IETF Logo Mail Archive

[dmarc-ietf] Objections to Sender header as override

Brandon Long <blong@google.com> Wed, 30 September 2020 00:54 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AC1B3A03F4 for <dmarc@ietfa.amsl.com>; Tue, 29 Sep 2020 17:54:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.6
X-Spam-Level:
X-Spam-Status: No, score=-17.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vlj_jqjHznMu for <dmarc@ietfa.amsl.com>; Tue, 29 Sep 2020 17:54:56 -0700 (PDT)
Received: from mail-vk1-xa35.google.com (mail-vk1-xa35.google.com [IPv6:2607:f8b0:4864:20::a35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D9683A0365 for <dmarc@ietf.org>; Tue, 29 Sep 2020 17:54:56 -0700 (PDT)
Received: by mail-vk1-xa35.google.com with SMTP id b4so26031vkh.9 for <dmarc@ietf.org>; Tue, 29 Sep 2020 17:54:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=ewwhRzv5Wz+21qj/2O/DeB48rA3my/nsIR+7r/OLDg4=; b=iRwiBg0Xu5NNdSuxyXgcwu+9Z+DeQ7i23N4zXSaTYHv3aFekwYSRlrE7OUocd/ssy/ S1mdeGI0/Jopmbc90pzCaJqKp+Q/qMDc5g2plP7+oWgQ0j26sSF+5+fVUflJoGfKumRZ t9l4xTjUZ4zy4mHMmMqNqGI+Vvm01rwuoKEAU98y7knP+k8PKygPSSIWv6RLuA7mCsde MpKq78iqUjTklESRzxW5Du5l7zqzUUaL4Ya6myO7d72cxFCdJlgnLnUVNjFcDS+ecoFg 2GoZgUAHXu3QqCUa2m7k7FE7so5SO8SPSCB/oNuAY3pawaRWAz+L0nAQO3L9Nvaa7+Ts P79w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=ewwhRzv5Wz+21qj/2O/DeB48rA3my/nsIR+7r/OLDg4=; b=YubSozNhVZiwssm/F7eDeHWHjI0cDc7+kqyZbpWr0KoqO2K1X3ABtoWNRv6Wq65WEP IWyrVk2sw3gPsHe/K61RZQ1ehZ4ZmjnOAGDJo/Y8D16oWmn6jrJDWhsZUcBHgQTvfj8A 10IefcIWD8AL+oxTDrSWHI+2DlcZvnpKHDaLCvyj/MOyYFQL/gqjDMtGOYT0omP6B6cd IYuQ6zTnOor36u6cEz45doC9pnNUbsyHNLp4kXavzoxg65pZ+rHo73i+PsiogjmBfESm EbzXz0sS4K4xcDPXAmqmvdPE2fijEPRELk5PEV6Nd85JQQtq7b6sNcqyme+U9P6YWc/t 5jgg==
X-Gm-Message-State: AOAM530EPjBHUuIWSWj/0jpHBvE2ETLJTLdMBHohFvFgKZX+N4B7Zi35 PWeM30tNmAXrxOdOFE3VrFvmjKlT2XenkhTHyiORCxL6ZUMG/j0=
X-Google-Smtp-Source: ABdhPJwDPBsjIyqHQMtApPnhpvXMo0R51IklgwwCLIhIgjz/srcQ5Cx6Ycnct0d1WrBkBzLuL+QmWKufBfuAomEnkck=
X-Received: by 2002:a1f:2450:: with SMTP id k77mr92233vkk.13.1601427293632; Tue, 29 Sep 2020 17:54:53 -0700 (PDT)
MIME-Version: 1.0
References: <20200927171611.838B321D9BAD@ary.qy> <5069099.lO0Lvmlme3@zini-1880> <a4e016ba-673a-81f0-829b-b3b7adb6fcac@dcrocker.net> <5F73393D.4010805@isdg.net> <7afb25f6-c258-e92c-fdfe-10fe26ccecec@dcrocker.net> <5F73B80F.2000402@isdg.net> <b52efd45-cec3-1ceb-5ff6-c455e8b46b84@dcrocker.net>
In-Reply-To: <b52efd45-cec3-1ceb-5ff6-c455e8b46b84@dcrocker.net>
From: Brandon Long <blong@google.com>
Date: Tue, 29 Sep 2020 17:54:41 -0700
Message-ID: <CABa8R6uS80Jy=xcMi-XFmD=W7QwkMi1A8ebyGoCJCjeq6=61Yw@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f8fc4e05b07d581d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/OTI93bcRXxrIetHkFzmzFcJj13Q>
Subject: [dmarc-ietf] Objections to Sender header as override
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2020 00:54:58 -0000

Lacks backward compatibility:
If we adopt the Sender header as a method to work around DMARC, it is
obviously a simpler thing to do than ARC, doesn't provide quite as much
(but what it provides may be sufficient)... but still suffers from one of
the main issues with ARC, which is that it requires widespread adoption to
replace some of the other workarounds.

Ie, a mailing list that adopts the Sender header still won't know when it
can do that over rewriting.

Shouldn't be separate as defined:
The Sender header proposal is also an adjunct directly to DMARC itself,
changing the existing dmarc policy evaluation in a direct way.  I don't
think that should be done by a separate spec, if we do decide to, it should
be part of the DMARC spec itself, especially so we can explore all the ways
that it changes the existing spec.  I agree with others who have said that
adding this makes DMARC not DMARC, though I'm willing to explore that in
more depth.  I understand Dave's points regarding user level signals, but I
think alignment benefits in other ways.

If you instead wanted to add it as a separate thing, I don't think it
should be couched as overriding DMARC like it does, but as the same way we
expected ARC to override DMARC, as a well defined local policy override.

Really bad third party signing:
I've objected in the past to various third party signing approaches as
being non-starters for high value domains.  Google does not use SPF's
include mechanism, and is not going to list hundreds of possible third
parties as "ok" for signing to cover all possible mailing lists that are
employees work on.

In some sense, the Sender override is basically third party signing without
any actual relationship... which is both good and bad.  It's bad in that
anyone can now send a phishing message... but I guess anyone could have
before as well.  It's bad in that we wouldn't say "yes, this is fine" for
any specific sender... but now we're more at the whim of the receivers.

It's good in that maybe it standardizes a kind of local policy override.

Brandon

v2.23.0 | Report a Bug | By Email