IETF Logo Mail Archive

Re: [dmarc-ietf] Email security beyond DMARC?

DAMY gustavo <gustavo.DAMY@upu.int> Tue, 19 March 2019 18:03 UTC

Return-Path: <gustavo.DAMY@upu.int>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B57F1315B5 for <dmarc@ietfa.amsl.com>; Tue, 19 Mar 2019 11:03:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=upu.int
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SqdDrpAeOB8c for <dmarc@ietfa.amsl.com>; Tue, 19 Mar 2019 11:03:12 -0700 (PDT)
Received: from mgw1.upu.int (mgw1.upu.int [193.247.49.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6D5D1315D5 for <dmarc@ietf.org>; Tue, 19 Mar 2019 11:03:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=upu.int; i=@upu.int; q=dns/txt; s=default; t=1553018590; x=1584554590; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=W43eVN1pIH7tuqpQyAG131OI7VRY1GswGUH4dmmAtCE=; b=kEDOpjGqZguaXzXq01pbtyKyzajMbpkegDZqk1qetxpjgKkxEZlBAMu3 IlxrjAc5WNwD0pKlt9If3ivhIURjBBLZMSBAWds5xOHmQ/htkt3GWTUrj 65Ap+9voAyCDJNXk/7C2cmrWr2iX/h2J9Hh1QnBpo/MLxRcMl02MPapTr JlNFgnAT1+hIiO/JR1FeY7B7qp6A737JRVKBxOel//o7Det1Qf3vghvbV 87WSz8J2+9IYZuV6mahDvyQhimrruKYtkTu+vuSdZKBGbdjoqEyj9CxPW 1vIXpp+3A1RUUJ1JhMWCWb1whcWy3YjpiHW0e5+WubAZRj3NAu7odpKRb g==;
Authentication-Results: mgw1-out.upu.int; spf=Pass smtp.mailfrom=gustavo.DAMY@upu.int; spf=None smtp.helo=postmaster@PEXC01.upu.ch
Received-SPF: Pass (mgw1-out.upu.int: domain of gustavo.DAMY@upu.int designates 193.247.55.160 as permitted sender) identity=mailfrom; client-ip=193.247.55.160; receiver=mgw1-out.upu.int; envelope-from="gustavo.DAMY@upu.int"; x-sender="gustavo.DAMY@upu.int"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:193.247.55.160/32 ip4:193.247.55.161/32 ip4:80.80.227.166/32 ip4:193.247.63.15/32 +a:erecruit.noreply.upu.int +mx -all"
Received-SPF: None (mgw1-out.upu.int: no sender authenticity information available from domain of postmaster@PEXC01.upu.ch) identity=helo; client-ip=193.247.55.160; receiver=mgw1-out.upu.int; envelope-from="gustavo.DAMY@upu.int"; x-sender="postmaster@PEXC01.upu.ch"; x-conformance=spf_only
IronPort-SDR: XYy2s1P7kRtsFX6A942bD+NmYVALq8yQJdFRk9+L+IjURluD1+9qHzD+h7/oelxaf6aa9ldlGZ IVQCob39SdWd5cLi1Pc9XZIcXB9AV7OPwrB9vrO0SH25JKfBhIYNlnAYf5VQmsDMBzBiyV6k2r gYItE7CHqdJxk+L9tHTqxig07LOg38s22Y6z9fUpypIr3prDv4z6aJCyvqezOjYx7JDgBCaEM1 BKTNzE0BxgI6EFVwP3LmiLYNOlR0pJBpLBep/l/cukzV7+swfmKqaR/wIUzR7Q8ThK6WzIgaCX DB4=
X-IronPort-AV: E=Sophos;i="5.60,245,1549926000"; d="scan'208";a="1890599"
Received: from PEXC01.upu.ch (2002:c1f7:37a0::c1f7:37a0) by PEXC01.upu.ch (2002:c1f7:37a0::c1f7:37a0) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Tue, 19 Mar 2019 19:03:00 +0100
Received: from PEXC01.upu.ch ([fe80::28c1:e4c1:2f2e:11fc]) by PEXC01.upu.ch ([fe80::28c1:e4c1:2f2e:11fc%13]) with mapi id 15.00.1130.005; Tue, 19 Mar 2019 19:03:00 +0100
From: DAMY gustavo <gustavo.DAMY@upu.int>
To: "dmarc@ietf.org" <dmarc@ietf.org>
CC: Bernie Hoeneisen <bernie@ietf.hoeneisen.ch>
Thread-Topic: [dmarc-ietf] Email security beyond DMARC?
Thread-Index: AQHU3b0Xv/AeslasNkiUwE096qOcBKYTO0Dw
Date: Tue, 19 Mar 2019 18:02:59 +0000
Message-ID: <90b936ec488f41108bc4e528eb7933f6@PEXC01.upu.ch>
References: <1dc451a973a8443a87d37b6e5c41fe38@bayviewphysicians.com> <alpine.DEB.2.20.1903181355520.5419@softronics.hoeneisen.ch>
In-Reply-To: <alpine.DEB.2.20.1903181355520.5419@softronics.hoeneisen.ch>
Accept-Language: en-GB, fr-CH, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.22.0.30]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/S6qKPtpPZMQWjpN2D1jpPQ7oI7k>
Subject: Re: [dmarc-ietf] Email security beyond DMARC?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2019 18:03:18 -0000

Very useful links Bernie, thanks for the info.
I wonder if this working group will eventually will make reference  to the concept of PeP  protocol to reinforce the usage of DMARC  you are mentioning below? 

Best Regards
Gustavo Damy


-----Original Message-----
From: Bernie Hoeneisen <bernie@ietf.hoeneisen.ch> 
Sent: Monday, March 18, 2019 1:58 PM
To: Douglas E. Foster <fosterd@bayviewphysicians.com>
Cc: dmarc@ietf.org
Subject: Re: [dmarc-ietf] Email security beyond DMARC?

Hi Doug

On Sat, 16 Mar 2019, Douglas E. Foster wrote:

> I tried to understand what IETF is doing about email security, and 
> this working group seems to be the only surviving effort.  Based on 
> the index, the groups attention is focused on polishing the existing 
> DMARC implementaton rather than plowing new territory.  Given the 
> devastating effect of WannaCry and the success of other email-based 
> attacks, I think our work is far from finished.

You may want to have a look on some upcoming work. We just started a new mailing list, which includes the topic of email security:

  MEDUP -- Missing Elements for Decentralized and Usable Privacy

To subscribe:

- https://www.ietf.org/mailman/listinfo/medup

Please find more information on:

- https://mailarchive.ietf.org/arch/msg/medup/mbrbhFekt_srXShzpCa4RiXgPbY

- https://mailarchive.ietf.org/arch/msg/pearg/oBjgAwG3_eoR6tpLQGTE_9OggzQ

The former also includes a list of Internet-Drafts describing the MEDUP challenges.


Please be also informated that the LAMPS WG has requested a new work item 
on email header protection to be added to its charter.


Hope that helps!

Best,
  Bernie

--

http://ucom.ch/
Modern Telephony Solutions and Tech Consulting for Internet Technology

v2.23.0 | Report a Bug | By Email