Re: [dmarc-ietf] third party authorization, not, was non-mailing list
John Levine <johnl@taugh.com> Mon, 10 August 2020 17:24 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E91553A0B97 for <dmarc@ietfa.amsl.com>; Mon, 10 Aug 2020 10:24:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=FKhlCiYX; dkim=pass (2048-bit key) header.d=taugh.com header.b=fuwr9llM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8kRnLYzjUwB2 for <dmarc@ietfa.amsl.com>; Mon, 10 Aug 2020 10:24:17 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46FDB3A0B8E for <dmarc@ietf.org>; Mon, 10 Aug 2020 10:24:16 -0700 (PDT)
Received: (qmail 37859 invoked from network); 10 Aug 2020 17:24:12 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=93e0.5f3182bc.k2008; bh=fvyUBaR5xBk/LA9++t8uzWWRbJ1iAnzqnIU21Bq6EvQ=; b=FKhlCiYXJHEGG5pLnMOGAcy1B/kBXf+tANgK/ZCDBNqzw2vcUL5JoaOYWgBqZmyuqjHEya1IfNRrkL+itESVX/heBMLFNQYamVKnHvleoRFXVYcR7tKrbl++9IBHRlPn0hyOuTIgLqITe9FOj9td26ERx76F607h/9Q57kxJdyXcc1T5KSgd2VaJq0Hx5N7TPgkOhgXqU3U6N84sgiv1V4rAVuv1zrmigH5PCBdYnZesAEZFR+AH3hPa2f9piZnkMR0TVOAKZ9ri31LPOjn28kqiZDCaHuI9ghJKpfPcKMt5fv3YU5HA9MFacwO6rX1c91GSEIVPl60FddWHzgavRw==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=93e0.5f3182bc.k2008; bh=fvyUBaR5xBk/LA9++t8uzWWRbJ1iAnzqnIU21Bq6EvQ=; b=fuwr9llM2GtJG+abfe8uwXuxKs28tktpaSqI8z5vkL9J7he8ZxCpnJnTMtMK4/0QsqSuThbrlLZQlrDY7gBVKOYtOt0SnN4JfpZ09Diz8aScAJkX+YYZ3z7OwAnuitzNLnroVu0iM3/5UoDUO4ML2KdtmsmGzkkjk4eqrVXzDcHDfWLpUgIkrJZdaPlZyaLqCGb7xEFgZxHd+OnmJoiqgqU0F4P1AIy7q3w9tfnXLo1ruM7+fAUY7oEmQK7Th0+HPPaKmRKa8gvfuqPADJMSihBTdbmdr6sHFh52s7VU54GXG6lDbjmRPDSeOvP2GXC1VdUcMdf7TYwuGqPqHtSN5g==
Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 10 Aug 2020 17:24:12 -0000
Received: by ary.local (Postfix, from userid 501) id A13681E7CD8B; Mon, 10 Aug 2020 13:24:11 -0400 (EDT)
Date: Mon, 10 Aug 2020 13:24:11 -0400
Message-Id: <20200810172411.A13681E7CD8B@ary.local>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
In-Reply-To: <2ef8e773e7bf467481a05ab3fc4d937f@bayviewphysicians.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/VFyNt0BNfyFSqzStdcXersKBi98>
Subject: Re: [dmarc-ietf] third party authorization, not, was non-mailing list
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 17:24:19 -0000
In article <2ef8e773e7bf467481a05ab3fc4d937f@bayviewphysicians.com> you write: >>Even an external reputation system requires recipient participation. That is why I suggested both a send3="parameters" clause to >indicate sender support for third-party authorization and a verify3="parameters" clause to indicate recipient support for third-party >authentication. When both are visible to the non-domain message source, that source can have confidence that the message will be >handled as authorized. We have had a lot of attempts at third-party authorization schemes going back at least to vouch-by-reference in 2009 and ATPS in 2012, and the Spamhaus Whitelist in 2010. Every single one of them failed, not due to technical problems, but because nobody was interested. The only third party reputation systems that anyone uses are DNSBLs like Spamhaus that publish negative reputations, and even there you can count the ones with non-trivial use on the fingers of one hand. With this in mind, I cannot see any point in designing yet another vouching or authorization scheme unless we have evidence that an interesting fraction of the world's mail systems want to use it. I don't see that, and honestly see no chance that we ever will. R's, John
- [dmarc-ietf] non-mailing list use case for differ… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Doug Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Jeremy Harris
- Re: [dmarc-ietf] non-mailing list use case for di… Ken O'Driscoll
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Luis E. Muñoz
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- [dmarc-ietf] LSAP - Lightweight Signer Authorizat… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Neil Anuskiewicz
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Ken O'Driscoll
- Re: [dmarc-ietf] non-mailing list use case for di… Benny Pedersen
- Re: [dmarc-ietf] non-mailing list use case for di… Kurt Andersen (b)
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Hannu Aronsson
- Re: [dmarc-ietf] non-mailing list use case for di… Hannu Aronsson
- Re: [dmarc-ietf] non-mailing list use case for di… Tõnu Tammer
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Dave Crocker
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Neil Anuskiewicz
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Dave Crocker
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Dave Crocker
- Re: [dmarc-ietf] third party authorization, not, … Hector Santos
- Re: [dmarc-ietf] Time for a change Douglas E. Foster
- Re: [dmarc-ietf] Time for a change Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] Time for a change Murray S. Kucherawy
- Re: [dmarc-ietf] Time for a change Dave Crocker
- Re: [dmarc-ietf] Time for a change Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] finer grained org domain John R Levine
- Re: [dmarc-ietf] finer grained org domain Tim Wicinski
- Re: [dmarc-ietf] finer grained org domain Dave Crocker
- Re: [dmarc-ietf] finer grained org domain Dave Crocker
- Re: [dmarc-ietf] finer grained org domain Seth Blank
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] Time for a change Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Kurt Andersen (b)
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Tim Draegen
- Re: [dmarc-ietf] third party authorization, not, … Brandon Long
- Re: [dmarc-ietf] third party authorization, not, … Jesse Thompson
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Brandon Long
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Laura Atkins
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … John R Levine
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … John R Levine
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Doug Foster
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … Hector Santos
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] draft-levine-dkim-conditional-04… John Levine
- Re: [dmarc-ietf] draft-levine-dkim-conditional-04… Douglas E. Foster
- Re: [dmarc-ietf] draft-levine-dkim-conditional-04… Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] my forward signer draft, third p… John Levine
- Re: [dmarc-ietf] my forward signer draft, third p… Rolf E. Sonneveld