IETF Logo Mail Archive

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

Neil Anuskiewicz <neil@marmot-tech.com> Sat, 08 April 2023 23:17 UTC

Return-Path: <neil@marmot-tech.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22C23C151B20 for <dmarc@ietfa.amsl.com>; Sat, 8 Apr 2023 16:17:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=marmot-tech.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oogUH7Vvbh4G for <dmarc@ietfa.amsl.com>; Sat, 8 Apr 2023 16:17:07 -0700 (PDT)
Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94C89C151B1D for <dmarc@ietf.org>; Sat, 8 Apr 2023 16:17:07 -0700 (PDT)
Received: by mail-pj1-x1031.google.com with SMTP id j14-20020a17090a7e8e00b002448c0a8813so5993925pjl.0 for <dmarc@ietf.org>; Sat, 08 Apr 2023 16:17:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marmot-tech.com; s=google1; t=1680995827; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=hMl8ZVHoRVEHvTtEvNAS4ADVPpmTdHjRHJgeTptQkNg=; b=DCBYKfVQ2pOMjrSkPOduUS8miMNxsDSE2noNFkqXj4aOVn6By7VznBzBxtOSr1GODW A0uYM9wCtiPXanUKw7JYaxw0SaIa4a19XGZguLe6n0uabpeV7nPYKstyeu8P1L4PcXLZ jJj/OUGGtMMdnOiCoXRsErOJ7TN4+u/rlnZCHreBIO4/rZx9/sHt4farShBEFMvrGJez iAeEvKrfJgJhK8+MmoEMjSuQDYNuxG/WcpHWaEbR1WgwASzpw8u0MEM5UFyHdHuvhi3G ZPNzf0NpulSPCzSz7he2JFJuC2FJexAElgs+IR7NZPvVIEu5XyIhOE8f0RLtUHsUKosf c9JA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680995827; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hMl8ZVHoRVEHvTtEvNAS4ADVPpmTdHjRHJgeTptQkNg=; b=i8mS4vgh3+HgTcaPVbSp6ofXeuRvHYpDiJH0Hpdl4iwuJF6JsSmZ8SELQ3wsjK5tuY beutzcHk2IMUulFaNWc+slL00sMcjH6t1hcZv64IGIX7dMxdqgz97wU9K7CNEzlxlR4E L7YJKrG8umXIMEh2V3yJHPivQLNnvw4nHm44TYRF1EzXMCXJNN6EDddYkFzUpFGvLkAe 1l4nQTkcCGTse4z7Q768o0+ALaMkQNNmAOT4PNLgYlgJeApetsfQN9eTIdLo5aeQNaRr 7Uguo8uK/CKhcW8dZs5KE+8Koq1KtZg+MyDcMpZrpTcdkWpAzaW2rPngks7KrOWzeXNE WhaA==
X-Gm-Message-State: AAQBX9eX8TiI+Zcuebis7EfP2ypXR/v1Ie1As8jZ0jnz7p8POO72bVcU ttcgfxvVMZwXHCs6N0QH28uIIUemgHJS+lhDsGs=
X-Google-Smtp-Source: AKy350am+7rsmnkGjFQqi/B8n4VegEwy4ncT8zO/3GvN1YtaaDwNrIUARzFHgAIuvj8DbfSfvCLHoQ==
X-Received: by 2002:a17:90a:af97:b0:23d:21c9:193 with SMTP id w23-20020a17090aaf9700b0023d21c90193mr8213325pjq.2.1680995826674; Sat, 08 Apr 2023 16:17:06 -0700 (PDT)
Received: from smtpclient.apple ([2601:1c0:cb02:fad0:c5a0:a28d:af8d:7c49]) by smtp.gmail.com with ESMTPSA id g15-20020a17090a7d0f00b002309279baf8sm6634701pjl.43.2023.04.08.16.17.06 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 08 Apr 2023 16:17:06 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Neil Anuskiewicz <neil@marmot-tech.com>
Mime-Version: 1.0 (1.0)
Date: Sat, 08 Apr 2023 16:15:42 -0700
Message-Id: <AD94E65A-1962-4AFB-866E-2366B6ED4AAF@marmot-tech.com>
References: <130007620.2Ar6dGBpm0@localhost>
Cc: dmarc@ietf.org
In-Reply-To: <130007620.2Ar6dGBpm0@localhost>
To: Scott Kitterman <sklist@kitterman.com>
X-Mailer: iPad Mail (20D67)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/R_M-79mir5O_4wnj0e1-qmHWgA4>
Subject: Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Apr 2023 23:17:12 -0000


