMyz+4jLpJ78C5fXOjgJefzZykxjHkDLxp+6jvn YkeQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712507546; x=1713112346; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R6S19gXw2QvGcZ4YAEYrFF5rAstGqioToyhjBPlnKLE=; b=H+SyfSmwkaHelpzi786KQUCqkdKaN0G0R+0ZXFXrF0JsoK6RRnldcHy/y9+9ZKn3k7 LPmvS0h1BB8INYBi7tDld++vpoGnUbV832K08vdKLVsB2t9xRQeMcAgTRmcRctZVfwBM mZvJXmG3BcdXRlWIImEgpzRQvJ3hEJOFouB2uWoHHR/KxRunfVJ/vZXj2qTTeZbnAtzZ c/5tk39J+aPuMilqnXghrLl4H7CJy7XJwp3t6BJqecPV4qKpZ95vOO/vsXgjD4ZnI9CO Re3cE2nObmpKUZdtfRKQo9k2XUOHBJgq95cTzhUvdGNQYmc8bROxzMevt1c62Gl3zTAa peHg==
X-Gm-Message-State: AOJu0YyRLbDdDAoLda9urUyMMAA3kdup8zR29uKlf33aL8V85wrGY/9Z fHcCwWJR4xt26/amb2SXxAyr9ha3epbQrU1iRtxW+/l8wgCtrzsXjJW3A5zoumydx6uJh1ve0J4 s
X-Google-Smtp-Source: AGHT+IHVKeiUXaMcf+n5MZbfA8t/ODD5Z5jhr6av+RZi4QcjV4D87E/BceT7BhhwGwonzHME/NszUQ==
X-Received: by 2002:a17:902:e84f:b0:1e2:afc7:cd6 with SMTP id t15-20020a170902e84f00b001e2afc70cd6mr7131683plg.20.1712507545975; Sun, 07 Apr 2024 09:32:25 -0700 (PDT)
Received: from smtpclient.apple (c-73-96-89-175.hsd1.or.comcast.net. [73.96.89.175]) by smtp.gmail.com with ESMTPSA id p18-20020a170902e35200b001e2461c52c6sm5139062plc.149.2024.04.07.09.32.25 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 07 Apr 2024 09:32:25 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Neil Anuskiewicz <neil@marmot-tech.com>
Mime-Version: 1.0 (1.0)
Date: Sun, 07 Apr 2024 09:32:14 -0700
Message-Id: <7EE1056B-5CA0-47B2-9F6D-ADB05AD39F50@marmot-tech.com>
References: <afe488dd-bcb1-30e6-161c-45c90d885725@taugh.com>
Cc: dmarc@ietf.org
In-Reply-To: <afe488dd-bcb1-30e6-161c-45c90d885725@taugh.com>
To: John R Levine <johnl@taugh.com>
X-Mailer: iPad Mail (21E236)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/MMFXp9EaEYDN1erKA3xm422DTZk>
Subject: Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC and What To Say About SPF -all
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Apr 2024 16:32:37 -0000


> On Apr 7, 2024, at 9:27 AM, John R Levine <johnl@taugh.com> wrote:
> 
> On Sun, 7 Apr 2024, Neil Anuskiewicz wrote:
>> I think clear statement and supporting text explaining clearly that SPF is no longer the policy layer would be a good idea. While it might be slightly out of scope, I have encountered people who think best practice is to enforce with -ALL.
> 
> We had a long discussion about that which you can read in the list archive at https://mailarchive.ietf.org/arch/browse/dmarc/
> 
> Nobody is crazy about SPF but removing it completely is too much of a change. As Ale pointed out, if you don't want people to use SPF for your DMARC validation, make all your SPF entries ? or ~ rather than +.
> 
> This WG should have finished a year ago.  Unless you think something is so broken that it's worth more months of delay, forget it.

To be clear I was suggesting considering deprecating the hardfail modifier only as it’s archaic. I was not saying deprecate SPF.  That said, i don’t know what the unexpected consequences of this change would be. I think SPF still has its place. Maybe they’ll make some adjustments over in the SPF working group.

v2.23.0 | Report a Bug | By Email