Re: [dmarc-ietf] Sender vs From Addresses

Hector Santos <hsantos@isdg.net> Wed, 24 March 2021 16:58 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E76293A31AA for <dmarc@ietfa.amsl.com>; Wed, 24 Mar 2021 09:58:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=dNG1tlaX; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=tEDknBxa
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WZybC5aFQ2Rv for <dmarc@ietfa.amsl.com>; Wed, 24 Mar 2021 09:58:42 -0700 (PDT)
Received: from mail.winserver.com (secure.winserver.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 654E93A3117 for <dmarc@ietf.org>; Wed, 24 Mar 2021 09:58:37 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha256; c=simple/relaxed; l=7758; t=1616605107; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=NHlIHj2iWC78Pt6exaSTxaiPQa6J IcIJewQFO01ImrI=; b=dNG1tlaXqocoRFyH3kqEXVL0027bq7SqECMLYFgBSG3A 6LOzT8Yv6dVOcaLUUIdbwOy72kuYGaZE1g4L2H0KUb+ye+ped8+jiPesx7mWiXKj HGUxqXi9exjkGRkMpIKNF/yNi80IFZ07tC8s2aHHFf3rbnXk8rMbevv73e8POcY=
Received: by mail.winserver.com (Wildcat! SMTP Router v8.0.454.10) for dmarc@ietf.org; Wed, 24 Mar 2021 11:58:27 -0500
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([76.245.57.74]) by mail.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 638298528.19922.3404; Wed, 24 Mar 2021 11:58:27 -0500
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=7758; t=1616605111; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=NHlIHj2 iWC78Pt6exaSTxaiPQa6JIcIJewQFO01ImrI=; b=tEDknBxa9Di3r4q13WsHEPv n1j4euHxRw3YaRavoBDh6pLLN7MTlcm5n3H+lEnhgV6068Y+paVi+IFbCb2DIyUA MxGEmyk/P781lHRRuA/Eb2IxDBbNFuPDw1V9Bw6FDkOLp77/dEXfhF+prRNT0gX0 0wxvr/s69SwvLRHIVxYk=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.10) for dmarc@ietf.org; Wed, 24 Mar 2021 12:58:31 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 1321955628.1.58460; Wed, 24 Mar 2021 12:58:30 -0400
Message-ID: <605B6FB1.7070404@isdg.net>
Date: Wed, 24 Mar 2021 12:58:25 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dmarc@ietf.org
References: <6cacad89cb2049858938fce107d60dd9@possumdelight.com> <VI1PR01MB7053E1ED6ED09791428D6EE4C7639@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
In-Reply-To: <VI1PR01MB7053E1ED6ED09791428D6EE4C7639@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/VCz-bb1Hxhf3ApZ8qgDxMTOJtMc>
Subject: Re: [dmarc-ietf] Sender vs From Addresses
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Mar 2021 16:58:53 -0000

I would suggest DMARC usage of the 5322.From because it was a carry-on 
from the original DKIM SSP Built-in Model which did used the Author 
Domain was a strong anchor and also the last RFC53212 anchor identity 
NOT expect to changed and be modified.  ADSP carried it on and so did 
DMARC -- it is the DKIM Policy Model.

Think about it.  Your email is a legal copyright document.  The Author 
Identity is very important here -- legally.  Changing the From can be 
technically and legally argued as a 1986 US ECPA mail tampering 
violation hence, any deviation from the expected norm is subject to a 
negative classification.

Yes, the MUA displaying it was all part of the end to end expectation 
for MAIL frameworks since day 0 of electronic mail communications that 
predated RFC822-- no one should ever expect the author identity to 
change in copyrighted messaging material. It is unthinkable and for 
these reason, the 5322.From identity is the only header required to be 
bound to the DKIM hash signature.

That is why 5322.From was chosen as the only logical option. There is 
no other header in 5322 that is expected to remain persistent once 
created.  Maybe the internal Message ID is another but without a 
doubt, the Internet Email Network 5322.From or Any-Mail-Network.From, 
even a Chat, even an instant message, there is no expectation that it 
is expected to be changed -- ever.

That is why, in my very strong ethical mail engineering opinion, as a 
developer since Fidonet, the rewrite was the biggest "goof" in the 
annals of Email history --- it ruined the ability for DMARC to ever 
fix the problem -- because we opened the door to rewrites as the path 
to least resistance to the DKIM POLICY (NOT DMARC) integration with 
mailing list problem.    There are ways to fix the rewrite problem.  
But it seems to be too late for even that.

