IETF Logo Mail Archive

Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC and What To Say About SPF -all

Neil Anuskiewicz <neil@marmot-tech.com> Sun, 07 April 2024 12:52 UTC

Return-Path: <neil@marmot-tech.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAACBC14F696 for <dmarc@ietfa.amsl.com>; Sun, 7 Apr 2024 05:52:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=marmot-tech.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vNyX4DXIWdty for <dmarc@ietfa.amsl.com>; Sun, 7 Apr 2024 05:52:28 -0700 (PDT)
Received: from mail-pg1-x534.google.com (mail-pg1-x534.google.com [IPv6:2607:f8b0:4864:20::534]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBEB3C14F610 for <dmarc@ietf.org>; Sun, 7 Apr 2024 05:52:28 -0700 (PDT)
Received: by mail-pg1-x534.google.com with SMTP id 41be03b00d2f7-5d4a1e66750so2192503a12.0 for <dmarc@ietf.org>; Sun, 07 Apr 2024 05:52:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marmot-tech.com; s=google1; t=1712494348; x=1713099148; darn=ietf.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=viwFGQmrXzRIcBvxABxmhg6gyKOPqCZtTosFwzILd0A=; b=GBfRcuTZW+U3Lc7QgVxB63ZDJ+5TA7VsTC74Q2E0wB9na0FCq678UtNysCM0nQemCS hooMZHsouOTnejOqkpFUt1MrFbwEmVQRodJeerEcw8Hm3vEpmuWNB26W8Qm55GVJR09K vwMqXxu5MpknSzy6zZ5jpyUJvBtR8JCohkSfyBcXnOanKFTsvoBHVXtoRgUXEUGGzp50 QXzpxSW3ZqN6UbUgam2pwwPb+NJG/M392BzCFA4seh05aJ5t1+UZ2x3SbUH1VE+2YNy/ VGZLscB7f9628oXFUlwr5zYCxJqC0sh7HGmo+qO7mLb1IBNXAqSlaGRFdwjER7CT6rYn OJGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712494348; x=1713099148; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=viwFGQmrXzRIcBvxABxmhg6gyKOPqCZtTosFwzILd0A=; b=Ug4uW16RwPPQorFzmAVbezj9U/OBWvTuKamhwUAAfydbZPKDxgJLE0ApHvZcIisFhW NxRGytuRK0u0+svbUYWApQaxt8d0VlxMVNtDtsRbiht03IaIBUzBChzWFkPRPj+Lg6Hc mji+aX4rB/ZUnBasXX/TFj57zwoNvXJJrfiOKnAVnZq2BNA+VP84z30hoGOj2F/Infc2 y49SXoyy9HyLZVL7migOmjMdFcEhakXoRnyLMivLmcfsrhbmSvnfOJ6dN1A41rOrBcXf irQO3w7W9lZjUx4T/uqLOPQ/GRVaxNlyeIy/1n43RdBhqPyriXzHmgTSvbSZJdCT3776 oQrA==
X-Gm-Message-State: AOJu0YyaKVe+KWCqTQ2dMm68pYBlSJkDo79UAgSL8cHbP/54SX/hrXZG ZmzkG84V4TxytGF7vgvgZzMSjI+h/VK1gyBsGus0UyUfPm5JTM3OO31xwkQqvKqzCYt429tCXZR q
X-Google-Smtp-Source: AGHT+IEfsfTDQAueHTdOcDFwirl6R8fBwAdSTMzRQAKPI5MQtTx4y/PAFCHfMSfo1B4A7Svjt2BI/Q==
X-Received: by 2002:a05:6a00:3d49:b0:6ec:f667:fcc7 with SMTP id lp9-20020a056a003d4900b006ecf667fcc7mr8004088pfb.15.1712494348164; Sun, 07 Apr 2024 05:52:28 -0700 (PDT)
Received: from smtpclient.apple (c-73-96-89-175.hsd1.or.comcast.net. [73.96.89.175]) by smtp.gmail.com with ESMTPSA id y35-20020a056a00182300b006ed0c9751d0sm3004033pfa.98.2024.04.07.05.52.27 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 07 Apr 2024 05:52:27 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Neil Anuskiewicz <neil@marmot-tech.com>
Mime-Version: 1.0 (1.0)
Date: Sun, 07 Apr 2024 05:52:17 -0700
Message-Id: <66A098B7-709F-4611-963F-58A344B70BA3@marmot-tech.com>
References: <20240406204004.348F78701D5A@ary.qy>
Cc: dmarc@ietf.org, sklist@kitterman.com
In-Reply-To: <20240406204004.348F78701D5A@ary.qy>
To: John Levine <johnl@taugh.com>
X-Mailer: iPad Mail (21E236)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/TeYoN4awfJAcIvY9qaF3kb12JBQ>
Subject: Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC and What To Say About SPF -all
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Apr 2024 12:52:33 -0000

Forgive me if this a dumb idea but, Scott and others, any discussion of just deprecating SPF hardfail at some point?

> On Apr 6, 2024, at 1:40 PM, John Levine <johnl@taugh.com> wrote:
> 
> It appears that Scott Kitterman  <sklist@kitterman.com> said:
>> I hear you.  Your operational issue is my system working as designed.  DMARC
>> works on top of SPF, it doesn't change it.  
>> 
>> Anything like this belongs in an operational guidance document, not in the
>> protocol description.  I have no problem describing the trade offs in an
>> appropriate document, but I don't think this is it.
> 
> I agree.  "Don't do stupid stuff" goes in an A/S, not in the spec.
> 
> I entirely believe people are confused about SPF, but they're confused
> about everything. A few days ago on the generally clueful NANOG list
> we had to explain to someone that rejecting mail if DKIM signatures
> don't verify is not a good idea.
> 
> R's,
> John
> 
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email