IETF Logo Mail Archive

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

Mark Alley <mark.alley@tekmarc.com> Mon, 10 April 2023 18:04 UTC

Return-Path: <mark.alley@tekmarc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51F7DC151527 for <dmarc@ietfa.amsl.com>; Mon, 10 Apr 2023 11:04:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=tekmarc.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X1BJC0dWDQYh for <dmarc@ietfa.amsl.com>; Mon, 10 Apr 2023 11:04:08 -0700 (PDT)
Received: from mail-yw1-x1143.google.com (mail-yw1-x1143.google.com [IPv6:2607:f8b0:4864:20::1143]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54878C14CE5F for <dmarc@ietf.org>; Mon, 10 Apr 2023 11:04:08 -0700 (PDT)
Received: by mail-yw1-x1143.google.com with SMTP id 00721157ae682-54f64b29207so4912657b3.8 for <dmarc@ietf.org>; Mon, 10 Apr 2023 11:04:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tekmarc.com; s=google; t=1681149846; x=1683741846; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:from:to:cc:subject:date:message-id :reply-to; bh=TNNOk814UJAdJJEsCUoKo0AB+wOknyom5EVhAANOBtw=; b=EQJwZNrA8XFbum2TTUq0n8UM0WrA4Dg2F/47txJEduRXs9j+TrY+O01ke39AzwnE9+ B/XOa3oXZlzbd1Nk1e2UskVYb9yHBGLl6cdKOP4C6gi8UHRg3yFuh78Fcl54oXZilcsZ tSbN1xJ3IT0pK5YiVBBk9lx0aw3SRAP5cZVlL1lFhQPrBjSm+YR30/B18fq0voNGO2US JGaXbo2ZB7LiOCF1eJ4pfYG/ddJ9wroH3t4rppUgt0JT/yNesmYHc61a2woLPp3wlrLP mijHuYNWGxSD9j8IFDFk/7TYolknZG6ye+ii/WDaeJZcLMzn5piAQYECrOA4HKX4lT6+ 67cA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1681149846; x=1683741846; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=TNNOk814UJAdJJEsCUoKo0AB+wOknyom5EVhAANOBtw=; b=h617MyYgvN82Cw3FUO7Y7TUPYOBt0X22z4jZfZuXvD8abvWKFhs9u5+htYBwHTPXY3 C32TrsEnhWAxC3asHj9Mq1xYu7NACdr5xvw8jCZdutCGfvSyCqsYpU9b8WQKFD//B1M/ Dp3J3Rcrv7Xh5n0vuwZ11lc7L8N4GlZD/lseT/IIwQlfQInkXIeVXFI8oxn/b2Od99Hq Tx+Q5oAkrdYovyEEckYegc0D8Vu5+W1Y48BWoldDB1DPs+2LDQjutjKFs3NjkyTQPpBY tPr+heH0pEhtKkYpKwYkre9xb+3huW8H83Ua1Cpb99A6rUFpoNsE4ZJmrECfRcW7J2O8 b2CA==
X-Gm-Message-State: AAQBX9dxAc8oXUUdT5EiNiJsXmD6Zd4KWK6W/VZ71rgF486ch05ZjVnA 1yBdt69figd3kuRU6s3zJA3u7krEu3HM6RXlX7a0hqtSoIY=
X-Google-Smtp-Source: AKy350YTE5jUWD5HZ6hhMvso4lK5Z0KdimphJ0ojCozCQ9HC+jlbvyjPvbmJisRREoORjyfFvJlg6w==
X-Received: by 2002:a0d:df86:0:b0:54b:fcc4:b3f4 with SMTP id i128-20020a0ddf86000000b0054bfcc4b3f4mr5152944ywe.19.1681149846382; Mon, 10 Apr 2023 11:04:06 -0700 (PDT)
Received: from [192.168.2.20] (162-238-103-217.lightspeed.brhmal.sbcglobal.net. [162.238.103.217]) by smtp.gmail.com with ESMTPSA id a71-20020a811a4a000000b00546160d7fa1sm2959250ywa.50.2023.04.10.11.04.05 for <dmarc@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 10 Apr 2023 11:04:05 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------ikQBfHOZO5v5XmO5594FqkU9"
Message-ID: <549c7c09-ae8f-1d79-8a1d-89bbd3f2a09f@tekmarc.com>
Date: Mon, 10 Apr 2023 13:04:05 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.9.1
Content-Language: en-US
To: dmarc@ietf.org
References: <20230409005207.DCA8BBD1CC17@ary.qy> <4a0dba74-3e25-b9cb-dd64-20bf04ae76ba@tekmarc.com> <7b599a98-922a-44db-af91-2f8aa0f74181@app.fastmail.com> <CALaySJJQ-Mh+=EsmA7QatrcCbCSSTGHt6fRGWequ+KCH3adYUg@mail.gmail.com>
From: Mark Alley <mark.alley@tekmarc.com>
In-Reply-To: <CALaySJJQ-Mh+=EsmA7QatrcCbCSSTGHt6fRGWequ+KCH3adYUg@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/QINvo4qvTH-z2_cgvYKaFXm2Png>
Subject: Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Apr 2023 18:04:12 -0000

I've thought about this a bit more; I could get behind "<general 
purpose> domains MUST NOT publish p=reject" (for interoperability) as 
long as it is made clear the interoperability context for the "MUST NOT" 
does not address the perceived security benefits of its current usage by 
domain owners at large.

As said in your original message that started this topic, "... no one 
will be arrested or fined for choosing not to follow the [MUST NOT]", 
but then I feel like we still have an impasse, because it's not much of 
a standard if nobody adheres to said standard (as others have stated 
on-list), especially so in this case of strict language. The 
recommendation I feel from the community would probably still be, "have 
p=reject as a goal" even with this language in place.

Possibly off-topic slightly, I think BIMI's requirement for DMARC is 
contradictory to what this language is trying to portray for the 
standard. We'd publish "general purpose domains must not publish 
p=reject" for DMARCbis, but then one of the pre-requisites of BIMI is to 
at least have p=quarantine, which still does damage due to the 
non-standardized way disparate receivers handle the policy. Point is, it 
seems conflicting to have two documents telling (and expecting) domain 
owners to do different things.

- Mark Alley

On 4/9/2023 1:33 PM, Barry Leiba wrote:
> > As Todd previously stated, my preference is for language that
> > acknowledges the primacy of the domain owner over interoperability
>
> The problem is that IETF standards are about interoperability, not 
> about anyone’s primacy.
>
> There is an alternative, though: we can acknowledge that because of 
> how those deploying DMARC view their needs over interoperability, 
> DMARC is not appropriate as an IETF standard, and we abandon the 
> effort to make it Proposed Standard.
>
> I see that as the only way forward if we cannot address the damage 
> that improperly deployed DMARC policies do to mailing lists.
>
> Barry
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email