IETF Logo Mail Archive

Re: [dmarc-ietf] External review of draft-kucherawy-dmarc-base-01

Franck Martin <franck@peachymango.org> Sat, 07 December 2013 00:36 UTC

Return-Path: <franck@peachymango.org>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09DDB1ADF7F for <dmarc@ietfa.amsl.com>; Fri, 6 Dec 2013 16:36:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wVmrstHsGuHn for <dmarc@ietfa.amsl.com>; Fri, 6 Dec 2013 16:36:33 -0800 (PST)
Received: from smtp.01.com (smtp.01.com [199.36.142.181]) by ietfa.amsl.com (Postfix) with ESMTP id EC6521AD7BF for <dmarc@ietf.org>; Fri, 6 Dec 2013 16:36:32 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by smtp-out-2.01.com (Postfix) with ESMTP id DFE294F422C; Fri, 6 Dec 2013 18:36:28 -0600 (CST)
X-Virus-Scanned: amavisd-new at smtp-out-2.01.com
Received: from smtp.01.com ([127.0.0.1]) by localhost (smtp-out-2.01.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eOWmeTAyCrJZ; Fri, 6 Dec 2013 18:36:28 -0600 (CST)
Received: from smtp.01.com (localhost [127.0.0.1]) by smtp-out-2.01.com (Postfix) with ESMTP id BFF024F408A; Fri, 6 Dec 2013 18:36:28 -0600 (CST)
Received: from localhost (localhost [127.0.0.1]) by smtp-out-2.01.com (Postfix) with ESMTP id A82284F4288; Fri, 6 Dec 2013 18:36:28 -0600 (CST)
X-Virus-Scanned: amavisd-new at smtp-out-2.01.com
Received: from smtp.01.com ([127.0.0.1]) by localhost (smtp-out-2.01.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id J6MNqmiI1EDf; Fri, 6 Dec 2013 18:36:28 -0600 (CST)
Received: from mail-2.01.com (mail.01.com [172.18.30.178]) by smtp-out-2.01.com (Postfix) with ESMTP id 7B9504F408A; Fri, 6 Dec 2013 18:36:28 -0600 (CST)
Date: Fri, 06 Dec 2013 18:36:27 -0600
From: Franck Martin <franck@peachymango.org>
To: Jim Fenton <fenton@bluepopcorn.net>
Message-ID: <715316768.247342.1386376587794.JavaMail.zimbra@peachymango.org>
In-Reply-To: <WM!fc797558ad76328a42a6713fe1ee0f808276af8997f2326cc79437eb24447602ad33d5069fa2054e32f4c0f578713544!@asav-2.01.com>
References: <524CA422.8030008@bluepopcorn.net> <CAL0qLwZDhVM0edfzJe_wrKPSjC6c9bvabbO-Bp7+LVowHtg0=w@mail.gmail.com> <52A25C31.4070407@bluepopcorn.net> <WM!fc797558ad76328a42a6713fe1ee0f808276af8997f2326cc79437eb24447602ad33d5069fa2054e32f4c0f578713544!@asav-2.01.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_247341_1976134241.1386376587791"
X-Originating-IP: [69.28.149.129]
X-Mailer: Zimbra 8.0.5_GA_5839 (ZimbraWebClient - FF25 (Mac)/8.0.5_GA_5839)
Thread-Topic: External review of draft-kucherawy-dmarc-base-01
Thread-Index: Muil9mluiTxISEq/53cPUvAU2e2WBg==
Cc: dmarc@ietf.org, "Murray S. Kucherawy" <superuser@gmail.com>
Subject: Re: [dmarc-ietf] External review of draft-kucherawy-dmarc-base-01
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Dec 2013 00:36:36 -0000

----- Original Message -----

> From: "Jim Fenton" <fenton@bluepopcorn.net>
> To: "Murray S. Kucherawy" <superuser@gmail.com>
> Cc: dmarc@ietf.org
> Sent: Friday, December 6, 2013 3:22:25 PM
> Subject: Re: [dmarc-ietf] External review of draft-kucherawy-dmarc-base-01

> A few reply responses inline.

> On 12/3/13 12:26 AM, Murray S. Kucherawy wrote:

> > > "If the RFC5322.From domain does not exist...": This specifies an action
> > 
> 
> > > that has nothing to do with DMARC. I don't know the history of this but
> > 
> 
> > > it seems like if there was going to be some global "you SHOULD reject
> > 
> 
> > > messages with a nonexistent From domain" action, it belongs someplace
> > 
> 
> > > like RFC 5322, not here. See also comment under A.4.
> > 
> 

> > I agree that RFC5322 doesn't establish this requirement. We're saying that
> > a
> > DMARC implementation needs to take this action as it, along with normal
> > DMARC operation, defeats spoof attempts.
> 

> Although this is an exceedingly rare usage, I still wonder whether this (and
> not 5322) is an appropriate place to place additional restrictions on
> otherwise-legal mail.

> In the event that the message is rejected during an SMTP transaction, should
> there be an error code specified for this?

There may be a BCP to discuss a bit more about it. Also I think we need to stress more these cases in security considerations or inline. 

However, RFC5322 section 3.6 says there must be one and only one From: header for the message to be "valid". So we can point to this rule and say something like with DMARC you should enforce that, and not be lenient ( http://tools.ietf.org/html/draft-ietf-appsawg-malformed-mail-11 section 1.1 second paragraph) 

Moreover RFC5322 says: 
from            =   "From:" mailbox-list CRLF 
So there must be at least one domain name in this Field. Once again, you can be less lenient here. Not DMARC role, here, but you can point back to this RFC and say stop to be lenient. 

However, IEA RFC 6854, states, that 
from = "From:" (mailbox-list / address-list) CRLF 
is ok between non IEA aware MTAs (section 3). I did not like the change of the From: header because it increases uncertainty in emails. Fortunately it is limited in scope, so once you have an MTA that can do IEA, you can enforce the mailbox-list again . 
Now closer to your point, I don't think any RFC states that the domain name found in the From: must exists or even be mildly "emailable", this is a "common" check you may do for the envelope from (cf http://spamassassin.apache.org/tests_3_3_x.html NO_DNS_FOR_FROM ). It is not common for the From: header but this is something DMARC could point out as something worth considering. 

Finally, you can't imagine what you find in bounces... All the badness , breakages are there... (or nearly).

v2.23.0 | Report a Bug | By Email