IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

John R Levine <johnl@taugh.com> Sun, 16 August 2020 15:44 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D30E3A0D1E for <dmarc@ietfa.amsl.com>; Sun, 16 Aug 2020 08:44:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=RHXFDeHf; dkim=pass (2048-bit key) header.d=taugh.com header.b=Hc2vy7Mj
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GVDlxPOIkZnt for <dmarc@ietfa.amsl.com>; Sun, 16 Aug 2020 08:44:19 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 549C73A0D1C for <dmarc@ietf.org>; Sun, 16 Aug 2020 08:44:18 -0700 (PDT)
Received: (qmail 52837 invoked from network); 16 Aug 2020 15:44:17 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=ce60.5f395451.k2008; i=johnl-iecc.com@submit.iecc.com; bh=tw6jtCryJNJ9abPi+dYPRVaQUpr6EHk+xNuOsQwryDQ=; b=RHXFDeHfLrMoynD2Jy8tJwRkuMoQZ/iSQenNRIgVvaiX0DLwCTcGVGjN0FWtO4X96joE/h7FbORWWAoXRpfc/nCHnu8Mz0p7tNrlhm97UGM71HYS838nSk5ZPZygNU3wNb1DWd70pXxtcvXqcuuYOeBuDrvydLwG7BwR3bu4Dzdm0QOck7zgrV+gXbgXo7p5kUuHQO4iFcTHAi0rWy2qppByYv9/wDzjnYY69XW+Fwo3b4eP8i8+tNb43urrA6Cwn1xgwDpnK7DmsooW1oOUtypNbPEaLPwG7ZTihEQXxXOktSvtiYH/2krTVVhVmU3zkVHTiiKVTIm2BY6k2OXGvw==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=ce60.5f395451.k2008; olt=johnl-iecc.com@submit.iecc.com; bh=tw6jtCryJNJ9abPi+dYPRVaQUpr6EHk+xNuOsQwryDQ=; b=Hc2vy7Mj1zyS5sluoeK0kNLMUlq09c15GVLdg//gt9JCjujfaJKWgaFFrHtFT5y/Uy1GpVw3rehBj1P4HzgybwvRkc0nre+FvBP1hBJJiLG/pXU50BAAzUq3MdEuFfDfmHGdN0DmGv5iSgjii2fOTC80s0Zcfa4n11i3XyIZaqPesmuWoThXPO9euIw96ti/vmiExeajKeixUiWFRK7a8zhCg5kftR5lVfNJxVZ8tbJDWt0xGuuQL2DtdBKU2pIIFCPF/0dwgr8sCtlNsN8iKugwFigHN7kEk6qfrrCghj27T+VjSW4ZpEeDwjKngTdGZaIJYEFs9ztHUYMt46u1RA==
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 16 Aug 2020 15:44:16 -0000
Date: Sun, 16 Aug 2020 11:44:16 -0400
Message-ID: <5abe3867-f427-1d54-7abe-6c5715a893b7@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Alessandro Vesely <vesely@tana.it>
Cc: IETF DMARC WG <dmarc@ietf.org>
In-Reply-To: <4e549ca6-6047-6ff2-325c-fe8d7247e157@tana.it>
References: <CAJ4XoYcFbh8-nAxjxzzRgUahFfhcgcZQ2yMF2ewv_-DgUmhL=g@mail.gmail.com> <20200814164237.313071E971DB@ary.local> <CAJ4XoYeqj_5mpZu1PZP4rNfrWRyC5gC-2dfK7oX9xQHiR24QeA@mail.gmail.com> <085c6a5f-5451-ae8c-4873-133673ba1754@tana.it> <CAL0qLwaVUi9QtV4zcCwncuy4N3YPwsGZPzFfd1q19io79UG2VQ@mail.gmail.com> <c1844590-4b12-9763-21c5-6ac5b730321b@tana.it> <6358f3da-806b-f4eb-b9a0-8ee8ce4121d7@dcrocker.net> <4e549ca6-6047-6ff2-325c-fe8d7247e157@tana.it>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/OZEJ4Rx6t-cwfkjobINQsb3-CJY>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Aug 2020 15:44:21 -0000

>> If I put my gmail address into the from field, there is no pretending, no 
>> matter what platform I am using.
>
> That conflicts with the coarse-grained authentication strategy, established 
> at the FTC Email Authentication Summit in November 2004, ...

No, it doesn't.  It probably won't surprise you to hear that several of us 
were there.

The FTC wanted a way to reliably associate a domain name with a message, 
and they gave SPF and Domainkeys and Sender-ID as examples.  The IETF 
later published SPF and DKIM (which is a tweaked version of Domainkeys), 
as standard track RFCs each of which associate a domain name with a 
message.

They all use a domain name in different places in the message; only 
Sender-ID used the From header address, and even then only if there was no 
Sender, or Resent-From, or Resent-Sender.  (That was the infamous PRA 
patent.)

It wasn't until DMARC came along that anything formalized the unfortunate 
misapprehension that the From header address is the only "real" identity.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email