IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports

Alessandro Vesely <vesely@tana.it> Mon, 04 January 2021 11:50 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 470163A0C5D for <dmarc@ietfa.amsl.com>; Mon, 4 Jan 2021 03:50:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.482
X-Spam-Level:
X-Spam-Status: No, score=-0.482 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.262, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U3aVwZu9Tnqi for <dmarc@ietfa.amsl.com>; Mon, 4 Jan 2021 03:50:18 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75C263A0C59 for <dmarc@ietf.org>; Mon, 4 Jan 2021 03:50:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1609761013; bh=xczu1VpXtW1LC0rWpVOIuS5/ACuXr4RhbEFIpl83eVs=; l=4678; h=To:References:From:Date:In-Reply-To; b=BTEjQ4Fn3drip+tJIWMtJLamMHWg+D6WqpRt26fBpJr65/6pN2jbAKZRdR0i+kna7 qAh8/4l9q/cdF0qZA3oM0AdskNqbpyE0NP7acLX+JaNlUTroin0yGWo5cCmfOxOYi1 4BwmdqtLzXdVrg9GZE5ttzSPnclmv8t5JlR1lNL5oIP41crllFkUwwyDg3uIT
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0CF.000000005FF300F5.00006F82; Mon, 04 Jan 2021 12:50:13 +0100
To: dmarc@ietf.org
References: <20201231160030.20AFB3EE7AD7@ary.qy> <4bd444a4-0c34-467a-cfcb-a8f7c14b723d@tana.it> <b030d1f-44d4-4330-eb17-c930eb968be2@taugh.com> <CAH48ZfzDkz4iS2k-+8_-zW-y4m+c1dhRMvPQZmpbLLG2KY0eGA@mail.gmail.com> <64c4ebd3-4e06-e12e-d072-7ae2562cf4e1@tana.it> <CAH48ZfzVkO_oxY1SjeWTqH9oUxHJaAsU2XKBZx-CQ9U0Ba8N0w@mail.gmail.com> <CAH48Zfwkxbi7pmmY15DKSRyCgc82jEUJ8hHRtvAQ9J3yJHy6_A@mail.gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <c3aef9ac-c7f9-e129-b71f-33f611237f9a@tana.it>
Date: Mon, 04 Jan 2021 12:50:12 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <CAH48Zfwkxbi7pmmY15DKSRyCgc82jEUJ8hHRtvAQ9J3yJHy6_A@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Q7oQJqTS8TQOHVZQQWxP1C2iaME>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jan 2021 11:50:20 -0000

On Sun 03/Jan/2021 20:56:59 +0100 Douglas Foster wrote:
> You can disagree about whether this wording is appropriate, but there
> should be no disagreement about the scope problem.   We do not have a
> protocol which can handle all situations, and much of our discussion is
> caused by those who apply DMARC to situations where it does not work.


Let me object to the consistency of this point of view.  Unlike PGP, DMARC is 
not designed as an end-to-end protocol.  The only way that a user could decide 
on a per-message basis whether or not her message should be subject to which 
policy would be to have a variety of domains configured with each policy and 
then set her From: header field appropriately.  Clearly not a viable mode of 
operation.

A general purpose domain can have email users and some transactional mail as 
well.  DMARC has to be configured to suite all of them.  There are special 
domains, which are highly abused.  They had to direct their users to use 
subdomains for non-transactional mail.  The need to do so can be considered a 
DMARC defect, IMHO.


> Lets define "legitimate mail" as used in my proposed text to mean "delivery
> is desired by the intended recipient and the message contains nothing that
> threatens the interest of the user, the interest of the user's network, or
> the policies of the user's organization."   Perhaps this is too
> restrictive, because it  excludes advertising which is harmless in its
> intent but unwanted by the recipient.


Having advertisements come /From: advertiser/ is a goal.


> What is clear is that by this definition, mailing list messages are
> legitimate, and yet are incompatible with DMARC.


No, MLM messages with rewritten From: are fully compatible.


> Similarly, messages which are tagged with informational content by a spam
> filter and then forwarded at the request of the primary recipient are also
> legitimate.

Not sure.  Spam shouldn't be forwarded.


> In both cases, specific messages may be unwanted or hostile, but the class
> of messages is wanted. >
> My exception language is still incomplete, because we have another class of
> senders who ignore DMARC but are too important to block.    My list in that
> category includes a U.S. government agency and two vendors of cloud-based
> products for secure web relay.
> 
> We need to set appropriate expectations for product developers, email
> gateway operators, and domain owners.    Otherwise we end up with wrong
> assumptions which lead to products which mindlessly apply a disposition
> without providing adequate exception mechanisms.


It is much simpler if the sender is DMARC-aware and sends messages that pass 
DMARC.  There is a plethora of legacy devices and servers that send plain old 
mail.  They are a problem and need to be identified and somehow gatewayed or 
delivered skipping DMARC processing.


> Address rewriting is NOT the optimal answer to the problem, because it
> hides the forwarding operation without addressing the complications that
> forwarding creates for correctly evaluating email reputation.


Hiding depends on how you rewrite and forward.  Receivers can examine ARC 
chains and/or undo MLM transformations so as to deliver a fully meaningful 
message header.


> Email evaluation products need to handle all possible scenarios.  This
> includes
> - forwarded and not forwarded
> - with and without SMTP rewrite
> - with and without modification.
> - with and without From rewrite
> - with and without ARC sets
> - whether the email header chain is accurately documented or fraudulently fabricated.


Girl Scout troops will inevitably fall in the not forwarded category.  ESP 
messages, instead, should come /From: ESP/.


> The only way to handle all of these scenarios is for the email filter to
> examine the entire chain of Received headers and other headers.   There is
> no simple algorithm for performing this analysis.   There is an opportunity
> for IETF to provide ways for legitimate MTAs to facilitate this process,
> and ARC is a step in the right direction, but only a first step.


I wish it ends up in something deterministic that can be used by small and 
large providers alike.


> We may be able to promote DMARC adoption by overselling its capabilities,
> but I do not see that as a good thing.


Some people push for domains to migrate toward a strict policy.  They assume 
that p=none is a transitory status.  I wouldn't call that "overselling", as, in 
fact, having p=none currently provides the best deliverability.  Yet, p=none 
makes DMARC non-actionable, which I think is a limitation.


Best
Ale
--

v2.23.0 | Report a Bug | By Email