> On Apr 8, 2023, at 3:28 PM, Scott Kitterman <sklist@kitterman.com> wrote:
> 
> There are several variations of text that roughly mean the same thing, 
> particularly when you keep in mind that IETF specifications are intended to be 
> interoperability specifications, not implementation specifications.
> 
> We could do I think any of the following and they are roughly semantically 
> equivalent:
> 
> [general purpose]* domains MUST NOT publish p=reject to preserve 
> interoperability
> 
> to preserve interoperability, domains SHOULD NOT publish p=reject unless they 
> are [not general purpose]* domains
> 
> which could be accompanied by:
> 
> [not general purpose]* domains SHOULD determine their email authentication 
> deployment is accurate and complete before publishing restrictive policies 
> (p=quarntine or p=reject) to avoid interoperability issues.
> 
> Publishing DMARC records with restrictive policies does cause interoperability 
> problems for some normal email usage patterns.  Potential impacts MUST be 
> considered before any domain publishes a restrictive policy.
> 
> * whatever the right formulation is, that's a related, but distinct (and I 
> think less controversial question).
> 
> I think there's enough there for everyone to find their preferred answer.  I 
> think it's clear on the interoperability risks, but the last MUST allows for 
> the realist case that people are going to do it anyway.  I have no preference 
> between the first two alternatives.
> 
> 
> 
>> On Saturday, April 8, 2023 5:12:56 PM EDT Mark Alley wrote:
>> Re-looking at the definition of "SHOULD NOT", I don't see why it can't
>> be considered.
>> 
>> "SHOULD NOT - This phrase, or the phrase "NOT RECOMMENDED" mean that
>> there may exist valid reasons in particular circumstances when the
>> particular behavior is acceptable or even useful, but the full
>> implications should be understood and the case carefully weighed before
>> implementing any behavior described with this label."
>> 
>> Seems to fit perfectly with how domain owners currently can pick and
>> choose interoperability with p=none over more strict protection, or vice
>> versa with p=reject, in my opinion. Is that not considered "acceptable"
>> by this definition's context?
>> 
>>> On 4/8/2023 4:10 PM, Scott Kitterman wrote:
>>> Possible.  I didn't count.
>>> 
>>> I didn't see any convergence towards an alternative.
>>> 
>>> I think adding explicitly that the MUST is related to interoperability
>>> reasonably addresses the concern that there are non-interoperability
>>> reasons people are going to publish p=reject despite the side effects.
>>> 
>>> I don't see a stronger consensus for a specific alternative.
>>> 
>>> I think we have exhausted the discussion on the topic, so, whatever the
>>> resolution, I'd like to see the chairs drive the question to closure. 
>>> It's pretty clear it's not going to naturally drift into a universal
>>> consensus.
>>> 
>>> Scott K
>>> 
>>> On April 8, 2023 8:58:13 PM UTC, Dotzero<dotzero@gmail.com>  wrote:
>>>> Going back through the thread I find more people questioning/disagreeing
>>>> with the proposed wording than agreeing with it. I don't see a rough
>>>> consensus.
>>>> 
>>>> Michael Hammer
>>>> 
>>>> On Sat, Apr 8, 2023 at 4:17 PM Scott Kitterman<sklist@kitterman.com>  
> wrote:
>>>>> We've gone nearly a week without any further discussion on this thread.
>>>>> 
>>>>> I reviewed the thread and I think this is the closest we got to anything
>>>>> (most) people agreed on.  I know not everyone liked it, but I doubt
>>>>> we're
>>>>> going to get closer to a consensus on this.
>>>>> 
>>>>> Can we adopt this and move forward on to the next thing?
>>>>> 
>>>>> Scott K

Yes, I think so.  I get the feeling you possibly think it’s text that isn’t going to make much of an impact but presumably it’ll at least make a difference at the margins? The margins can grow as others see the benefits. I don’t know.

Neil

v2.23.0 | Report a Bug | By Email