IETF Logo Mail Archive

Re: [dmarc-ietf] SPF follies, WGLC editorial review of draft-ietf-dmarc-dmarcbis-30

"Brotman, Alex" <Alex_Brotman@comcast.com> Mon, 01 April 2024 17:51 UTC

Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 673B7C14CE44 for <dmarc@ietfa.amsl.com>; Mon, 1 Apr 2024 10:51:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.992
X-Spam-Level:
X-Spam-Status: No, score=-1.992 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com header.b="eOmDoiZ8"; dkim=pass (1024-bit key) header.d=comcastcorp.onmicrosoft.com header.b="BL/8pQYx"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EBsddYYGDmm4 for <dmarc@ietfa.amsl.com>; Mon, 1 Apr 2024 10:51:55 -0700 (PDT)
Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D3FDC14CE40 for <dmarc@ietf.org>; Mon, 1 Apr 2024 10:51:41 -0700 (PDT)
Received: from pps.filterd (m0156892.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 431Gmtri020104 for <dmarc@ietf.org>; Mon, 1 Apr 2024 13:51:40 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=20190412; bh=A+zTq38+C3+KcS+43l3nuoqnXfudeqzgS08OxokGZDI=; b=eOmDoiZ8+EMqBQwPC/jw9wtTiLehdUP2YWEbS/r1Kj/POalmzbKWGnYXAwt7uEJx2kQA p6IUIc7XNMCObJ8Jpz36UwIbJqVTG3jcEtYUmHg4PpcnHxxhfFhSMivmwtcaPQhnBN7z +J9LxNwOdItXvjFOHnB+vrXhNsM8Ivj4Llt0z7IbJLFtlMOAXit5R6udWV7i/zy85Ccb +pUW1w/Kh1m1ci0gFLiulNBdNm5TVGoVwxI6Ksw/zm2F8al00fzYmkZnSSOL4SO23Oe1 crSECviqdwkgoum7JHNnNqpH0W/uaOQH8QMeHu4lYPLNP1trcSmP6uh5SdYz5G2Rq+zG Dw==
Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2169.outbound.protection.outlook.com [104.47.59.169]) by mx0a-00143702.pphosted.com (PPS) with ESMTPS id 3x6e2nfa2p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <dmarc@ietf.org>; Mon, 01 Apr 2024 13:51:40 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nxy1xt5g53UNGukMlV+VHZzMHYVXGsoCJ2BlH8JwdH/OG4mAtzvL80v8uBDru6wKfCooc9UBgmfkTnNLI/OPGsK6LuYaXKwSXbdB5p6WnH6qhFtliGCdafX8HV5m/R5oXzebSlxYScRPVCq0RISfRaC4UJ05Y4pnfikdDGC6vnroSdpP3/nkR5qQwwIg1qOQ3SzNsHvrRRQIKMpeBEszIAbBwx4OfAnPDnsevt4krOu8W5kILNMyZJCTmfKSeXjwGXapKKID9GZrYyXwlzonOJWbkK1qMXK+pEStt7xfEM/hxy+fBAtbZotUSWO3FFgAfPD9O4RM297gy9z4sBKqgA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=A+zTq38+C3+KcS+43l3nuoqnXfudeqzgS08OxokGZDI=; b=mvCakxD/h+B+pGq1DHjuRCo+kdlfiY4d94M9rZ0WDuh9z8oK1aIb6I87Vwk0LqMhreUtPEuuX8NN9I7mt2wpuR/TzgMblEOqHaoA4C7y9Gc6RzFPnvwv06AN6SeBymSoO/oYTDv/8oJohPC5/M39amNrkUmBaaN4VdQSz3rFjZMV/OMpwjWmiMWl8qrtZSPPaZEyBZz4/nEphGzDLk4ezHC1yh3KRvG2iafT+9BnAh9t5JXygG4KaE43cAk2yFfncyGLRPvH9ylpYadLOBrS393F6Mu72mZxGtdBPjJTs/Lc548rhjY/ZC6fcfl7TvHbHiGMWZvxq5IbIIDpJbJqlQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastcorp.onmicrosoft.com; s=selector1-comcastcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A+zTq38+C3+KcS+43l3nuoqnXfudeqzgS08OxokGZDI=; b=BL/8pQYxnMuRXqXTZwltIVFtESSqCDeycM8BV9odoWvTSVFtRzYW9CP8iVnJRol8FKN8d1+x3beaoLJW9hpY6qG8RWtIwKCGKsbBV7EQd8wVgwTQTMK+/nvnvC3jlyEj1lgPorrNmlwoFHOelSO3UHxNd2HeKQXKaDV1JkDdu+s=
