IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

Jim Fenton <fenton@bluepopcorn.net> Fri, 21 August 2020 19:09 UTC

Return-Path: <fenton@bluepopcorn.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98DA23A106C for <dmarc@ietfa.amsl.com>; Fri, 21 Aug 2020 12:09:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.047
X-Spam-Level:
X-Spam-Status: No, score=-3.047 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.949, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dl6pftXLwwMX for <dmarc@ietfa.amsl.com>; Fri, 21 Aug 2020 12:09:50 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AE323A1068 for <dmarc@ietf.org>; Fri, 21 Aug 2020 12:09:50 -0700 (PDT)
Received: from steel.local ([IPv6:2601:647:4400:9fb0:21b0:5472:b576:2ac8]) (authenticated bits=0) by v2.bluepopcorn.net (8.15.2/8.15.2/Debian-14~deb10u1) with ESMTPSA id 07LJ9mCj027634 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO) for <dmarc@ietf.org>; Fri, 21 Aug 2020 12:09:49 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1598036989; bh=HdTQ4K5QD9d3PpcgD0BHQaIS1U8gcl8o0PMhDvSNJTI=; h=Subject:To:References:From:Date:In-Reply-To:From; b=IBCMVDykEOGVqgi0pp624eZGFI4NHXtm7Qa9tojT/IaVJMf+ZMIUp+VAJeO1OwEDB V8v3P+wpPpB5mpf+3wLDKBPmqKlnPhA0QnW1X8VLJeHb6wzaSi+53rp5RYnPdfPGhW /tlr7pFnsJGVmsER3jgfIvgh11Sm4sH6p4Y8OF8A=
To: dmarc@ietf.org
References: <20200815225306.967CC1E9E41D@ary.local>
From: Jim Fenton <fenton@bluepopcorn.net>
Autocrypt: addr=fenton@bluepopcorn.net; prefer-encrypt=mutual; keydata= mQINBFJNz0MBEADME6UoNSsTvSDJOdzL4yWfH4HTTOOZZPUcM/at38j4joeBb2PdatlwCBtk 9ZjupxFK+Qh5NZC19Oa6CHo0vlqw7V1hx1MUhmSPbzKRcNFhJu0KcQdniI8qmsqoG50IELXN BPI5OEZ3chYHpoXXi2+VCkjXJyeoqRNwNdv6QPGg6O1FMbB+AcIZj3x5U18LnJnXv1i+1vBq CxbMP43VmryPf8BLufcEciXpMEHydHbrEBZb/r7SBkUhdQXjxRNcWOLeYvOVUOOrr1c+jvqm DEbTWUJVRnUro/WpZQBffFnymR0jjkdAa8eOVl/nF2oMLbaBsOMvxCRSSEcGhuqwbEappNVT 1nuBTbkJT/GGcXxc+lEx9uNj86oYC4384VZJMTd1BRI4qPXImNZCIdmpKegK743B6xxN6Qh1 Tg167pn9429JENQE/AFIVX5B/gpsg7Aq+3rmz9H6GbfovPvFV3TBTgsHCHAMC8XU+S4fhcqN PN0lbUeyb7g6wxaE+dYqC7TExx7G3prw4v66y0qS7ow/Cfw8XXOEkaFQ4XwP7nvfILT+9CcU yS8I40vlDFU9Wnt56CbGz0ZVQgHnwyPXL+S9kCcIwRLFx1M79s6T6qwX1TXadfpbi1uIw7XG TiPDT8Pk6i2y22oSSROyYD4D+wOhVkkvO0S8iZ3+LhAYUx86nwARAQABtCNKaW0gRmVudG9u IDxmZW50b25AYmx1ZXBvcGNvcm4ubmV0PokCVQQTAQgAPwIbAwYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AWIQS1nUkJe2fEXbvBaacbJaiwFdCfvgUCXxoIpQUJEI6gYAAKCRAbJaiwFdCf voc0EACDpkdX086xmst9QgccOX2qKPnzbaAa0/NpFtJN860Us5gbv8gf+9Wfkz0UVqmExp3a 7CMzJnH5CLNb4jOXMMMoFCzJ8UioTGL4jwN23wXHdhOEycnKMl2i2bN13DwEWdrqVHzF2ds8 did+0Ep1deFCGAEXTS5QMc2LyPynMGScHcLTZJ6IIBK9sQqGn9IPR4UjiZOV4382RG86jxam G8EhKTahaJF+srqXsmKdfg1xGDUr0aFfPZQcdpE/cBePMqe4+H6py4eEobcuVD61RL8KTj3D F78TkoR7+RJcPvTGEA3I5kNPLQrqtSFhds327Mr6MzDkC4gg5nIhvWb/j2zn4tfckBY+e9vS nq6Hfo0NYbqWYaHSdvA0bF7D9CPJ4sXco7MCx1/nLYYLNHpxnSMAFPZmI3lMQBGcR89c/sBm K7BA4aotgbxfm/fZNngZB0xFolkXyPIBfR9rzgIY2llSdd+KlN5tjZnQ7QkShWp0iG2YI6nC Zr7HaObdp+aRB5UmkD5GOdPMcv7s5esouysTKu2R2nzPQG0atMiSRtS6QEDmp372TG7L2w4V HVLx5wlrWpoTiKAMwg7VtFjD7Xbyho6NgRrrmhiW7KnIQxYrb6evg4v316E+H0w0ogU/fDMF x3ZnZDC6npTuPT4GojlxIANBQmSKHYX66HD291b7WrkCDQRSTc9DARAAwZaXYs3OzGlpqvSH 3HR9GjSzIeP0EmsBCjpfIdZbQBwQ3ZREiMGInNxV+xkdjLDg0ctrWzUCUe3plWe5NJkpjqm+ KMc7GKhyeWJ5MZRtVrh0VpFTqi8UwYPWumAYqE1y/U1me/zHpfG9EDwdSYqMkPF76Fy5W+vh ZP2ILKaY8qWSLyH8TPl5mFGBypfT8Q6UuzlRs2aTbsTtBX/qwH7gztMRJSjQtYo20AqCgBBH IA/0xV5qDH7CVYyKyPQ4tJLQ8/xyTysUS5fewrj8lZo/G9SaNtC3CEvrJYwyA0nvYB6+hJPM qMP/tyRXM/9XY3qO4Vxuc+m5fYbTZa5GYAZNNuB5dvqI1U0sFTWBEbpAeabqCQ40ZnFSj+t1 tBuwfj4ey/oJ78WRyg5+VTvPKRRubOmZcnzj5yfTS3VGxAZb4Nsj1S2f3KLP0Z+Cv4dt893I 2JWTChw7jA1omF0QTQaBq140n084PFndBHudrZ3cz+APC89iie2HQ4jGQldXZXnGySHnHlA+ WUyZ9wgOplW9F4Q/Lps1bnuh5VttPVpNfjX8hiV48al+b+ut4nfzXAripIRWF3TL72/6JqgE KNhRKyRn0S6BidieSyHWzqJR3Roi/YNTvyXyLh6i6jtByb3FbnhYf/9olobDpj0E+kTemLrw owre85gwupSphqlzVSUAEQEAAYkCPAQYAQgAJgIbDBYhBLWdSQl7Z8Rdu8FppxslqLAV0J++ BQJfGgilBQkQjqBiAAoJEBslqLAV0J++j7cP/jEq8IXTyahDSPJxQpMKVDL24OBhgZZdmt8B AWFUIrlnaucZ8BXW8wYFnFr+76gSKkfArAXcxSol32aMKS3fW8EdIDw7nkdPuKJGY6dhzIZ5 HDRq/jNMLYHcqXB+0YuqpZ4VNGL3/gmgduBgyTx/cnfqOe7WG13V4qFRMNIrdsf2QdAeFl93 MirVJpokH3anHeh8fQkpWSCiIP7ejGN3Lld1pWdGXqpubj5z6R5208/acSpVs79JiQfaH3q0 cau9oYX0JRoW6iQpGNXlkfLFehCzsKks/m4CtMXMXtajakBmWuHxuebcfHpmz6F+9B3rHvai 5TjSmZe9KfjlDAsuksq4CP1kJOqTxg+e0Sup38b0C979lHpRIhwwl0znobT9EPnrjMd5yDZt 2CZGEAE0bzXWLSHcRDJnHu+jscCnowC18S7LL3X9Gmw8r+WUYmMQ0A8ZDDOB8Z5p9PIs2OAQ kBBsBWFb59KGjtAvFWFEm6/DRDlzXmANICwHC2G4aqn1G3DLSDzwfBfSYLs31dK5mDyzv51G ZJfgxbwTKcdoy6AEkUrzM3A1GP+NVfb/I2LCui+QOHfhfPFmV1OPpTPL77AsTXviA7l1iYMd BADv28GwZyay6Fd1Hp7rOXFI/Qx87++GwpEjpuSKcZihfnh2754ZSyZxim2wmMs6k12nYwvE
Message-ID: <c1679087-6c6e-7147-fea5-b4513f2c060c@bluepopcorn.net>
Date: Fri, 21 Aug 2020 12:09:42 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <20200815225306.967CC1E9E41D@ary.local>
Content-Type: multipart/alternative; boundary="------------19D9FF6A2564DE1EF50145A3"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/O0_YrGIIFavT-fxuN2NEJ2Nt4LE>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Aug 2020 19:09:53 -0000

