Re: [dmarc-ietf] DMARC bis: ticket 49: remove normative requirement on policy tag placement
Todd Herr <todd.herr@valimail.com> Thu, 21 May 2020 22:40 UTC
Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E3433A07A6 for <dmarc@ietfa.amsl.com>; Thu, 21 May 2020 15:40:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BwIIJoTKrH-r for <dmarc@ietfa.amsl.com>; Thu, 21 May 2020 15:40:45 -0700 (PDT)
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6D363A076F for <dmarc@ietf.org>; Thu, 21 May 2020 15:40:44 -0700 (PDT)
Received: by mail-qk1-x730.google.com with SMTP id g185so8962511qke.7 for <dmarc@ietf.org>; Thu, 21 May 2020 15:40:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=OuqUD7biyNKnc9z5S6zLHXXfdOOCMIBNM7tIbjstkDg=; b=EQ6V3/14wPq8FVT8X5mchkpdiOce2CCwM3/w75NweIdtHLfZirEhMXCba/eqUDBg9I zoIgYRq4rUPr3CixEE0ZFg17S8MQiakOmGCe1uesoC3cSfJH+n0Ji87z+QVMc5eBTBDS N/KqCKabewt9sdZaJtm+2N2+vtPIWnE68Kfk+EtW57n+i+IHDLlBFGNRbwaQTKS562DA Ttn5VhqUKF2EyavRMaZMOzxwRbZqaC6MYN7C0AiS2+gu3QwHjANR5znWOIVWM0Iv6nAj zNT4sR44r05AVfjP5HCEMgbZCkI2EwDkYe6h/qspZWPIwcXXxDhGvXHHY+3yhkluDF76 XmEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=OuqUD7biyNKnc9z5S6zLHXXfdOOCMIBNM7tIbjstkDg=; b=LTX+0MKyKNz4XcxRDynDKVEVGOZCSxIVVJt/qmzhnSFpiv9It2N53dw/IABGeMST+F A2tg7DsPfjzDbM0YFAGH4YRBQNYaV4M6o8etEFoz4jAGadtQkVDiHP3oqJP865ukJeoi nacJHCv2BLWUeJDfaaFSJBU/bQQ9iYAmgJyhEbeWnXtZhHF7GbPZAtgc0rdHVtUq+1hq cC6Z0fGuSvV7JEe7xlm7lM/DFOVo2U+/lY4qiq4nSIYClGbjLeHbGz/TWqvMFcXJGKOy LViUnpfHLlL3vmMQdH7QSqZCxnhiUWlqZXRneoqHSg3Kx6vCBaXm8wNyX/LQMhdxUjMy ZChw==
X-Gm-Message-State: AOAM533I5T2zkCFCKGcWEyJKgIjEXKoEXSQfIEq2uqkChqpKZvi2Puth 7ASuRRW404nublFGBfz1j9L7B4A3Ko3pFiX/dDmkW+yd
X-Google-Smtp-Source: ABdhPJy4owsFv31Wi8HKd4nBIzxCRdqW5GaSPquIVTl+wpqmY5erurEvtFQKR6v1/aREOU2gm3XAWuT7r0JpwBrAegc=
X-Received: by 2002:a37:384:: with SMTP id 126mr4480577qkd.325.1590100843425; Thu, 21 May 2020 15:40:43 -0700 (PDT)
MIME-Version: 1.0
References: <CAOZAAfP9AiYi2Gpyd2gfhbN5tUmTA5oH4_bOGq_HY4JnqYT+fQ@mail.gmail.com> <r9nefr$12k0$1@gal.iecc.com> <CADyWQ+HNGSQwxvCcsHykG9AN2rVeXCecmrpr4H+d1HDZUYUUUA@mail.gmail.com> <1784228.uJLO1Brz0r@localhost>
In-Reply-To: <1784228.uJLO1Brz0r@localhost>
From: Todd Herr <todd.herr@valimail.com>
Date: Thu, 21 May 2020 18:40:32 -0400
Message-ID: <CAHej_8mTGEM1P4eU1QbL=Ne=rDkDgeFuxNPKY9zYbqnPmudAPw@mail.gmail.com>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ee184505a6303326"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Q1v0cJbFMhh0gmVYt8yHEYu4HSc>
Subject: Re: [dmarc-ietf] DMARC bis: ticket 49: remove normative requirement on policy tag placement
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2020 22:40:49 -0000
I disagree with the idea of making p= optional. My perception is that DMARC has been advertised to the ecosystem as a way for domain/brand owners to request specific treatment for mail that claims to be sent on behalf of a domain but that fails authentication checks. It's couched as a request for treatment because we already see frequent cases where the request is not honored, for example where a p=reject policy receives a disposition of quarantine; I've always believed this sort of thing to be due to the mailbox providers not exactly trusting the domain owners to fully understand the ramifications of their policy statement, and rather than do what's asked, the receiver takes the safer route to avoid the chance of a massive rejection of a legitimate mailing that had broken authentication for whatever reason. Making p= an optional tag, even with the default of p=none, I believe would further erode