Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields
Dave Crocker <dcrocker@gmail.com> Wed, 03 June 2020 00:57 UTC
Return-Path: <dcrocker@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 372923A1185 for <dmarc@ietfa.amsl.com>; Tue, 2 Jun 2020 17:57:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNg4R-_YdlSd for <dmarc@ietfa.amsl.com>; Tue, 2 Jun 2020 17:57:31 -0700 (PDT)
Received: from mail-oi1-x244.google.com (mail-oi1-x244.google.com [IPv6:2607:f8b0:4864:20::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE79D3A1095 for <dmarc@ietf.org>; Tue, 2 Jun 2020 17:57:30 -0700 (PDT)
Received: by mail-oi1-x244.google.com with SMTP id x202so236965oix.11 for <dmarc@ietf.org>; Tue, 02 Jun 2020 17:57:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=p3nAPt6hQW+HZEmt5XfdbP6tDU2CA0O+QmaBO++gbZk=; b=q5ptlF73uGK5/li+FKcclB6TU3+o/LBGtTqZSr+xlULpKWsiCL3vHGKgzg8GqD4d44 Ve74raNRMsJ6HB95m9uZOen83/PLF2B7adNiQoIZJyXvFzPhgb4mFpAIUPFRnzSLwTnF 3bPsYcwKtFoHJGwjDnuw97GUoFG5T+WkWn+Vn6Ov5IMSWtabALcy+PSK6dn4qgDxtkIF 6RGts+ofZQCoSiQU/qMxAbtNykHeh2APBW7WDPEmp2W1WJvtOCvi48RRCqU+HfaFnPfD eN7Wn2B8Z6Zu6jmkXAErQx0XZiqnpn2uysynWhTmYqkov7xlLTxamSZTIq0OEdvcxm7s l46w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=p3nAPt6hQW+HZEmt5XfdbP6tDU2CA0O+QmaBO++gbZk=; b=e+GMnIvcF1MIlfro+h35PFEmoIGfB3cBm/B8mPXbZoPgDxjs4cU2TScEKZbjdkxrmj 3FOx/BURxM0YxF/YdEYjkIsW1C0wI0GmtvZn9/DGsco55Z65FmBcErUiSM4lmdSyKAit ak2idNk7lrN9IT1QhyDbVfGmxHHEG3iSXFCr71nrxDATb1IQrMsh/6RjVxF9MwWKu9wp EVRUtZHj0UhLlvzVTabwHO5K+1RRXnKaC4fperUB8Pge+feL2XCANIzWn+BHbwTTmyN6 6NamKNqecQEKlzUUqljmZOpmRZTYza1VLDLJnJTI4ZLHpx/Ivs6b+pCfJ6gq5JLxIX/3 2qLA==
X-Gm-Message-State: AOAM5306oqPtdk8lYy+2Zp1Z7ephFG47wKsdJ207j0SAnuV7boJFfieH vgpVDKNvIJTMdnnKOWvZcomlXfit
X-Google-Smtp-Source: ABdhPJzlcBiVwzF4+ljptLpOkD5Q60GteCcjkG7/K8Dw3evT41rQLoFsPoGLvI2kdu5iF4D2lXK/tA==
X-Received: by 2002:aca:b842:: with SMTP id i63mr4454290oif.169.1591145848752; Tue, 02 Jun 2020 17:57:28 -0700 (PDT)
Received: from ?IPv6:2600:1700:a3a0:4c80:74d5:2e17:a5f6:1e77? ([2600:1700:a3a0:4c80:74d5:2e17:a5f6:1e77]) by smtp.gmail.com with ESMTPSA id m26sm143172otl.30.2020.06.02.17.57.27 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 02 Jun 2020 17:57:28 -0700 (PDT)
To: Seth Blank <seth@valimail.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
References: <DM5PR0601MB367115AD49513EAF3953716CF68B0@DM5PR0601MB3671.namprd06.prod.outlook.com> <18441e8d-cf87-053e-4957-7b9d6ea9690c@gmail.com> <CABa8R6s7Lh_nihfH4Y8=JFCDFL6T_iEd+dBf7C=iW+5S3K4i3A@mail.gmail.com> <1093905c-7556-ab65-ae9f-6c97d1707878@gmail.com> <CAL0qLwYm=QnSLQ_n_+xq_vvEh47TJT+HXZKem5uKhtfRotKAbQ@mail.gmail.com> <c03d4ea4-20e1-12a6-9581-f51a81330ca5@gmail.com> <CAOZAAfO42WrYi6drByD=fdoU=1su-WO6nGH0OoEN1Txw2ONNvA@mail.gmail.com> <CAJ4XoYcyr-3Sdk+96AxJuKAjH124ziTLZV=1K__5ZF-ME3=G5Q@mail.gmail.com> <CAOZAAfMxVt8JsmXJcui-ejjvsjz3zdTegphA9jUJKQaVxEum-A@mail.gmail.com> <150bd1d9-dc9c-8183-308f-5e251caeac74@gmail.com> <CAOZAAfNh=mEWxJt81wOMnttM2CcYW8DVzjzOnUqQ3x4jh3E5bQ@mail.gmail.com> <fbe25bbb-a810-d36c-35e8-aabd85fa1f17@gmail.com> <CAOZAAfM5bGPkNCJCqVdrncnPdw=vBVNSRGSPshShKL2cL1eEQg@mail.gmail.com>
From: Dave Crocker <dcrocker@gmail.com>
Message-ID: <25f91ea0-cb97-97bb-b1b3-d34c54b887f4@gmail.com>
Date: Tue, 02 Jun 2020 17:57:26 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.8.1
MIME-Version: 1.0
In-Reply-To: <CAOZAAfM5bGPkNCJCqVdrncnPdw=vBVNSRGSPshShKL2cL1eEQg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/OMNNYo0OX6UhMYz5DSK10PaR4-A>
Subject: Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2020 00:57:32 -0000
On 6/2/2020 5:45 PM, Seth Blank wrote: > There's a lot of clear and generally consistent data that shows From: > header field spoofing leads to outsized impact on end users. Odd that I've never seen it. Odd that it didn't surface during the literature search that was done when BIMI was started. Again: Please point to work that is specific to this issue and, just in case it is part of a larger tome, please point to the specific place in the document that is relevant to this issue. > However, if by "credible" you mean peer reviewed and not presented by > someone with something to sell in preventing the problem, that may be > missing (although, it only tends to be systems with a part to play in > preventing abuse that are even capable of seeing and distinguishing > the issues) and could be an interesting independent study to run. People with something to sell often do serious research. And they often document it. But this is quite different from marketing literature or hallway discussion. I'm asking to see the research writeups. (I made that plural since you are so firm in saying there is lots of supporting research.) d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
- [dmarc-ietf] DMARC alignment conflicts with RFC 5… Jesse Thompson
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Brandon Long
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Pete Resnick
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Pete Resnick
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Murray S. Kucherawy
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Kurt Andersen (b)
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Hector Santos
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Douglas E. Foster
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] About user notification in the M… Douglas E. Foster
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] About user notification in the M… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] About user notification in the M… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Murray S. Kucherawy
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] About user notification in the M… Douglas E. Foster
- Re: [dmarc-ietf] About user notification in the M… Murray S. Kucherawy
- Re: [dmarc-ietf] About user notification in the M… Дилян Палаузов
- Re: [dmarc-ietf] About user notification in the M… John Levine
- Re: [dmarc-ietf] About user notification in the M… Stan Kalisch