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by IA0PR11MB7816.namprd11.prod.outlook.com (2603:10b6:208:407::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.24; Mon, 1 Apr 2024 17:51:33 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::4d29:6e22:273a:deb2]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::4d29:6e22:273a:deb2%5]) with mapi id 15.20.7452.019; Mon, 1 Apr 2024 17:51:33 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: [dmarc-ietf] SPF follies, WGLC editorial review of draft-ietf-dmarc-dmarcbis-30
Thread-Index: AQHag5VPKpl91+Bm9kikYsfLEBc+qLFSQM+AgAAtboCAAAVmAIAADigAgADSWWCAAAwzAIAAOKUAgAAZ5zA=
Date: Mon, 01 Apr 2024 17:51:33 +0000
Message-ID: <MN2PR11MB4351A0A12D5EBF923C98496FF73F2@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <eda55c54-c149-475c-8117-bfdf3885a883@tekmarc.com> <20240331180009.F36CD8687B50@ary.qy> <CAOZAAfP9tXi80Fi=ZkgPpGwHo1fDbdSOZwVcnuPDbbc2xQd-7A@mail.gmail.com> <lIU60SB3NeCmFAG+@highwayman.com> <CAL0qLwZt+bo4ydCVOQbfg6bQEv-ufXrrwr8Aege9Wsv7LgH=kA@mail.gmail.com> <CAOZAAfPtxdBwEthN26cgvAnAbQ70wym+2k0WjtKqNVf44=-vMg@mail.gmail.com> <MN2PR11MB435115B7428C63C1B1058D9EF73F2@MN2PR11MB4351.namprd11.prod.outlook.com> <CAJ4XoYfmyDykZGm9Gb1bxjz=pW_scqon3pDv-DRGHjFrnyCLoQ@mail.gmail.com> <CADyWQ+HbfegU=07gNyR-5Dby_71GNim4Nq-LyFerKHk1dV0=Nw@mail.gmail.com>
In-Reply-To: <CADyWQ+HbfegU=07gNyR-5Dby_71GNim4Nq-LyFerKHk1dV0=Nw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_ActionId=7792d492-6445-4fca-b0dd-5a908fa98e25; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_ContentBits=0; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_Enabled=true; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_Method=Standard; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_Name=Confidential (C); MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_SetDate=2024-04-01T17:50:04Z; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_SiteId=906aefe9-76a7-4f65-b82d-5ec20775d5aa;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR11MB4351:EE_|IA0PR11MB7816:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: bySQVtY1cAFN6cwRnXnLyKAk2KgzFrwoq6JF3cvHHAwbEl0RlluC2M6Qr9a00vNfHkZIqafuGqIVkSgl7HZkZe0c1UUwiNW9GrZW7pL+bQP640JuC2qHgvskqDi0Ykv7xz9LnpfZ+ZL+B4eWfZQOz02xJmYI45rbOCbNPfuP08Mf89sRBNv4+YWgdM2/VmJHedh3LrKjITqxdimchMBcEBeNXw1hhKxKJjeLMwnxLdTGmTvG7rmAfDUjXnMiEEn21gpMyscaaJreGrSqu0GB+9KTNTWLkVqimdNLOlAdR5NL0Yz3swwDmoqRz6mEBmXsmcwMkRyDzuVqS6cs6LRjVc3DUe1wfat8auQP6AG1hwm0FeGYxwU4z0Zx25tQxSehI3phNJvBTWs47xVbEEvkKrHh4QbxZK+4nsBsK23CQtd2eAw4Brpq55uS40Dmps6kfVgIbdtP6OVPazMMsNUJFu6veidJT/X+lECqlkmKZZZbfcm/LgxQj4zXmqgaD8h17OFcQIShlGapnwgb94YDO0H4BFwo2c4KBVN2Nfdnng8EhaTqV/KclBoQ/ZAZZPMKE3hOrw95xxnmeRL583mKr5msZ6pVkq7kz7AtDXrrEqI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(366007)(376005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: /vdj/BX1YAMDXXW2oAUOuVeO95PL7FagQsDoTRfBQmrizn3Q2MskNU/avIdYv7EwDUqYLmgRJVSx4ylu8Nv4Ho3JcrKBU8p5VcaCPUzoXtxHIdJNb4rruEoUFwB2He/BxvgLupgICpZKCAsNhe4YjD/BYCZRclfz9gJMS8RTCl3mrIW1H+RbJC3fQUls/K8GeIPm7RmwLcT21hPAPAzj6GQbYYDRMmN0Q/YRvJ5Wi0gKXrPoQiXfFTHFvSc9iIjs3A8ESofwWHabjpQFQRAc97QRJ+lF3gRYGussKT533dgRXzUNVb3PmRpEU2V8S7vIpOdWM8wvvsMStmAdPW4S+8RjmwFYhkcjgtUAw7RmvpaoOPiIIXqpAV2OXIErOkL8eCB9Ar9+/X2Va8ZclnuWZNorQLEDkg9lxKYBMNy4Lfzxyzqeq4BNt8tRHjhx187/tg3kqYkHkq71X1GescwZG8+hrYJK8JJnUWv3eDW0cpUQBJbmJK3GKGH6akjJU0SLggzx18jl4awVI+nbKDufFIXEY5Me4ZYGvuULGYoZrKciWvG8syIYh8hi+QBQYpz1E4Qq9Jyou0UhE/w4YgNymEsNY8c8/sG2rl2BBfDnYdFuEpq3XGvpdNb8dUj8owbnJqnEAIZiuNsi9v+OqmwKviLj9pY1+Ft6HFGP5fbBtbJOxDv41Bw2nPxTdYTpVBiZHCbhchTR0d+JbQ758xMVAJGbck9KE/DVDkY9TkPkwHs/BRT0heW2C+RMZHcHEmU0IvDJa6SXYUkP1eVCJUo3VbozG/w3TA5F+HR+AtNIy5E0naqDTJpjFN83/vvSVCL0r3HRV6IC4/KlWDLPQyFmgd93rchfIKlKbLl03zeDfeut05hMYX0/M3PDfGzaeE0tdJEAe9klK1el0u4yPXzt45nhELARm3CpzPThFLBsv2dBiTIOqGg7pEp7RE4Z8KlNZLzLqNV+eoUxD6lgvjtl9wKlj6qHRqyfCk2EqvGoxtQr89z/aF6MszvGHsQaSU4Rnhkg/FHGFZ1cGVDEVnEvmdQPPtHqDU3irUKHMSx+IscslOILUAkohn2GOgbgN4XXCTO3hGwmFjntVHOyIpj8UbzOeHfRnLL8YZ9qZi8m0N42BqvXfUibHF414i4Pgz9DHrb0AOY2uvn4Bp9o4CG4Xzf413A3icA37ZHxLfQ9OsEPNwxGI9OtJUO5A7L66J47zt58MwGp/40s1N8S3hS+plvHvdskgI+cLnYNvpppdMDE2o02dPbQsa1VDPHZPKoX2t09Mb6lwKznNaHEopjekalVoN+5Rz5eeIAF5mPJ6hUzeeRIVSjRsfzY5apy+3DcJv5DZWte95RXyA9XN/87dGNZGOFXBwmn+/hy7eTN914Yb0N6wopFXwW7DBiOJdunbaI2EXk0AeGAbCARD/caXIxuXSzGf6ks6zuy2Xkbbbhsft9aGgnOZT+TBdhU4Ww5UKx0GrjrMWonEU9oQiOCpobyG03Z9kkHpjAZ1V8XzqQZ6kIKDykHOyKW4ZCcfRwiGyCs71NA/3e/XGz0JVc5BnxjqKCNZBo/Kob0tIMhhTCIpsqFFDMFzzNkfoHYCWZ2tWKd/Bxz001CQ1aYtQv4Iw==
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB4351A0A12D5EBF923C98496FF73F2MN2PR11MB4351namp_"
MIME-Version: 1.0
X-OriginatorOrg: comcast.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB4351.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a8ef0be9-2c61-4d95-1e1b-08dc52745e55
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Apr 2024 17:51:33.2059 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9IdoHRxwigQJ2/aNnRiQW2QL8RP2Tf3T6MA1q7UfnsaVPU9KTQyHSfS9BeMP1KeOex5cVzCbTUwcm+7MBaYfsJPODSEkbtdW2G7kDwb6wZ4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR11MB7816
X-Proofpoint-GUID: kNba9Oar0JeqJqXAi-f3VX3WsNrLUbtG
X-Proofpoint-ORIG-GUID: kNba9Oar0JeqJqXAi-f3VX3WsNrLUbtG
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-01_12,2024-04-01_01,2023-05-22_02
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/VvONT7Btqj216gbMuoGARBxUsKw>
Subject: Re: [dmarc-ietf] SPF follies, WGLC editorial review of draft-ietf-dmarc-dmarcbis-30
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2024 17:51:59 -0000

