Re: [dmarc-ietf] ARC questions

John Levine <johnl@taugh.com> Thu, 26 November 2020 21:55 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1452E3A10B3 for <dmarc@ietfa.amsl.com>; Thu, 26 Nov 2020 13:55:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.851
X-Spam-Level:
X-Spam-Status: No, score=-1.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=jtkNg5XH; dkim=pass (2048-bit key) header.d=taugh.com header.b=TbgGiu2A
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3uoGrMWUu8zf for <dmarc@ietfa.amsl.com>; Thu, 26 Nov 2020 13:55:48 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5801F3A10B1 for <dmarc@ietf.org>; Thu, 26 Nov 2020 13:55:48 -0800 (PST)
Received: (qmail 85661 invoked from network); 26 Nov 2020 21:55:46 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=14e9b.5fc02462.k2011; bh=9bV9owKOA20T2XcBsTcpAKlyNiopuzQhA5YlNtmGp9M=; b=jtkNg5XHGZY92iu3RnA2x6RLgJH5cZh8Ggqnvmzqy/ZkE9kN5UYpNw/11PKqeJv2cbVu0xej0NvTHmL8iCgv7tm5bExprN4y+DHBH8Fqn6cB3+39lCiBqvG6hGWJ5lDkBetpqcx3YNPMYW1+2o81h8SB6/3oqAQLdEV1ZXJXhx6RNZUZeZbmTHQMicDIibeUp8X2ZmRQuYzUgLtVnnsONyBIOZXwBJnNMA6sibO03dBrdcAMuDW9VKyLMD1lZ2ig5XGCCVuLpy9hBecfvn96AMwNaA8jHmCYNCD8kp5QXieNByWqe90O4E/DRxg7MZOyZPX82vGCfslEjvrvTbRatw==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=14e9b.5fc02462.k2011; bh=9bV9owKOA20T2XcBsTcpAKlyNiopuzQhA5YlNtmGp9M=; b=TbgGiu2AcdC4+4ERHCe6bB+CdFoJ4R5cq7RLXd1SXb/HwAlJS/heDhYvR7RK+gVkWrptXhmXgho4J9sj3a2r15JLvoivQ0wb2VKdvTV7cJ+Sg4UnERUdAiEFCsLRHDGXyMSuZBZwWg6n2ay0aXAwN+JWUccafXIpbAQMMscc5VoP1mL8lgpY2pWfNcDf7Isenv3PUo9yiEtJgTE8I3uuZElSYPa8gadY4/zLZUY640ckRtZUNJqd6WvOfFru99N/cnD89C6AAo2KdgvfiRN/09+YFjFpIhNxHDJooy/gByQNF8hDhuxHKV+C7VcW6JaZtPArGWuDGkS5j8d6ArNjtA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 26 Nov 2020 21:55:45 -0000
Received: by ary.qy (Postfix, from userid 501) id 6D9832822E71; Thu, 26 Nov 2020 16:55:44 -0500 (EST)
Date: 26 Nov 2020 16:55:44 -0500
Message-Id: <20201126215545.6D9832822E71@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: mike@mtcc.com
In-Reply-To: <c4745515-5fa9-6617-9491-e01813d716b9@mtcc.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/OQCqeJEV26EySTrWajn1EceSZNs>
Subject: Re: [dmarc-ietf] ARC questions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2020 21:55:50 -0000

In article <c4745515-5fa9-6617-9491-e01813d716b9@mtcc.com> you write:
>questions the wg deems needed since then. Leaving ARC in an experimental 
>state ad infinitum doesn't seem optimal. Basically: 1) was it needed at 
>all 2) did it help. 3) if it helped, how much did it help.

I agree that at some point we need to declare the experiment over and
see if it's worked, but it's way too early for that. At this point the
only widely used list software that can apply ARC seals is Sympa.
(Mailman 3 may, but most mailman users including the IETF are still
using mailman 2.)

> (1) in 
>particular is what interests me because adding two new signatures seems 
>*really* heavy handed. That would go a long way toward answering the 
>questions of whether it's should go standards track.

I don't get why a few extra signatures are a problem. Nearly all of my
mail goes out with two added DKIM signatures, one that matches the
>From domain or the list domain if it's a list, and one for my system.
It's just not a big deal.

>Our motivation at the time was one in particular: spear phishing. From 
>an enterprise situation spear phishing is scary af, and not one that 
>providers have much care about. That's what John gets wrong when he says 
>that 90% pass rate is useless: for enterprise not wanting to get spear 
>phished, a 10% false positive rate ...

Sorry, I meant 90% the other way, catching 90% of the bad stuff and
letting the other 10% through is not good enough. I agree that for
spear phishing the tolerance for false positives is likely to be
fairly high.

R's,
JOhn