Re: [dmarc-ietf] DMARC exceptions
Scott Kitterman <sklist@kitterman.com> Fri, 15 March 2024 14:24 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76119C14F61F for <dmarc@ietfa.amsl.com>; Fri, 15 Mar 2024 07:24:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="zB7302w+"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="ll+kHCMh"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TU-gT8Yzs0Za for <dmarc@ietfa.amsl.com>; Fri, 15 Mar 2024 07:24:20 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97AFEC14EB17 for <dmarc@ietf.org>; Fri, 15 Mar 2024 07:24:20 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id E0E58F80260 for <dmarc@ietf.org>; Fri, 15 Mar 2024 10:24:07 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1710512632; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=hARwn6yGINmM1bCY1NrQ1sOnrrmKw3h+W/Vl73CmeUw=; b=zB7302w+yfa8dpCNpVEyhlcTKbB9/GFe3xiuQOXQAaxpr1ZIhC97GI4ZDnrgtZR0uApOv 1xF50T8uHOiv9r6CA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1710512632; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=hARwn6yGINmM1bCY1NrQ1sOnrrmKw3h+W/Vl73CmeUw=; b=ll+kHCMhPYLM0zZ8F0Cy8It2XNm0lry5cWXYpkQsXfi3G6pRIBa4QWKF3AA2mjqnNmhUp AISq92TY5gjqJuFT9TNj5Z2SaCn2RSZFPVXPcrKo/zeoItuDCaQENriRnbYxQsw6jD6RzSZ kyOcKjyNf4MPaEvhSIaGvH8fgCiR3kEoCs5d938bCPshWVWiiCQlCNHb/KQW7i8o9Asld1v /fCfJrEs8YC4RqzTaImsD+mIhley09XHn2JWMm5NjW1Zvde0zWWvXPUYGvHYkxqIJUBtv86 NsEYG05XSNHrofy4b0Xnio9HPeJj+WD/2nXNf+iPjqtKS4Dc8RXg/0a7hAZQ==
Received: from zini-1880.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTP id 6F88FF80211 for <dmarc@ietf.org>; Fri, 15 Mar 2024 10:23:52 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Fri, 15 Mar 2024 10:23:47 -0400
Message-ID: <1921957.nbN0YCcojc@zini-1880>
In-Reply-To: <CAHej_8==9chBx=mnquigP07RKzW2Z57PhiU+LxXFMRk-wQ5xLA@mail.gmail.com>
References: <CAH48ZfygJ8zQfGWRnnsQ_XpSSpyUu1ZFeAaYgY6CCtdNdewETg@mail.gmail.com> <CAHej_8==9chBx=mnquigP07RKzW2Z57PhiU+LxXFMRk-wQ5xLA@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/RePH9uysNP8FFeHo2E5E70IfIfQ>
Subject: Re: [dmarc-ietf] DMARC exceptions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2024 14:24:25 -0000
On Friday, March 15, 2024 10:15:55 AM EDT Todd Herr wrote: > On Fri, Mar 15, 2024 at 1:47 AM Douglas Foster < > > dougfoster.emailstandards@gmail.com> wrote: > > DMARC is an imperfect tool, as evidenced by the mailing list problem, > > among others. DMARCbis has failed to integrate RFC7489 with RFC 7960, > > because it provides no discussion of the circumstances where an evaluator > > should override the DMARC result. I believe DMARCbis needs a discussion > > about the appropriate scope and characteristics of local policy. > > I disagree with your premise, and I submit that it is not the role of the > IETF, DMARCbis, or any third party to determine either characteristics or > appropriate scope for a policy that is local to a Mail Receiver. > > A Mail Receiver's goal is to make sure that its mailbox holders receive > wanted mail while minimizing the amount of unwanted mail that's accepted, > and how they work to achieve that goal is solely their purview. > > DMARC authentication results can and probably do inform their work, but > they're just one piece of data for doing so. Their work will also be > informed by many other data points, some of which we know (historical > mailbox holder engagement with a given mail stream) and some of which we > don't know, and they adjust their handling decisions all the time based on > whatever signals they deem important. > > I believe that this paragraph in the Introduction section of DMARCbis > concisely describes DMARC to Mail Receivers: > > A DMARC pass indicates only that the RFC5322.From domain has been > authenticated for that message. Authentication does not carry an explicit > or implicit value assertion about that message or about the Domain Owner. > Furthermore, a mail-receiving organization that performs DMARC verification > can choose to honor the Domain Owner's requested message handling for > authentication failures, but it is not required to do so; it might choose > different actions entirely. > > > I further believe that the description of the 'p' tag and of its possible > values of 'none', 'quarantine', and 'reject' in section 5.3, General Record > Format, are enough to help the Mail Receiver understand how reliable the > Domain Owner believes its authentication practices to be and, along with > everything else the Mail Receiver knows about the sending domain, the > source of the mail stream, etc., etc., how much weight can be assigned to a > failed DMARC authentication result for that domain. I agree. Let's move on. Scott K
- [dmarc-ietf] DMARC exceptions Douglas Foster
- Re: [dmarc-ietf] DMARC exceptions Todd Herr
- Re: [dmarc-ietf] DMARC exceptions Scott Kitterman
- Re: [dmarc-ietf] DMARC exceptions Hector Santos