IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

Dotzero <dotzero@gmail.com> Mon, 17 August 2020 12:39 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D2723A1513 for <dmarc@ietfa.amsl.com>; Mon, 17 Aug 2020 05:39:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.097
X-Spam-Level:
X-Spam-Status: No, score=-1.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7SeIu8GKFnn1 for <dmarc@ietfa.amsl.com>; Mon, 17 Aug 2020 05:39:04 -0700 (PDT)
Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C26443A1506 for <dmarc@ietf.org>; Mon, 17 Aug 2020 05:39:04 -0700 (PDT)
Received: by mail-qk1-x72c.google.com with SMTP id p4so14796396qkf.0 for <dmarc@ietf.org>; Mon, 17 Aug 2020 05:39:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6c81h8A5JblDMoX58iHuEfSYTWMg3B0fpEbBphi0BbU=; b=eg3MbNQt6WQigq45FnEaZg3yzsKxavhmWko29T99yCLBl6XpyYqE3Lm8FhSXqBQU2R mFaoVwGSzB8OpJKKzggL051MlafQg3YuekTF9hUP0tlRDvQmxDwkyOZTdd+ypSPELpcn iLakM5Mzt5ZkkDPsLjJ3fxDuOu2cwAF/4pugsvFGUsleR10BQvz65f4bt8SaHaBEgPTS 0ZiS/bRKJbZTvyPdziejSpA5qWyZUwbqT3JvqkZtU5TZehJDi5vYR++3ppkrazMqyUqN Ud1k22Q+oTPyOi8EI1rN+YBPit1jYTwmWb04dflz2eOL6BI8+6bCngkNj4FPi8JIYssM 0ixQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6c81h8A5JblDMoX58iHuEfSYTWMg3B0fpEbBphi0BbU=; b=VQY0b8VuHfvLgYkCGIy+xkKi+fL5DTTn4MTVRHDIHXuIe7qgB6bJXDGRo8Fkb3EW09 evgkFQsEhmbLWTsbm/Vcm+r+PKSVDjIsPEYvRGo3BW0znmN+P+boJsQ00VcXdcjneoXr eoFa3yBOGX+y1vHvHoiquPh4rllfGIhe/GpX9EFZ707TAeHOr+/5rMWM7Lr15aMRPj4B cCYO4n9vuvZDulUvFM+ffEVE2lN5t0NFncebRgA3zS6txUzC7yerrY4wD6V2640S1R9p 50gzYQPTDt0NHjZLRc9+DqJmoyFP+Oblnl2ybmpoOeTOVs2m3osrvJgFhqtrCUamw81+ N+rw==
X-Gm-Message-State: AOAM531TQt5WTkJdHKFrT6jCr9PSko8AWnelOGUVt+AyITRiEZNIFyip +XJ9jjDHCyVRmAF99eZUwbDHKN/4gsoERyKYzt/TubZ1
X-Google-Smtp-Source: ABdhPJy9YjOsepE5NIgs2shVWBi652V2TYhA/NTHti9tDsktO5CU7cNKZlgV1FIyGkbRqL0ASPIc/9XSuNJ/vNq0IDo=
X-Received: by 2002:ae9:e902:: with SMTP id x2mr12688000qkf.66.1597667943725; Mon, 17 Aug 2020 05:39:03 -0700 (PDT)
MIME-Version: 1.0
References: <CAJ4XoYcFbh8-nAxjxzzRgUahFfhcgcZQ2yMF2ewv_-DgUmhL=g@mail.gmail.com> <20200814164237.313071E971DB@ary.local> <CAJ4XoYeqj_5mpZu1PZP4rNfrWRyC5gC-2dfK7oX9xQHiR24QeA@mail.gmail.com> <085c6a5f-5451-ae8c-4873-133673ba1754@tana.it> <CAL0qLwaVUi9QtV4zcCwncuy4N3YPwsGZPzFfd1q19io79UG2VQ@mail.gmail.com> <c1844590-4b12-9763-21c5-6ac5b730321b@tana.it> <6358f3da-806b-f4eb-b9a0-8ee8ce4121d7@dcrocker.net> <4e549ca6-6047-6ff2-325c-fe8d7247e157@tana.it> <c972e0af-b589-1780-47b3-8cb2a2024ec2@dcrocker.net>
In-Reply-To: <c972e0af-b589-1780-47b3-8cb2a2024ec2@dcrocker.net>
From: Dotzero <dotzero@gmail.com>
Date: Mon, 17 Aug 2020 08:38:51 -0400
Message-ID: <CAJ4XoYfHJoNEv-eEF67Lcv4fFS9YRiru3cq0QoCGNrk91=u+Ng@mail.gmail.com>
To: Dave CROCKER <dcrocker@bbiw.net>
Cc: Alessandro Vesely <vesely@tana.it>, John Levine <johnl@taugh.com>, IETF DMARC WG <dmarc@ietf.org>, "Murray S. Kucherawy" <superuser@gmail.com>
Content-Type: multipart/alternative; boundary="00000000000041407305ad120eea"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/VB66VmaQclmAPYzLeX90SA9re9o>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2020 12:39:08 -0000

On Sun, Aug 16, 2020 at 11:31 AM Dave Crocker <dhc@dcrocker.net> wrote:

>
>
> 2. There was nothing 'established' at that event.  There were
> interesting discussions, but that's all.
>

In fact, some of the most interesting discussions took place outside the
formal event.

>
> 3. I'm not finding the reference in any of Doug's notes that your are
> relying on.  Please be specific about it.
>
>
> > Doug recalled.  Your gmail address needs to be authenticated by gmail.
>
> Good grief, no.  There is no system rule to that effect.  DMARC created
> that, but no policy before it was in place, nevermind accepted.
>

We need to be very careful in asserting what DMARC does or does not do.
DMARC does not prevent spoofing within an email domain. So continuing the
gmail example, DMARC would not prevent dcrocker@gmail.com from pretending
to be dotzero@gmail.com within the gmail system. There are other mechanisms
for preventing this, but DMARC is not that solution.

>
>
> > Sending From: bbiw.net, SPF-authenticated as dcrocker.net, and
> > whitelisted as yet another domain (songbird.com) can hardly be
> > verified.  There is no "pretending", since it's you, but it is not
> > formally distinguishable from spoof, is it?
>
> Whether valid and invalid uses can be distinguished does not alter the
> fact that valid uses are valid.
>

What are valid uses constitutes a key part of the discussion.  At one end
of the discussion is "We have always done it this way so go away". At the
other end of the discussion is "Tough noogies, thing change". An
interesting question is who gets to determine what is a valid use? Another
aspect is whether such determinations are technical, political, legal,
social or ? Part of the difficulty we are having with our discussions here
is that people are conflating the various aspects of the problem space.

Michael Hammer

v2.23.0 | Report a Bug | By Email