IETF Logo Mail Archive

Re: [dmarc-ietf] Proposing an extension to DMARC to optionally require SPF and DKIM

"J. Gomez" <jgomez@seryrich.com> Tue, 02 April 2013 00:52 UTC

Return-Path: <jgomez@seryrich.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CD3521E804A for <dmarc@ietfa.amsl.com>; Mon, 1 Apr 2013 17:52:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.274
X-Spam-Level:
X-Spam-Status: No, score=-2.274 tagged_above=-999 required=5 tests=[AWL=0.325, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xZK0RXpgoj4E for <dmarc@ietfa.amsl.com>; Mon, 1 Apr 2013 17:52:14 -0700 (PDT)
Received: from eh.msi.es (eh.msi.es [213.27.239.123]) by ietfa.amsl.com (Postfix) with ESMTP id 2410E11E80F8 for <dmarc@ietf.org>; Mon, 1 Apr 2013 17:52:13 -0700 (PDT)
Received: from servidor3 (62.82.191.195) by exchange01.exchange.msi.es (192.168.223.3) with Microsoft SMTP Server (TLS) id 8.3.213.0; Tue, 2 Apr 2013 02:52:11 +0200
Message-ID: <A8438ED880C643F1A05F78C36B0E16B3@fgsr.local>
From: "J. Gomez" <jgomez@seryrich.com>
To: dmarc@ietf.org
References: <77426B543150464AA3F30DF1A91365DE52EA0E87@ESV4-MBX01.linkedin.biz>
Date: Tue, 02 Apr 2013 02:53:30 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.4657
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4913
Subject: Re: [dmarc-ietf] Proposing an extension to DMARC to optionally require SPF and DKIM
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2013 00:52:16 -0000

On Tuesday, April 02, 2013 2:37 AM [GMT+1=CET], Franck Martin wrote:
> We did SPF or DKIM because both were not solving the problem on their
> own. So both combined together has all the advantages less the
> inconveniences. 
> 
> If you want to say, nobody else can spoof me, then you can do SPF
> -all, but then no large receiver never really trusted this policy
> assertion. Also, you can put a DMARC record and SPF and not DKIM
> sign, you will get the same benefits.

Hmm, are you missing the part where several independent clients send to the Internet through the same cloud-based email gateway, and therefore "-all" in SPF still allows for spoofing if any of those clients is trojanized, and DMARC in its current form does nothing to solve this problem?

Ok, DMARC has been devised by brand-companies (Facebook, Linkedin, Big-Bank-X) and mailbox-providers (Hotmail, Yahoo, Gmail), I see that and I understand their needs to reliably exchange email policies. But there is more people in the email ecosystem, like for example cloud-services providers, who also happen to do email.

I think the needs of everyone (exchanging email policies, and securing authentication in a multitenant cloud service) can be met easily with DMARC, without harm for any of those camps.

Regards,

J. Gomez

v2.23.0 | Report a Bug | By Email