Re: [dmarc-ietf] Composition Kills: A Case Study of Email Sender Authentication
John Levine <johnl@taugh.com> Thu, 23 April 2020 00:20 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E2E93A0EB7 for <dmarc@ietfa.amsl.com>; Wed, 22 Apr 2020 17:20:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.85
X-Spam-Level:
X-Spam-Status: No, score=-1.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=bqijfj9P; dkim=pass (1536-bit key) header.d=taugh.com header.b=dj21EiDU
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u3VIvrFcZpAM for <dmarc@ietfa.amsl.com>; Wed, 22 Apr 2020 17:20:23 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F10D3A0EB5 for <dmarc@ietf.org>; Wed, 22 Apr 2020 17:20:23 -0700 (PDT)
Received: (qmail 13196 invoked from network); 23 Apr 2020 00:20:21 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=3389.5ea0df45.k2004; bh=Rb0Vho0eeN8qUfL3iMhTsf+A6uCsjoUROu2lwJDcr2k=; b=bqijfj9PmsjQHUTjP5aEUk3ozIBgMkbFuCo6vPcZrTNdh6B7QAjQixWm+hX1ILOXrzM3gj2Jjysq0hWHhHTwmIdERbHOEhD88hsBkHoirKTpZThiH1A6M0bABKJJmF0Y3xys+bOHLFGvqP0DlCHzI45L4jthYFtQmhJRkmL3Aqt8dpJ4LmpPdT6W2eCrXyPL4Cci0kgAq/+KjqDrSfG7EjFoQbJ4JkoWAAIUXW8VNY3htEqBbrOIt0fvhtsispu/
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=3389.5ea0df45.k2004; bh=Rb0Vho0eeN8qUfL3iMhTsf+A6uCsjoUROu2lwJDcr2k=; b=dj21EiDUU/GG4s11VcYiDeoSRZnWyFnZsyirjvrnynDkFSOnhzi39SLiVch5VozWo7mF3Q93JUXoZxhS2FoCOQ3J7OgjvfF/8U7SxXwZpSbfQWfZy/tkcTnCvg8jJ1QrVYIJ0uT+FkqnLY3XRH3ETHQi7hFB3wWXLcVrKsqioCHXRcc2RvhTTwM1HY/22ukB8raF3Ro2gj2EkFwQADCCuUs4xNuZte+gc6angItCfjo37lu2hankP6t08QL+VVI5
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 23 Apr 2020 00:20:20 -0000
Received: by ary.qy (Postfix, from userid 501) id BAB07181BB09; Wed, 22 Apr 2020 20:20:20 -0400 (EDT)
Date: Wed, 22 Apr 2020 20:20:20 -0400
Message-Id: <20200423002020.BAB07181BB09@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: dcrocker@bbiw.net
In-Reply-To: <51be5654-94c4-38c6-8f6b-dca403d6680a@dcrocker.net>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Ssutuh_ODZztyP3Jm2iRbGiTL8k>
Subject: Re: [dmarc-ietf] Composition Kills: A Case Study of Email Sender Authentication
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2020 00:20:26 -0000
In article <51be5654-94c4-38c6-8f6b-dca403d6680a@dcrocker.net> you write: >The paper has a simplistic model of email anti-abuse processing and this >distorts some of its analysis. At the least, the paper needs to >distinguish between theory and practice. Yup. >> SPF implementations treat “(any@legitimate.com” as anempty MAIL FROM >> address, and thus forward the resultsof checking HELO to the DMARC >> component, because thestring in the parentheses can be parsed as a >> comment ac-cording to RFC 5322 [10]. Some DMARC >> implementations,however, may take it as a normal non-empty address, > >1. This issues goes away if SPF supplies DMARC the domain name, rather >than DMARC having to fetch it Their assumptions about DMARC validators may be true in some cases but not in general. In OpenDMARC which is pretty widely used, the caller tells the DMARC library what domain SPF checked, whether it was the mail_from or helo, and what the result was. >The paper asserts that AR is used as DMARC input. I suspect that is >rarely, if ever, true. Yes? No? I'd say never. To do DMARC rejects you have to do all of the validation in the SMTP daemon, which is before anything has a chance to create an A-R header. >The rfc5322.From: field is independent of MIME. MIME pertains only to >the body. The display name can be a MIME encoded word, but that has nothing to do with parsing the MIME parts in the body of the message. I'm still impressed at some of the really simple bugs they exploited, like NUL characters in header fields. R's, John
- [dmarc-ietf] Composition Kills: A Case Study of E… Scott Kitterman
- Re: [dmarc-ietf] Composition Kills: A Case Study … Kurt Andersen (b)
- Re: [dmarc-ietf] Composition Kills: A Case Study … John Levine
- Re: [dmarc-ietf] Composition Kills: A Case Study … Dave Crocker
- Re: [dmarc-ietf] Composition Kills: A Case Study … Scott Kitterman
- Re: [dmarc-ietf] Composition Kills: A Case Study … John Levine
- Re: [dmarc-ietf] Composition Kills: A Case Study … Juri Haberland
- Re: [dmarc-ietf] Composition Kills: A Case Study … ned+dmarc