IETF Logo Mail Archive

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

Scott Kitterman <sklist@kitterman.com> Sun, 09 April 2023 14:35 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EC6EC1522AF for <dmarc@ietfa.amsl.com>; Sun, 9 Apr 2023 07:35:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="0ERWlEXN"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="nHNSmWP7"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9seJGE7tXvXq for <dmarc@ietfa.amsl.com>; Sun, 9 Apr 2023 07:35:49 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E8C3C151711 for <dmarc@ietf.org>; Sun, 9 Apr 2023 07:35:49 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 3F8C5F801E7 for <dmarc@ietf.org>; Sun, 9 Apr 2023 10:35:37 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1681050922; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=f1LcvHhgOl3eq9dYFQYGuDDqfiH3tqZHUhVzdCeBb9s=; b=0ERWlEXNoBuHH2a61giX9f67bHqiIX5ignc5YqJp2ErOuUIjOEQsQVqb3cTki2b0rR0EB uvxVifkOC0r7hoVCQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1681050922; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=f1LcvHhgOl3eq9dYFQYGuDDqfiH3tqZHUhVzdCeBb9s=; b=nHNSmWP727Lu7ikNQ48WHxUE9cHP9N0MSOLI64/SrqFPC9Psv/CDpneZ3XmDOhwGO1883 oREqp2mp3evH6L8UQNkjPC7l9SrjGw3SKj/+x4i9rl+oUBub0XxnoZl8/hCgVXO0CBKeKIi gl6gc40RhgXghsZustOi2TeUbbGVG5FAY9dOWWMmzGDw8iId24YKgj2oPeGomEhxpGIeNOT EHy6yc54DCo0klt5xmFduV0/Q8fa5wGP/7rO9Cqqt/KM9n2KwJd86FwXf9MqKJpLL+RmFWK 6eCyPNY/E0MmME1roYTgx0WdnlDIjSlnr+U/mf5CrmpiQI+8uVJeCP70nZtA==
Received: from localhost.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTP id 0B324F80120 for <dmarc@ietf.org>; Sun, 9 Apr 2023 10:35:22 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Sun, 09 Apr 2023 10:35:17 -0400
Message-ID: <3122742.Io3Ou0D7O6@localhost>
In-Reply-To: <CAL0qLwaKO5A_OSjod00msw+8EALOUqYzeXb_aPjVhQ2R1wZKJg@mail.gmail.com>
References: <CALaySJ+NBg9vzqa0_t-sBf7EKXQ3A=DTyy-Vc7M-ZK9-vfJxmw@mail.gmail.com> <80086446-effa-7ee2-91c7-1f44449d92fb@tekmarc.com> <CAL0qLwaKO5A_OSjod00msw+8EALOUqYzeXb_aPjVhQ2R1wZKJg@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/TWcjYE7BKinfrF9YaYf-TEdYiCY>
Subject: Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Apr 2023 14:35:53 -0000

On Sunday, April 9, 2023 3:50:46 AM EDT Murray S. Kucherawy wrote:
> Emphatically "wearing no hat" here, just speaking as a long-time
> participant:
> 
> On Sat, Apr 8, 2023 at 2:13 PM Mark Alley <mark.alley=
> 
> 40tekmarc.com@dmarc.ietf.org> wrote:
> > Re-looking at the definition of "SHOULD NOT", I don't see why it can't be
> > considered.
> > 
> > "SHOULD NOT - This phrase, or the phrase "NOT RECOMMENDED" mean that there
> > may exist valid reasons in particular circumstances when the particular
> > behavior is acceptable or even useful, but the full implications should be
> > understood and the case carefully weighed before implementing any behavior
> > described with this label."
> > 
> > Seems to fit perfectly with how domain owners currently can pick and
> > choose interoperability with p=none over more strict protection, or vice
> > versa with p=reject, in my opinion. Is that not considered "acceptable" by
> > this definition's context?
> 
> IMHO, absolutely not.
> 
> Since one of the IETF's main goals in producing a technical specification
> is interoperability, and since improperly deployed "p=reject" results in
> the very essence of non-interoperability in the deployed email base, I'm
> having trouble imagining why the standard should leave operators with any
> choice here.  That is, in direct reply to the cited definition of "SHOULD
> NOT", I claim there do not exist valid reasons in particular circumstances
> when the particular behavior is acceptable, even when the full implications
> are understood and the case carefully weighed.
> 
> (Note, here, that Barry has in his proposed text limited the constraint to
> those types of deployments where the damage is likely.  I concur.  DMARC,
> as currently defined, works just fine when deployed in transactional
> situations.  Or, at least, I haven't seen that identified as a problem
> case.)
> 
> Mike Hammer asks, reasonably, whether an IETF standard containing a "MUST
> NOT" that we know people will ignore calls into question the IETFs
> relevance or legitimacy.  But I submit that the IETF issuing a standards
> track document which fails to take the strongest possible stance against
> deploying DMARC in a way that knowingly imposes substantial breakage, for
> any reason, is irresponsible and is the greater threat to our legitimacy.
> Keep in mind that improper deployment of DMARC results in damage to
> innocent third parties: It's not the sender or the MLM that's impacted,
> it's everyone else on the list.  It's breathtaking to me that we can feel
> comfortable shrugging this off under the banner of "security" or "brand
> protection".
> 
> In a separate email, Doug Foster just said:
> > I also have a hard time with the notion that any domain with a potential
> 
> exception becomes a domain that MUST NOT protect itself from impersonation.
> 
> But it's not "MUST NOT protect itself from impersonation", it's "MUST NOT
> use DMARC to protect itself from impersonation" when the use of the domain
> includes non-transactional operations likely to be disruptive.
> 
> Imagine a web server protocol that states, when receiving a proxied
> connection, if the web server looks at it and sees something it didn't
> like, it rejects the request, but also fouls up some other active,
> legitimate operation in the process.  Imagine further that the only
> defensive posture about this disruption is a "SHOULD NOT".  Whatever
> benefit such an algorithm might claim, should it be given a place among the
> other standards the IETF produces?  I would hope the answer is obvious.
> And if we're not willing to tolerate it in the web world, why are we
> willing to tolerate it for email?
> 
> The IETF has no illusion that it is the standards or protocol police.  It
> is sufficient, however, to be able to say in the face of such breakage that
> this is not how the IETF intended DMARC to be deployed.  (A similar debate
> exists already, for what it's worth, in the domain registration space.)
> That is, if you do "p=reject" when you know what you're doing is going to
> clobber other people's legitimate operations, you can't claim to be
> operating in compliance with the standard.  We need to be able to say that,
> even if the offender doesn't care to listen, and "SHOULD NOT" simply
> doesn't cut it.
> 
> Mike also likes to invoke King Canute, but I think that's a faulty
> analogy.  DMARC does not deserve elevation in our calculus to the
> equivalent of a force of nature.  It was built and deployed by humans, who
> often make mistakes or have agendas.  The same cannot be said of the ocean
> or tides.
> 
> Finally, and for the only part with my AD on but askew: Scott has proposed
> a couple of good alternatives to consider, though one of them includes
> "MUST consider".  I have placed a DISCUSS on formulations like this in
> other documents before because I don't know how one would evaluate
> compliance with such a normative assertion.  It reduces in my mind to "OK
> I've thought about it, thus I have complied", so it doesn't actually say
> much in defense of interoperability.
> 
> -MSK, participating

Fair enough on the MUST consider.  I agree.

I also agree with your more general comment here.  I think we're at the point 
where we've pretty well discussed it at least to the point of diminishing 
returns.

How do we drive this to closure?

Scott K

v2.23.0 | Report a Bug | By Email