IETF Logo Mail Archive

Re: [dmarc-ietf] ARC, DMARCbis WGLC - Issue 144 Mention of ARC in DMARCbis

Seth Blank <seth@valimail.com> Tue, 02 April 2024 16:03 UTC

Return-Path: <seth@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E6C0C14F69D for <dmarc@ietfa.amsl.com>; Tue, 2 Apr 2024 09:03:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4t7wOC3eOgpA for <dmarc@ietfa.amsl.com>; Tue, 2 Apr 2024 09:03:29 -0700 (PDT)
Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14780C14F602 for <dmarc@ietf.org>; Tue, 2 Apr 2024 09:03:29 -0700 (PDT)
Received: by mail-pl1-x633.google.com with SMTP id d9443c01a7336-1e00d1e13a2so35655445ad.0 for <dmarc@ietf.org>; Tue, 02 Apr 2024 09:03:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; t=1712073808; x=1712678608; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=4F99EDhetNfRe5x5LJ/WHeDHJFyfvCEmnqW2VlNfT5w=; b=ADo3aUA4hSz2cC6btN22pqqCeSgpIJFpOQZW05qKE8Y69gNl3HkZzDeS89o8x1NmgS 0P+6DBkhiGZEYjzF6ooh+x6s6wzfcjyJYK3eiH5zfCTwMnLjAxCZX8qNFYXKVvsDZG+X 7RcOVudtQ/HjZGKaEdphr+J7ic6pFxWScpyOQBB2Qpn/4DIyDmnRKAqxMyH3ONE/weXb GWnsx4oSRvqr6daYoDH4juD3ddiDC1Ycrx873p/IFzo6uVyEYFnvoWhQV7GWGmVC8K/p JVj7+aoi+pLpXDXwZgPS+6UT+jGKovlCSfAoE0LDJghz9AW4VU6JKivPxgUb7fQ0ZYQA nhbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712073808; x=1712678608; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4F99EDhetNfRe5x5LJ/WHeDHJFyfvCEmnqW2VlNfT5w=; b=vLEfV08lEYdsD2YAm1XPmfbFwcFrvwij6PfiEWnNbTgGp1GrywZ+IUjTRi7HXYRqtc tjSykjVH8uPN3LCSKKHTdHKJxnDivAxCp3J9ZCaGCr4qIJXZn5t8u84nQTlzamhXj9QH kTzMrWiSM3HtUjlESmpNSMm7/AGbqgwC5eFrwkaW/VUA0bhDe/3mnXVswQs8oSE147Ox rJUnOVlefcA2HTTXkpiNZEBwdxgeZYuW6BA1IVa/iqkcasbNZVIb3tFLfyygswElxArw ZRSjixBuHN6eiCyro0krrkHoY3LVNU6xUhMpli70UzNr2l+ftk3TmpflNR+wSMHMLY7V SZpg==
X-Gm-Message-State: AOJu0YyLe57fI+2qfp4aYc5NJYXjbOMELSmQlwYAnlGAbCJ4VAz85NKQ koaw9WtzuIeIcSiz3ofyubI9UEw3s/ff9+ueOvWAP/Cqs9sn+Lt4lfJz8hpMlPX3oKXvsg3RH7x cQFC9szbJ5/lSyRnyaaSnbqSmQvq6gxHar9/2mTiGwJ4Z8HFe
X-Google-Smtp-Source: AGHT+IHdO+y9PF8KT/7pKuZ9mcEuTNCtEHQoENbOWJLhE03/YUYRqLP1BBX0akZ7pR8A36gShbonZO0zUL6IsikpBkk=
X-Received: by 2002:a17:903:298c:b0:1e2:834e:d5c8 with SMTP id lm12-20020a170903298c00b001e2834ed5c8mr1099490plb.35.1712073808068; Tue, 02 Apr 2024 09:03:28 -0700 (PDT)
MIME-Version: 1.0
References: <CAL0qLwZKWNsV_CZ7C4ep88soaquhFG6FswoyNDWdfJ4HB7pamQ@mail.gmail.com> <20240402154918.6477686B0508@ary.qy> <CAL0qLwaaKTcQ+OyApjDn3yA0mrB+HYSurMR1pZP-angNRcPEQg@mail.gmail.com>
In-Reply-To: <CAL0qLwaaKTcQ+OyApjDn3yA0mrB+HYSurMR1pZP-angNRcPEQg@mail.gmail.com>
From: Seth Blank <seth@valimail.com>
Date: Tue, 02 Apr 2024 12:03:17 -0400
Message-ID: <CAOZAAfOUAVs1=UdrU-gSiJ=4CH5d7btZ8N8C-iAqqJjNm4dUGg@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="00000000000028e1dc06151f3f03"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Nguq_TEbteOwgBCqXHtXnH2d3pU>
Subject: Re: [dmarc-ietf] ARC, DMARCbis WGLC - Issue 144 Mention of ARC in DMARCbis
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2024 16:03:32 -0000

On Tue, Apr 2, 2024 at 11:58 AM Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Tue, Apr 2, 2024 at 8:49 AM John Levine <johnl@taugh.com> wrote:
>
>> It appears that Murray S. Kucherawy  <superuser@gmail.com> said:
>> >Can you give an example, even if only a hypothetical one?
>>
>> I'm not Emmanuel but people at large mail systems have told me that
>> the biggest value of ARC is to deal with mailing lists that do lousy
>> spam filtering. Lists often let anything through that has the address
>> of a subscriber on the From: line. Mail systems see legit lists that
>> gush spam when some bot starts sending mail to the list with fake
>> subscriber addresses, because the bot herder is using address pairs
>> from stolen address books.
>>
>> While we all know the reasons that you don't want to enforce DMARC on
>> the mail coming out of a mailing list, it makes a lot more sense to
>> enforce it on mail going into a list. You can use ARC to look back and
>> see if the mail was aligned on the way in and if not treat it as spam.
>>
>
> I think details about the technique to which you're alluding, especially
> with real world examples, anecdotes, or other data, would be really
> valuable to publish somewhere, be that in this document or elsewhere.  Even
> just a paragraph that explains what ARC brings that we didn't have before,
> that can be used to mitigate DMARC damage, would be a step in the right
> direction.
>
> The ARC usage document appears to have been parked and expired, so that
> advice doesn't seem to exist anywhere now.  Is the plan to revive that, now
> that we appear to have at least one source of experience?
>

At M3AAWG a month ago, a couple of major mailboxes agreed to share their
experience (and success) with ARC to this list. It is apparently making a
significant difference for their systems. Getting that data public is still
slow moving.



>
> -MSK, p11g
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>


-- 

Seth Blank | Chief Technology Officer
Email: seth@valimail.com


This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.

v2.23.0 | Report a Bug | By Email