Thanks

On 3/24/2021 7:54 AM, Ken O'Driscoll wrote:
>
> Hi Charles,
>
> DMARC is intended to prevent unauthorised use a domain name in the 
> 5322.From header. This header was chosen because it is displayed in 
> MUAs and is the target of spoofing attempts in phishing campaigns. I 
> agree that there is some ambiguity in the original RFC but the 
> intention is clear - DMARC exclusively works on 5322.From by design 
> not oversight.
>
> The interoperability issues between DMARC and mailing lists etc. are 
> well understood and documented (for example, see 
> https://www.rfc-editor.org/rfc/rfc7960.html) and the underlying 
> protocols where the policy get applied, namely SPF and DKIM, already 
> had interoperability issues with intermediaries even before DMARC 
> came along.
>
> There is actually an existing working group draft discussing 
> extending DMARC to incorporate the 5322.Sender header, see 
> https://datatracker.ietf.org/doc/draft-ietf-dmarc-sender/. That 
> document goes into considerable detail on how 5322.Sender could be 
> incorporated in the future.
>
> Ken.
>
> *From:*dmarc <dmarc-bounces@ietf.org> *On Behalf Of *Charles Gregory
> *Sent:* Wednesday 24 March 2021 09:49
> *To:* dmarc@ietf.org
> *Subject:* [dmarc-ietf] Sender vs From Addresses
>
> I’m having trouble with DMARC prioritizing the From address over the 
> Sender address.  Couldn’t a future version at least allow this 
> behavior to be modified with the DNS entry or something?
>
> I found my issue well articulated in the thread copied below and 
> completely agree with this gentleman.
>
> Thoughts???
>
> Taken from: email - Why does DMARC operate on the From-address, and 
> not the envelope sender (Return-Path)? - Server Fault 
> <https://serverfault.com/questions/753496/why-does-dmarc-operate-on-the-from-address-and-not-the-envelope-sender-return>
>
> ----------------------------------------
>
> 1.Why was DMARC designed that way?
>
> ·because the people who designed it apparently didn't read section 
> 3.6.2 of RFC 5322 
> <https://tools.ietf.org/html/rfc5322#section-3.6.2>, or 
> misinterpreted it, or ignored it.
>
> That section clearly establishes that a |Sender:| header, when 
> present, takes priority over a |From:| header, for the purposes of 
> identifying the party responsible for sending a message:
>
> The "Sender:" field specifies the mailbox of the agent responsible 
> for the actual transmission of the message. For example, if a 
> secretary were to send a message for another person, the mailbox of 
> the secretary would appear in the "Sender:" field and the mailbox of 
> the actual author would appear in the "From:" field. If the 
> originator of the message can be indicated by a single mailbox and 
> the author and transmitter are identical, the "Sender:" field SHOULD 
> NOT be used. Otherwise, both fields SHOULD appear.
>
> Contrast this with the rationale given in RFC 7489 
> <https://tools.ietf.org/html/rfc7489#section-3.1>:
>
> DMARC authenticates use of the **RFC5322.From** domain by requiring 
> that it match (be aligned with) an Authenticated Identifier. The 
> **RFC5322.From** domain was selected as the central identity of the 
> DMARC mechanism because it is a required message header field and 
> therefore guaranteed to be present in compliant messages, and most 
> Mail User Agents (MUAs) represent the **RFC5322.From** field as the 
> originator of the message and render some or all of this header 
> field's content to end users.
>
> I contend that this logic is flawed, as RFC 5322 
> <https://tools.ietf.org/html/rfc5322#section-3.6.2> goes on to call 
> out this error explicitly:
>
> Note: The transmitter information is always present. The absence of 
> the "Sender:" field is sometimes mistakenly taken to mean that the 
> agent responsible for transmission of the message has not been 
> specified. This absence merely means that the transmitter is 
> identical to the author and is therefore not redundantly placed into 
> the "Sender:" field.
>
> I believe that DMARC is broken by design, because
>
> ·it conflates //authority to send// and //proof of authorship//;
>
> ·it misinterprets prior RFCs, and
>
> ·in doing so it breaks any previously compliant list-serv that 
> identified itself by adding its own |Sender:| header.
>
> If a |Sender:| field is present, DMARC should say to authenticate 
> //that// field and ignore the |From:| field. But that's not what it 
> says, and therefore I consider it to be broken.
>
> RFC 7489 <https://tools.ietf.org/html/rfc7489#section-3.1> continues:
>
> Thus, this field is the one used by end users to identify the source 
> of the message and therefore is a prime target for abuse.
>
> This is simply wrong (in the context of justifying ignoring the 
> |Sender:| header). At the time that DMARC was designed, common email 
> clients would routinely display a combination of the information 
> from |Sender:| and |From:| fields, something like **From 
> **/*/name-for-mailing-list@server/*/** on behalf of 
> **/*/user@original.domain <mailto:user@original.domain>/*/. So it 
> was always clear to the user who was responsible for sending the 
> message they were looking at.
>
> ----------------------------------------------------------------------
>
> Suggestions that |Reply-To:| is an adequate replacement are also 
> flawed because that header is widely misinterpreted as "additional 
> recipient" rather than "replacement recipient", and replacing the 
> original sender's |Reply-To:| would impair the functionality for 
> //those// users.
>
> *Charles A. Gregory*//
>
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc


-- 
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos