IETF Logo Mail Archive

Re: [dmarc-ietf] Sender vs From Addresses

Charles Gregory <Charles@possumdelight.com> Thu, 25 March 2021 22:00 UTC

Return-Path: <Charles@possumdelight.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0C0D3A0B62 for <dmarc@ietfa.amsl.com>; Thu, 25 Mar 2021 15:00:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EHreqyfa0Gla for <dmarc@ietfa.amsl.com>; Thu, 25 Mar 2021 15:00:46 -0700 (PDT)
Received: from mail.possumdelight.com (mail.possumdelight.com [107.130.215.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B15B43A0B60 for <dmarc@ietf.org>; Thu, 25 Mar 2021 15:00:46 -0700 (PDT)
Received: from EX.possumdelight.com (fd07::1:0:0:1:4) by EX.possumdelight.com (fd07::1:0:0:1:4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.3; Thu, 25 Mar 2021 18:00:45 -0400
Received: from EX.possumdelight.com ([fe80::ad5d:d7f1:b37d:a89f]) by EX.possumdelight.com ([fe80::ad5d:d7f1:b37d:a89f%7]) with mapi id 15.02.0792.010; Thu, 25 Mar 2021 18:00:45 -0400
From: Charles Gregory <Charles@possumdelight.com>
To: John R Levine <johnl@taugh.com>, Gren Elliot <gelliot@mimecast.com>, "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: [dmarc-ietf] Sender vs From Addresses
Thread-Index: AQHXIN1IihmmxnZnSJC0xMH2ibjOraqT17oAgAAB3ACAAAKeAIABbRwA///F5JCAAF8KgP//yjsAgABLaoD//74wQA==
Date: Thu, 25 Mar 2021 22:00:45 +0000
Message-ID: <31b04a4decad439d827e0f99827450cd@possumdelight.com>
References: <F1E2D8D7-9978-4C4B-9FD7-AB6428D12789@contoso.com> <20210324202058.91E777134D1B@ary.qy> <CABuGu1ovwwwwZALDOed74nBu1gOHcom8W+UDKC2GdWiEE_7yKw@mail.gmail.com> <4677E791-B028-4CAC-9752-0F4D8F1B0103@mimecast.com> <2ea2767-4940-77d1-e09e-a0ab215f9c9e@taugh.com> <07b0c7962b3e455bb341972e7fc4ca70@possumdelight.com> <bb85d27c-1aed-b6d-1875-962c8a19093@taugh.com> <4b2a5f14f09b4d009afb07b2963efe38@possumdelight.com> <78f077a1-99e2-35e1-2d26-50d1a112d2d@taugh.com>
In-Reply-To: <78f077a1-99e2-35e1-2d26-50d1a112d2d@taugh.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.1.2.29]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/VjC8JTCBCAGlLOoNsRtJ8Ug3awE>
Subject: Re: [dmarc-ietf] Sender vs From Addresses
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Mar 2021 22:00:52 -0000

" I explained the downside to Sender a few messages back: it lets people put any address they want in the From line so it becomes just a filter on the reputation of the DKIM or SPF domain.  If that were adequate, they wouldn't have invented DMARC."

Not using the 'authorization of specific domains through DNS' solution which is clearly the more thorough of the two I mentioned.

Charles A. Gregory
CEO
Possumdelight Technologies
Charles@possumdelight.com
(678) 778-7200

"If it's time sensitive, e-mail AND call." - Charles Gregory

-----Original Message-----
From: John R Levine <johnl@taugh.com> 
Sent: Thursday, March 25, 2021 5:53 PM
To: Charles Gregory <Charles@possumdelight.com>; Gren Elliot <gelliot@mimecast.com>; dmarc@ietf.org
Subject: RE: [dmarc-ietf] Sender vs From Addresses

>>> It is a problem when receiving servers use DMARC existence and 
>>> pass/fail to increase/decrease deliverability rates. - And when 
>>> Yahoo/AOL pretty much block everything you send - even with a 98 
>>> sender score, SPF, DKIM, and clean opt-in lists.
>
>> Are they rejecting on DMARC failure because you're publishing p=reject?
>
> NO p=none

I know people at Yahoo, and their filtering is largely based on complaint statistics.  If they're blocking your mail, the recipients are marking a lot of it as junk.  What do you see in the feedback reports?

> I DO think this is an unnecessary problem that CAN be fixed/improved 
> in one of two fairly straightforward manners through DNS (behavior 
> switch or list authorized alternate domains).  And I can't see 
> anything but upside in doing so; nobody has demonstrated a downside anyways.

I explained the downside to Sender a few messages back: it lets people put any address they want in the From line so it becomes just a filter on the reputation of the DKIM or SPF domain.  If that were adequate, they wouldn't have invented DMARC.

I agree that there is no particular downside to something like ATPS, but the fact that we've had ATPS for a decade and nobody has implemented it tells me that this is not a problem that the industry thinks is worth solving.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email