On 8/15/20 3:53 PM, John Levine wrote:
> Not really. DKIM was deliberately designed not to be tied to any
> visible part of the message. ADSP was a poorly designed hack that was
> never implemented other than small experiments, and that I don't think
> many people understood. I got a lot of grief for making the most
> strict policy "discardable" even though that's obviously what it was.
>
And even with the kinder-and-gentler term "discardable" for its most
harsh policy option, ADSP was moved from Standards Track to Historic.
From
https://datatracker.ietf.org/doc/status-change-adsp-rfc5617-to-historic/ :

> There is, however, evidence of harm caused by incorrect configuration and by
> inappropriate use.  There have, for example, been real cases where a high-value
> domain published an ADSP record of "discardable", but allowed users on their
> domain to subscribe to mailing lists.  When posts from those users were sent to
> other domains that checked ADSP, those subscriber domains rejected the
> messages, resulting in forced unsubscribes from mailman (due to bounces) for
> the unsuspecting subscribers.
>
> Assurances that are provided by ADSP are generally obtained out of band in the
> real Internet, and not through ADSP.  Current deployment of ADSP is not
> recommended.
Is that not exactly the same situation with DMARC, except that the
policy in question now is "reject" rather than "discardable"? Yes, it's
just a keyword, but it reflects the semantics of the expected action as
well.

-Jim

v2.23.0 | Report a Bug | By Email