IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

"Murray S. Kucherawy" <superuser@gmail.com> Sat, 15 August 2020 09:02 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63F933A0BB9 for <dmarc@ietfa.amsl.com>; Sat, 15 Aug 2020 02:02:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m0P-PaTG-bqi for <dmarc@ietfa.amsl.com>; Sat, 15 Aug 2020 02:02:20 -0700 (PDT)
Received: from mail-ua1-x936.google.com (mail-ua1-x936.google.com [IPv6:2607:f8b0:4864:20::936]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65F0A3A0BB8 for <dmarc@ietf.org>; Sat, 15 Aug 2020 02:02:20 -0700 (PDT)
Received: by mail-ua1-x936.google.com with SMTP id q68so3351804uaq.0 for <dmarc@ietf.org>; Sat, 15 Aug 2020 02:02:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=g7sW9D694Ur1smqnDT4Nb+oWMZYHnJJqLis9Ym+56+g=; b=j2/fUuMsgHTSLguewr/siEcZaRxlHcX3nMN+EoDigO65EkTJyY27vf1NOVfVlMYnr4 9zE5Jtbul3ghgd1puQhjKgtGHU7I50ZOQypg7ACLker1l9MCE+gk499pEfGjpsYKDRMU lovjXGlqkobt75T5IqO5S+7J8NHyWgwM7GkTCQoPY+bkKtWIfT6cYlOvIvaJpvbfK/Yi Uy6eNp/5Qi3BqBcWBq+T6rWZlJVpaGHaiSqnzYclxc8UiCF4NCeRIKN+QLchp/wGTAB0 Y3x9s/hSKqO0907/jUkEflz6Yo53N/rR3Fe5Qdld3/nzlUadqCpk0NGV/vjErxeaJ6nU i+DQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=g7sW9D694Ur1smqnDT4Nb+oWMZYHnJJqLis9Ym+56+g=; b=EadWS4nOI6gwk/ET1Jyjvkk/icoOf2zAcUSu6M3I99qser2+v4jhcmoBt8Jesv4uu6 a0GDJSFrxKGU9FZcpVKnFJ9h5VCTnT0xXurs31FPX7Jy3MkWTv0nDXfpBNbcCnk4NnV9 fcbPLQrR+C5T3gv6dfGNc5eZLN/2PW4YnI8/nF8D/6cNQXt+Kt1qA1eTYEUQXxkl3NhV 5+EOzYZZ9vEmdLDgxkvlwss35KW6CfwJ+fdsOpAIQO7Lf2NhM1g2aof6RwgXrTy4PTeD UJErJNRSeEy0Ey1wL1Fcpm0ihXTuRKJtkI+8bFPbQti+EEN3YKV4LoLVa7kaMcTFRzRZ q7wA==
X-Gm-Message-State: AOAM531+Bw2795SzyK9h5PFM6K6a8EatHfDsXlu3HIsLNyu64h65IjAi cYDoeQNBNgNPDMEj6LWTXVifxK0FlzFw6nKeQHk=
X-Google-Smtp-Source: ABdhPJwRRDMowbRvhhtQOYgFr9yHh+Mzxh9F+Y8KH7XIMe+ZvfycF8HKaZu6mfCJFzdWaIG89tHmTMo9+xb4UkB74gI=
X-Received: by 2002:a9f:26a5:: with SMTP id 34mr3639149uay.67.1597482139218; Sat, 15 Aug 2020 02:02:19 -0700 (PDT)
MIME-Version: 1.0
References: <CAJ4XoYcFbh8-nAxjxzzRgUahFfhcgcZQ2yMF2ewv_-DgUmhL=g@mail.gmail.com> <20200814164237.313071E971DB@ary.local> <CAJ4XoYeqj_5mpZu1PZP4rNfrWRyC5gC-2dfK7oX9xQHiR24QeA@mail.gmail.com> <085c6a5f-5451-ae8c-4873-133673ba1754@tana.it>
In-Reply-To: <085c6a5f-5451-ae8c-4873-133673ba1754@tana.it>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Sat, 15 Aug 2020 02:02:06 -0700
Message-ID: <CAL0qLwaVUi9QtV4zcCwncuy4N3YPwsGZPzFfd1q19io79UG2VQ@mail.gmail.com>
To: Alessandro Vesely <vesely@tana.it>
Cc: IETF DMARC WG <dmarc@ietf.org>, Dotzero <dotzero@gmail.com>, John Levine <johnl@taugh.com>
Content-Type: multipart/alternative; boundary="0000000000007179ce05ace6cbc7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/QYpXmD8g5zZP9Jhpkdf-no7TSIM>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Aug 2020 09:02:22 -0000

Emphatically hatless:

On Sat, Aug 15, 2020 at 12:47 AM Alessandro Vesely <vesely@tana.it> wrote:

> >> Lists have been around a lot longer than DMARC has.
>
> That doesn't grant lists any extra right.  Others consider current
> global usage as a priority gauge.
>

This line of thinking has bothered me for a long time.

Imagine you're a large soft drink manufacturer.  Your delicious, popular
product is sold in grocery stores the world over, sometimes directly from
your production line, sometimes via a local reseller.  Your sales team does
one or the other depending on the use case.  Business has been good for a
generation or two.  One day you decide you don't like resellers anymore
because some of them mis-promote your product, so you somehow arrange that
the cans in the stores that passed through resellers suddenly and randomly
begin invalidating themselves by bursting, making a mess of the store and
soaking customers.  Other products nearby are also ruined.  This reflects
poorly on the resellers, some of whom are forced to stop doing business
with you.  Stores get angry and are forced to reconsider doing business
with you as well, but you're big and popular and so many of them have to
deal with your mess on an ongoing basis.  Many customers take their
business elsewhere; the stores suffer.

The argument here appears to be that is that this is justified, because the
ecosystem of manufacturers, grocery stores, resellers, and customers that
has existed for as long as you can remember has no right to operate that
way if you suddenly decide you don't want it to; it's your brand, and your
word about your brand is final irrespective of how you choose to enforce
it.  You're suddenly, for reasons you feel are legitimate, asserting that
the ecosystem was broken to begin with despite the fact that you've been a
willing participant for decades, and therefore you are at liberty to
disrupt it (though, admittedly, you may have been unaware of the blast
radius of doing so).

Now, you may be right that the ecosystem was built on the incorrect premise
that domain names don't need to be treated as sacrosanct.  (Let's ignore
for the moment the stuff about hindsight.)  But that assertion clearly
differs from the well-established foundation upon which a great deal rests
today.  It is far from trivial to change that now.  It's possible to do, to
be sure, but dropping it into the world overnight has a hugely disruptive
impact.  Such a change needs to be an evolution, with the cooperation and
collaboration of a preponderance of the participants, not a philosophical
light switch you get to throw and expect everyone else to conform.

I don't want any more soda on me.

Why people's mailboxes must be spoofable?
>

I don't know about "must", but changing the fundamental assumption that
it's acceptable in some cases for X to pretend to be Y (which is what MLMs
do), at X's discretion, is a tectonic change that should have been rolled
out with more community collaboration and grace than it was.  I think we
need to be more considerate of that fact if there is to be progress.

Syllogism goes like so:  Mailing list must not accept strict DMARC
> policies, humans may happen to use mailing lists, therefore email
> domains which hosts mailboxes used by humans must not publish strict
> DMARC policies.  Is that really what we seek?  I hope not.
>

It is our current reality, and in my humble opinion, we've nobody to blame
but ourselves.

-MSK, participating.

v2.23.0 | Report a Bug | By Email