IETF Logo Mail Archive

Re: [dmarc-ietf] Proposing an extension to DMARC to optionally require SPF and DKIM

"J. Gomez" <jgomez@seryrich.com> Tue, 02 April 2013 02:14 UTC

Return-Path: <jgomez@seryrich.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8318121E80B0 for <dmarc@ietfa.amsl.com>; Mon, 1 Apr 2013 19:14:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.382
X-Spam-Level:
X-Spam-Status: No, score=-2.382 tagged_above=-999 required=5 tests=[AWL=0.217, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8JH3emsEnfpg for <dmarc@ietfa.amsl.com>; Mon, 1 Apr 2013 19:14:59 -0700 (PDT)
Received: from eh.msi.es (eh.msi.es [213.27.239.123]) by ietfa.amsl.com (Postfix) with ESMTP id 97B3421E804A for <dmarc@ietf.org>; Mon, 1 Apr 2013 19:14:58 -0700 (PDT)
Received: from servidor3 (62.82.191.195) by exchange01.exchange.msi.es (192.168.223.3) with Microsoft SMTP Server (TLS) id 8.3.213.0; Tue, 2 Apr 2013 04:14:56 +0200
Message-ID: <BC41C4D113304028B6A694218722E623@fgsr.local>
From: "J. Gomez" <jgomez@seryrich.com>
To: dmarc@ietf.org
References: <20130402015319.6440.qmail@joyce.lan>
Date: Tue, 02 Apr 2013 04:16:14 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.4657
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4913
Subject: Re: [dmarc-ietf] Proposing an extension to DMARC to optionally require SPF and DKIM
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2013 02:14:59 -0000

On Tuesday, April 02, 2013 3:53 AM [GMT+1=CET], John Levine wrote:
> Right.  Since we know the same IP can emit both real and bogus
> messages and SPF can't tell the difference, what other result could
> you honestly provide?  Is it really a good idea to return an SPF pass
> for a message that might be a phish?

Yes, it would be a good idea to return an SPF pass, if and only if a standardized layer above SPF would require also a DKIM pass to build a final result of PASS.

Why? Because the probability of a trojanized AND spoofing client hosted in the same sending IP address is close to zero, but not equal to zero. To clear that marginal doubt, DKIM is needed. And to assert that policy requirement to others unaware of the particularities of that infraestructure, DMARC is need.

So the idea is this: if DMARC is in a layer above SPF and DKIM, lets plug in DMARC the holes anyone of those under it may have left open.

Yes, things could have been born perfect at once, but here we are and these issues we have. Why not patch them, if the solution is both within reach and cheap?

Regards,

J. Gomez

v2.23.0 | Report a Bug | By Email