IETF Logo Mail Archive

Re: [dmarc-ietf] New Version Notification for draft-levine-dmarc-listugh-00.txt (fwd)

Wei Chuang <weihaw@google.com> Mon, 14 August 2023 06:05 UTC

Return-Path: <weihaw@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D07CC14F736 for <dmarc@ietfa.amsl.com>; Sun, 13 Aug 2023 23:05:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.606
X-Spam-Level:
X-Spam-Status: No, score=-17.606 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ted5ff1xDO2i for <dmarc@ietfa.amsl.com>; Sun, 13 Aug 2023 23:05:29 -0700 (PDT)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89945C14EB19 for <dmarc@ietf.org>; Sun, 13 Aug 2023 23:05:29 -0700 (PDT)
Received: by mail-qt1-x82c.google.com with SMTP id d75a77b69052e-410394dad50so21cf.0 for <dmarc@ietf.org>; Sun, 13 Aug 2023 23:05:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691993128; x=1692597928; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=HHKtoagF25Gvolp2ASN20Q5WyahfbCB/AsnbhCnuvx0=; b=KjA9gRUiVlcNd2MtYV0578yUwG0rN20Z+vepTgGP8QFDWlBeOlNL8RAvU9yBC53jFH SC51BkaFMyArVyj1g3HK92I6zqU+MQBJDCZ+QrI8tJZhPYDwAZHlPyrssS4ZRz+CMzSO Yt90JuRJFjjz7iw1PGPJRcXUAF0CpXHn5sDaCT01V7wLkUwf/s1cjssut/LeYPp7Lr4/ 4+v9o4T0X7cUcIX/xkxTU6RkqVbriP+1y8fl4cDqBv1RZW6ZeDeJJsZmy5V9sfs1HoAb FivePjJgnc4jFrIlj6QVQWa1gaIUjpwG9ReXHjXUR0SHE55F+7sagz+BcSQE4Wrzd+AH C6LA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691993128; x=1692597928; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=HHKtoagF25Gvolp2ASN20Q5WyahfbCB/AsnbhCnuvx0=; b=EFmOx2+7tgNv/uIhL6WODjrJthsU9/xoeSPjcuBpSfPo4s5Gz57EsFAff7n/MCPuJi hVZzR0SxG7y44cJqQhGHm0U79EM4194/4474Y8AJgtqfaDvd9mfo1IIvGRxhq7WBCxsG y9q24LOfvP75ktXgnhopMHPPc8hMyz1Wddqv51mgi5N3bq/pF3BLU82p8HPoMEN2GTVm UUkkxt7UGfBrilGUN5IWBjyPjDFQCmyfJ1XAVGuuGs6V+U1yCI2wITT5/3fhKu4xGjSG 16nTSP54sTGKYMOvhFmEnEpA4Z/NASrR1gBz/2LhrTHAQqeuBmIsoo0DDk1eFAJZY8p9 PVDg==
X-Gm-Message-State: AOJu0YzVB949nQtYCyCRSATofDpnMvCkiSldwNYIdkEYmDH7pksJjbZz +q959GN7flK0PU7v+IDcInDO8SgJ1LgxCCI15HHWj6S+7lnqPGZ9UDMsjw==
X-Google-Smtp-Source: AGHT+IECfRSNBr0M73J4eL0b/cCoRGjoKRVIBKplJ6LRHH0ksRSlLBUNhV45D1IEdLh/v2oMYnrT/fZ/4Ccr0wVpkKI=
X-Received: by 2002:a05:622a:580a:b0:3f3:91c7:14d4 with SMTP id fg10-20020a05622a580a00b003f391c714d4mr140042qtb.0.1691993128005; Sun, 13 Aug 2023 23:05:28 -0700 (PDT)
MIME-Version: 1.0
References: <5f94a895-f57b-564d-a646-a7c605c95c74@taugh.com> <CAP1hoySFwr1z3gmSPLTi9aTZOVtpweHjrLdFcpWKPOdUX41p=A@mail.gmail.com>
In-Reply-To: <CAP1hoySFwr1z3gmSPLTi9aTZOVtpweHjrLdFcpWKPOdUX41p=A@mail.gmail.com>
From: Wei Chuang <weihaw@google.com>
Date: Sun, 13 Aug 2023 23:05:07 -0700
Message-ID: <CAAFsWK0miB8PbQ2y2BjyGVDJE8hrYbzuLA1vP1zuXYT9GM0cFA@mail.gmail.com>
To: Mark Alley <mark.alley=40tekmarc.com@dmarc.ietf.org>
Cc: John R Levine <johnl@taugh.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005be8040602dbd99e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/XMkYzGvvDmsx4wefdKhqq1boU20>
Subject: Re: [dmarc-ietf] New Version Notification for draft-levine-dmarc-listugh-00.txt (fwd)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2023 06:05:30 -0000

Joining the chorus supporting this draft as it seems like having this
document would be a prerequisite for systematically working on the
"indirect mail flows" issues mentioned in the DMARC charter.  I would
suggest at some point expanding the details of the various scenarios
perhaps as examples.
-Wei

On Sun, Aug 13, 2023 at 7:20 PM Mark Alley <mark.alley=
40tekmarc.com@dmarc.ietf.org> wrote:

>
> +1 It looks good to me.
>
> Just a side note on the ARC section - from a consumer's point of view,
> several mail systems and filters today do have the option for ARC overrides
> on DMARC failure.
>
> Many come pre-configured with trusted sealer domains (most are loosely
> based on the ARC GitHub community sealers list).
>
> Others, such as Microsoft 365 and others, provide an administrator DMARC
> failure override capability via ARC, but relegate the sealer trust for the
> DMARC fail override feature entirely to the customer with no pre-configured
> (known reputable) sealer trusts.
>
> So, an M365 administrator not only has to understand what ARC is, and how
> to make it useful, but also who to trust based on their own interpretation
> of a sealer's reputation, which, as we already know, not all receivers and
> operators have exhaustive data points of which to make this determination,
> nor the processes or resources to do so.
>
> Most of these admins/operators (especially in the case of a service like
> M365) are usually consumers utilizing the service with cursory knowledge of
> the inner workings of email authentication, which only compounds the
> problem of ARC's effectiveness and adoption within similar services when
> the protocol is used this way.
>
> -Mark Alley
>
> On Sun, Aug 13, 2023, 4:25 PM John R Levine <johnl@taugh.com> wrote:
>
>> At the S.F. meeting I said I'd write a draft describing the problems that
>> DMARC causes for lists and forwarders.  Take a look, let me know what I
>> got wrong.
>>
>> ---------- Forwarded message ----------
>> Date: Sun, 13 Aug 2023 17:23:52
>> From: internet-drafts@ietf.org
>> To: John Levine <standards@standcore.com>
>> Subject: [standcore.com-standards] New Version Notification for
>>      draft-levine-dmarc-listugh-00.txt
>>
>>
>> A new version of I-D, draft-levine-dmarc-listugh-00.txt
>> has been successfully submitted by John Levine and posted to the
>> IETF repository.
>>
>> Name:           draft-levine-dmarc-listugh
>> Revision:       00
>> Title:          Mailing lists and mail forwarders vs. DMARC
>> Document date:  2023-08-13
>> Group:          Individual Submission
>> Pages:          7
>> URL:
>> https://www.ietf.org/archive/id/draft-levine-dmarc-listugh-00.txt
>> Status:
>> https://datatracker.ietf.org/doc/draft-levine-dmarc-listugh/
>> Html:
>> https://www.ietf.org/archive/id/draft-levine-dmarc-listugh-00.html
>> Htmlized:
>> https://datatracker.ietf.org/doc/html/draft-levine-dmarc-listugh
>>
>>
>> Abstract:
>>     DMARC introduced an authentication system intended to detect and
>>     deter domain name impersonation in mail message From header fields.
>>     Unfortunately, DMARC also has caused severe damage to mail forwarders
>>     and discussion lists.  We describe the damage and some of the
>>     workarounds.
>>
>>
>>
>>
>> The IETF Secretariat
>>
>>
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>>
>>
>>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email