To Tim’s note below, should the group create an operational guidance document for DMARCbis? This could allow for more lengthy discussions around policy decisions, and move that discussion out of the technical document.

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

From: dmarc <dmarc-bounces@ietf.org> On Behalf Of Tim Wicinski
Sent: Monday, April 1, 2024 12:17 PM
To: Dotzero <dotzero@gmail.com>
Cc: Brotman, Alex <Alex_Brotman=40comcast.com@dmarc.ietf.org>; dmarc@ietf.org
Subject: Re: [dmarc-ietf] SPF follies, WGLC editorial review of draft-ietf-dmarc-dmarcbis-30

I have to agree with Seth's comments that "security teams believe an SPF hard fail is more secure".
I've been on the receiving end of that discussion more than once.

Also, can we reference those two M3AAWG documents ?  That seems like operational guidance.

tim


On Mon, Apr 1, 2024 at 8:55 AM Dotzero <dotzero@gmail.com<mailto:dotzero@gmail.com>> wrote:


On Mon, Apr 1, 2024 at 8:18 AM Brotman, Alex <Alex_Brotman=40comcast.com@dmarc.ietf.org<mailto:40comcast.com@dmarc.ietf.org>> wrote:
One item left out of Seth’s text is that due to MBPs who act in this fashion, these SPF evaluation failures will (understandably) not show up in DMARC reports, and the domain owner may not have visibility for these failures.  However, the text also puts the onus on the domain owner instead of the MBP.  The text could be altered to instead suggest that MBPs who deploy DMARC should not utilize the outcome of SPF in this fashion.  If the domain owner wants to protect their domain, and has no idea if the MBP supports DMARC properly (presuming they also have an enforcing policy), is it more or less advisable to use “-all” with your SPF record?

I’d be curious to see the Venn diagram of MBPs who implement SPF in this fashion, and also fully support DMARC.  I feel like the MBPs who I’ve encountered deploying an SPF check in this way had not at the time supported DMARC.

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

I was just thinking along these lines and was going to post but you beat me to the punch.

+1

Michael Hammer
_______________________________________________
dmarc mailing list
dmarc@ietf.org<mailto:dmarc@ietf.org>
https://www.ietf.org/mailman/listinfo/dmarc<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/dmarc__;!!CQl3mcHX2A!Fb-J3cXtCi-g9GrtAS4dOqVZX7mqGuHPpsx_WiInM3oaf51dbfoNWfZ8G67ACgtN7VjFXXC2eIvT794GNh4R$>

v2.23.0 | Report a Bug | By Email