Re: [dmarc-ietf] WGLC editorial review of draft-ietf-dmarc-dmarcbis-30
Douglas Foster <dougfoster.emailstandards@gmail.com> Sun, 31 March 2024 12:22 UTC
Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22F46C14F700 for <dmarc@ietfa.amsl.com>; Sun, 31 Mar 2024 05:22:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wc4_cu0HJvc5 for <dmarc@ietfa.amsl.com>; Sun, 31 Mar 2024 05:22:16 -0700 (PDT)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89D2AC14F6F5 for <dmarc@ietf.org>; Sun, 31 Mar 2024 05:22:16 -0700 (PDT)
Received: by mail-lj1-x234.google.com with SMTP id 38308e7fff4ca-2d4360ab3daso41041521fa.3 for <dmarc@ietf.org>; Sun, 31 Mar 2024 05:22:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711887734; x=1712492534; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=k1mx8htMu3b3wcEFU3T6bbNd49mdKA+wSclelU/PGyE=; b=cznLnrAzgsK9QpWr0GEMbHh1zp8oIz+2UvhbufjqCwxSjoL/6GPpdkgk1TPcp1E9BA l7JAI7mvgLs/y96MTAz6uuM/nhyShl8WykDmLlhLWY35dy3Djw4Mr0WDuOkI9qwpGIQx EY4KX4LfFui4Xvp9gbszT0iKznERi95eRKGAzoGPwnVbdR8RmHExYsR+sLAugq/ELbHQ Pn2Ii7TVAKxCRmejK6Lt+Uvza3zBPed5P6wOk11xp4ccFfMmH64l87XJ4N1uzbwP0ati Yp211j/MZh8hyBCoP5Gm7N5XNEQVaOnWY6J2q1K5C8qXIxfCdr0CJCOqG1y/tepwpl0F 2O+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711887734; x=1712492534; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=k1mx8htMu3b3wcEFU3T6bbNd49mdKA+wSclelU/PGyE=; b=N1xfCTZHU53TGJne0x4QVcihvwSIF9VaNPByzpLnXhy3tfhD/kTxW+6McX9hKlW1ZL QLju90x9dUf+AeD3gq7j3o5fVidUJ8z3jdybvgZZsi4enONI+/34xEaOHOKiCqXCNGTO Y53IcQqnYrApIadbmzZSGfW3/6i3VeFxmSEY5iAOyFBqaCUpGGSmVXuAJnYeHXRXiyHQ fRLNXpS6tBqOdmMIW9FCeDVB396xGMsDlr2J9h5FudrNQBHtyKoz64xWvPD4rLTNB3Hi mxEgbjrpv1U4fhpLSFQCtbici+5/WCJ7mUWY5j7DWBT7JQO3N4fkcztiokurb+BKuozu rp2g==
X-Gm-Message-State: AOJu0YxvNRsDRHHqfEuzAu63RFk5SAfdIFSoBMTnGC71pyqozvYXax/Z SaGKw5se9ApKiPgqXyPUi5CLsQBGLyq4dqzzHG+HBN4EO9NFmn3BoviCEaaj9PEPm/pPT1Gfzsb in3W6jRXdCi0omgZh9TEjPAjtNRLZDbtq
X-Google-Smtp-Source: AGHT+IHJGni1H0b7Zhz4aWreLkwRCX7fKmEVr8h0lrAvOOBsykilUNvE6K0axdM+JBD8mJJBaBIRDa4GUxlBh3ND0wc=
X-Received: by 2002:a2e:9090:0:b0:2d4:5404:3e8e with SMTP id l16-20020a2e9090000000b002d454043e8emr3820289ljg.42.1711887734129; Sun, 31 Mar 2024 05:22:14 -0700 (PDT)
MIME-Version: 1.0
References: <CAOZAAfPwJHKGyLjTkdGDqkMeK4RQX4Fj0rw-Upn0cLZ+cE74aA@mail.gmail.com> <2cdd13ec-9d7f-4732-91ea-9c8983d7a28c@tana.it>
In-Reply-To: <2cdd13ec-9d7f-4732-91ea-9c8983d7a28c@tana.it>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Sun, 31 Mar 2024 08:22:04 -0400
Message-ID: <CAH48ZfzaNR2A6zUWVeeoay+UHLHTzja9f5RGfAt5htXd21C0KQ@mail.gmail.com>
To: Alessandro Vesely <vesely@tana.it>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000049cc8f0614f3ec10"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/VG7Cy-QwPdaHh86JQoiu8HRDWTU>
Subject: Re: [dmarc-ietf] WGLC editorial review of draft-ietf-dmarc-dmarcbis-30
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Mar 2024 12:22:20 -0000
On SPF, our document should say simply, " a DMARC-compliant evaluator MUST NOT reject a message, based on SPF result, prior to receiving the Data section and checking for aligned and verifiable signatures." Of course, evaluators may still reject early base on known-bad server or known-bad Mail From domain, but not based on SPF alone. I weary of the notion that the solution to all authentication problems is to stop authenticating. DF On Sun, Mar 31, 2024, 6:41 AM Alessandro Vesely <vesely@tana.it> wrote: > On Sat 30/Mar/2024 21:05:17 +0100 Seth Blank wrote: > > This is a real operational problem, so I wanted to expand guidance. The > note > > about best practice may or may not be appropriate here, but I think it > works. > > There are multiple M3AAWG documents which cover this use case, and we > can also > > link them if valuable. > > > > [...] > > > > Since DMARC only relies on an SPF pass, all failures are treated > equally. > > Therefore, it is considered best practice when using SPF in a DMARC > context > > for domains that send email to end records with a soft fail ("~" / > "~all"). > > The last phrase is overly strict. To /consider using/ soft fail ("~") or > neutral ("?") should be enough. For example, I use an SPF record > terminating > like so: > > ?exists:%{ir}.list.dnswl.org -all > > It can be criticized for imposing DNS usage, but it works too. One could > also > use ~include:vast.whitelist.example before -all; it would work as well. > > Using ~all is akin to use p=none. Be armed but only load blanks. Its > being > best practice bears witness to the weakness of domain based > authentication. > Currently we are in the mid of a swamp, but if we hope to ever get out we > can > start by softening these kind of requirements. > > > Best > Ale > -- > > > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- [dmarc-ietf] WGLC editorial review of draft-ietf-… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… John Levine
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Douglas Foster
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Mark Alley
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… John Levine
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Seth Blank
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Murray S. Kucherawy
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Richard Clayton
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Tero Kivinen
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Brotman, Alex
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Dotzero
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Todd Herr
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Jim Fenton
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Brotman, Alex
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Todd Herr
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Murray S. Kucherawy
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… John Levine
- Re: [dmarc-ietf] ARC, was WGLC editorial review o… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Laura Atkins
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Dotzero
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Scott Kitterman
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Scott Kitterman
- Re: [dmarc-ietf] the long march, WGLC editorial r… John R. Levine
- Re: [dmarc-ietf] the long march, WGLC editorial r… Scott Kitterman
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Neil Anuskiewicz
- Re: [dmarc-ietf] the long march, WGLC editorial r… Murray S. Kucherawy
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Murray S. Kucherawy
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N (choose 6) Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Neil Anuskiewicz
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely