Re: [dmarc-ietf] ARC questions

John Levine <johnl@taugh.com> Tue, 24 November 2020 02:04 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6234D3A0E8A for <dmarc@ietfa.amsl.com>; Mon, 23 Nov 2020 18:04:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.049
X-Spam-Level:
X-Spam-Status: No, score=0.049 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=HbkX8cBg; dkim=pass (2048-bit key) header.d=taugh.com header.b=Voj4mi7Q
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QK8BVzant4EY for <dmarc@ietfa.amsl.com>; Mon, 23 Nov 2020 18:04:57 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CD203A0E88 for <dmarc@ietf.org>; Mon, 23 Nov 2020 18:04:56 -0800 (PST)
Received: (qmail 53558 invoked from network); 24 Nov 2020 02:04:54 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=d131.5fbc6a46.k2011; bh=GMwj+/EMbT3eNwIZBrXuGbi9JZskwOSrvaeaV6womxU=; b=HbkX8cBgzaCteyE+X9Yd3Eg8CCWjsNkszP60hJzu/IvBZJaCMep4iVYCFXV4eV2iSpkbnkqQ9qhFNBBs8XYxm3bpG2NOXNaiYUV6IHZY2QX7ZF9CSPDPmkPFUqjDeruwxCLeEu4J/ojKCDVgYPJI9qvQA9272x5kDh7Ftyg4RD3+LdxeLKpdJ9/3rVWsyeI/twUqAn8B7tleyWxxNPxLJet3khTxCH1xXpjnhaGFZYs4r6L1y0zMuC03sDMwXHdtcS+civqPA5elwr/OZpwLL1Gy65kYXjMAq/YKMs2q9knlfdyy2BvFn+HsEbMavHJ7XNZdBowBerz9oHr9fUaHBA==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=d131.5fbc6a46.k2011; bh=GMwj+/EMbT3eNwIZBrXuGbi9JZskwOSrvaeaV6womxU=; b=Voj4mi7QMSbs7/SUPMPfnqECw6QbrO4wyORPhSjCHHSrTqH4mpZiJ15MhK56scbLKXV3C+92q9xcOPW9cfrBCBA7QXq+ssLzBN+TO5jeoYi5b3fj/xLvD1p0DTBz421eVO4Qk716siqIyzBu0dQMMuMo/2eWZK8XEdomqlu0Tl3tGFzP+7EFtrdt02uC6qEFGrKvn+zbt5HiVhJ4LV1hlV5bj/mNtbyLUF0DqR3eysnjLOsgwNizcEhAqPv7hRV7uYFGNW5gRtb3oBFBDNthYhcoRgF2VgYkbVFMk6lFa0NijIzNRpLkeYGw6xXe78WCvFWG8HoFikZu39jBLIfIFQ==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 24 Nov 2020 02:04:54 -0000
Received: by ary.qy (Postfix, from userid 501) id AFDC027CE5C8; Mon, 23 Nov 2020 21:04:53 -0500 (EST)
Date: 23 Nov 2020 21:04:53 -0500
Message-Id: <20201124020453.AFDC027CE5C8@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: mike@mtcc.com
In-Reply-To: <e8e1d300-fbe7-6d10-c15f-30c29ab74237@mtcc.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/P5EiAACwOIFcJ_ovf2q0N-VQVGs>
Subject: Re: [dmarc-ietf] ARC questions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2020 02:04:59 -0000

In article <e8e1d300-fbe7-6d10-c15f-30c29ab74237@mtcc.com> you write:
>What I'm struggling to understand is what having authenticated auth-res 
>from a previous hop helps. this is what i found:

See some of the previous messages. My usual example is a mailing list
message that fails DMARC at the final recipient but passed DMARC (as
recorded in AAR) when it arrived at the list. This lets the final
recipient distinguish between real messages from subscribers and mail
from spambots that happened to scrape both the list address and some
subscribers' address and sends mail to one pretending to be from the
other. (That definitely happens, I've seen it on lists I'm on.)

I agree that the ARC document does not do a great job of explaining that.

>It would be kind of nice to understand what gap ARC actually plugs and 
>why it's important if you ask me. Also: there seem to be a lot of ways 
>to achieve this, but this one is probably the most complicated one that 
>I can envision.

If you want to pass the A-R results through multiple rounds of
forwarding, you can't do much less.

R's,
John