receiver confidence in DMARC policy statements, simply because publishing a record with no p= tag provides no evidence that the domain owner has given any thought whatsoever to their policy statement. On Thu, May 21, 2020 at 5:12 PM Scott Kitterman <sklist@kitterman.com> wrote: > Agreed. I don't think this is controversial. > > Also, I don't see a problem with making the p= tag optional (with an > inferred > value of None if not present). This is consistent with an existing SHOULD > in > RFC 7489 and appears to be broadly supported in existing implementations. > > I'd propose we close this ticket with the following resolution: > > The requirement that the v=DMARC1 tag be first will be retained. > > The requirement that the p= tag be second and the requirement that the p= > tag > is mandatory will be dropped. If the p= tag is not present, the implied > policy value is None. > > Scott K > > On Thursday, May 21, 2020 4:54:55 PM EDT Tim Wicinski wrote: > > (With no hats) > > > > I agree with John the v=DMARC1; is magic and MUST be first. Everything > > else can show up wherever. > > > > tim > > > > On Fri, May 15, 2020 at 9:09 PM John Levine <johnl@taugh.com> wrote: > > > In article <CAL0qLwa-iuyB_iNQU+g6e3NH1+q0W413RaCZcHp== > > > s9CQA7s1g@mail.gmail.com>, > > > > > > Murray S. Kucherawy <superuser@gmail.com> wrote: > > > >It's been a while since the original discussion, but I can't remember > why > > > >the requirement is there in the first place. The only benefit I can > > > >think > > > >of is that having "v=" first lets you decide very quickly if you care > to > > > >continue, but the savings is really pretty small. > > > > > > The v=DMARC1; is a magic number that tells you whether it's worth > decoding > > > the > > > rest of the record. People put a lot of junk at tops of their zones, > some > > > of which is in k=v format and I would prefer not to try to decode > records > > > full > > > of junk to see of a v= tag is in there somewhere. > > > > > > Other than that I agree there is no reason to specify the order of > > > tags. > > > > > > -- > > > Regards, > > > John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for > > > Dummies", > > > Please consider the environment before reading this e-mail. > https://jl.ly > > > > > > _______________________________________________ > > > dmarc mailing list > > > dmarc@ietf.org > > > https://www.ietf.org/mailman/listinfo/dmarc > > > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > -- *Todd Herr* | Sr. Technical Program Manager *e:* todd.herr@valimail.com *p:* This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- [dmarc-ietf] DMARC bis: ticket 49: remove normati… Seth Blank
- Re: [dmarc-ietf] DMARC bis: ticket 49: remove nor… Scott Kitterman
- Re: [dmarc-ietf] DMARC bis: ticket 49: remove nor… Murray S. Kucherawy
- Re: [dmarc-ietf] DMARC bis: ticket 49: remove nor… John Levine
- Re: [dmarc-ietf] DMARC bis: ticket 49: remove nor… Alessandro Vesely
- Re: [dmarc-ietf] DMARC bis: ticket 49: remove nor… Tim Wicinski
- Re: [dmarc-ietf] DMARC bis: ticket 49: remove nor… Scott Kitterman
- Re: [dmarc-ietf] DMARC bis: ticket 49: remove nor… Todd Herr
- Re: [dmarc-ietf] DMARC bis: ticket 49: remove nor… Steven M Jones
- Re: [dmarc-ietf] DMARC bis: ticket 49: remove nor… John R. Levine
- Re: [dmarc-ietf] DMARC bis: ticket 49: remove nor… Scott Kitterman
- Re: [dmarc-ietf] DMARC bis: ticket 49: remove nor… Alessandro Vesely
- Re: [dmarc-ietf] DMARC bis: ticket 49: remove nor… Seth Blank
- Re: [dmarc-ietf] DMARC bis: ticket 49: remove nor… Scott Kitterman