Re: [dmarc-ietf] DMARC exceptions
Todd Herr <todd.herr@valimail.com> Fri, 15 March 2024 14:16 UTC
Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1055EC14F5E7 for <dmarc@ietfa.amsl.com>; Fri, 15 Mar 2024 07:16:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kNVh7kX1P_sY for <dmarc@ietfa.amsl.com>; Fri, 15 Mar 2024 07:16:14 -0700 (PDT)
Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com [IPv6:2607:f8b0:4864:20::b2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F34BFC14F60A for <dmarc@ietf.org>; Fri, 15 Mar 2024 07:16:13 -0700 (PDT)
Received: by mail-yb1-xb2d.google.com with SMTP id 3f1490d57ef6-dcc7cdb3a98so2058581276.2 for <dmarc@ietf.org>; Fri, 15 Mar 2024 07:16:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; t=1710512173; x=1711116973; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=kHD7VGfFHZByi+LRRtVaeYdzuqo9aOqODgxG7Iic56M=; b=FWXq53d6LEGqhw9SpRyPvd88FfyLxmXgyZOV90kZnncxYgjDlJEypctRz7ZIdqaZAW uMGFOJJdQGUszpzxKjGi15x5Z92jazFyzDC992PFO1pWlBQCcLS6I2uelyLX0cMttzGh nFNEySwb88oMVesyGfcNIjs8c91+ThxrBzX1NX31l3XTHyJPMdp3J0mBEgMb7CTQhAbb tN2PWi6m9dvddKSYaR1+1tcH2StJuRIBAdBiAziIUcdQchLpFPBfcwMotEcE5DMYqm+8 N6v7py8PHMh6A0sEbqYnNRkPH8CbO/gjgdum0DHSG3aCAv/+upRq3ld5VsU7Eiw/7MNt /94Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710512173; x=1711116973; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=kHD7VGfFHZByi+LRRtVaeYdzuqo9aOqODgxG7Iic56M=; b=YtAdACju8vtNf3RVVmpcYnQwc/VhfgMF6obsb3TYfwL08up4UaRb5DakAtt0FSzeKd lwsoeHOEyRP8vtJkvh22V4NDBQ5KKQWEI//LZEVHUjDXpPz5kWKxx4SaPTHpQWEA/1dT 0WIpB+76X5sTB4AM5EwP+rVjNkHhmB79Yj0AvMbMI28QTQJP5Gt3M5Vrq04TpDuc6nGT NO/yGv4HUJeJFTXvkHoJ+vkma5r35dJC/NAwcLSFKuAHz2dIlyy2jHPq7SS86CtGf+MM ZwS5OfdtU0Zc5ljHdqkdKOBTzLC9DT4pdC4Ro3fs1Ryy2hXP49k+iqN9SnAxcUwhUJr7 Cwnw==
X-Gm-Message-State: AOJu0YwzhOlI2JzstpTo6eamIdMIDY/S0Ek0XvjQzjdmnaWtqa0QXdBd xXWcd5R36953M5JOHE3YUk3lDUGHc4wLz+KQ0OxfG2mpkArIGMAqM6kXZ/KRL2SKZscTBW4dJa4 v2xdqnA5O2/EKI+c0tXwSn2eMCoKi3LjLxA83NfgyZTb8sgkaw5E=
X-Google-Smtp-Source: AGHT+IFOECRnPcucVHBAoGrAVn3jFjl5qT37foQH7/leEsqPLHyuM2iqJJip9jMRV5VodMjWRsX9BwUQFoYfLtZuqJE=
X-Received: by 2002:a05:6902:4eb:b0:dd1:48c9:53f3 with SMTP id w11-20020a05690204eb00b00dd148c953f3mr4582579ybs.60.1710512171293; Fri, 15 Mar 2024 07:16:11 -0700 (PDT)
MIME-Version: 1.0
References: <CAH48ZfygJ8zQfGWRnnsQ_XpSSpyUu1ZFeAaYgY6CCtdNdewETg@mail.gmail.com>
In-Reply-To: <CAH48ZfygJ8zQfGWRnnsQ_XpSSpyUu1ZFeAaYgY6CCtdNdewETg@mail.gmail.com>
From: Todd Herr <todd.herr@valimail.com>
Date: Fri, 15 Mar 2024 10:15:55 -0400
Message-ID: <CAHej_8==9chBx=mnquigP07RKzW2Z57PhiU+LxXFMRk-wQ5xLA@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005ab7c10613b3a643"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/MerUmXzkyV0gDzh4hdS1iJYDsOs>
Subject: Re: [dmarc-ietf] DMARC exceptions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2024 14:16:18 -0000
On Fri, Mar 15, 2024 at 1:47 AM Douglas Foster < dougfoster.emailstandards@gmail.com> wrote: > DMARC is an imperfect tool, as evidenced by the mailing list problem, > among others. DMARCbis has failed to integrate RFC7489 with RFC 7960, > because it provides no discussion of the circumstances where an evaluator > should override the DMARC result. I believe DMARCbis needs a discussion > about the appropriate scope and characteristics of local policy. > > > I disagree with your premise, and I submit that it is not the role of the IETF, DMARCbis, or any third party to determine either characteristics or appropriate scope for a policy that is local to a Mail Receiver. A Mail Receiver's goal is to make sure that its mailbox holders receive wanted mail while minimizing the amount of unwanted mail that's accepted, and how they work to achieve that goal is solely their purview. DMARC authentication results can and probably do inform their work, but they're just one piece of data for doing so. Their work will also be informed by many other data points, some of which we know (historical mailbox holder engagement with a given mail stream) and some of which we don't know, and they adjust their handling decisions all the time based on whatever signals they deem important. I believe that this paragraph in the Introduction section of DMARCbis concisely describes DMARC to Mail Receivers: A DMARC pass indicates only that the RFC5322.From domain has been authenticated for that message. Authentication does not carry an explicit or implicit value assertion about that message or about the Domain Owner. Furthermore, a mail-receiving organization that performs DMARC verification can choose to honor the Domain Owner's requested message handling for authentication failures, but it is not required to do so; it might choose different actions entirely. I further believe that the description of the 'p' tag and of its possible values of 'none', 'quarantine', and 'reject' in section 5.3, General Record Format, are enough to help the Mail Receiver understand how reliable the Domain Owner believes its authentication practices to be and, along with everything else the Mail Receiver knows about the sending domain, the source of the mail stream, etc., etc., how much weight can be assigned to a failed DMARC authentication result for that domain. -- Todd Herr | Technical Director, Standards & Ecosystem Email: todd.herr@valimail.com Phone: 703-220-4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- [dmarc-ietf] DMARC exceptions Douglas Foster
- Re: [dmarc-ietf] DMARC exceptions Todd Herr
- Re: [dmarc-ietf] DMARC exceptions Scott Kitterman
- Re: [dmarc-ietf] DMARC exceptions Hector Santos