Re: [dmarc-ietf] New Version Notification for draft-levine-dmarc-listugh-00.txt (fwd)
Wei Chuang <weihaw@google.com> Mon, 14 August 2023 06:05 UTC
Return-Path: <weihaw@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D07CC14F736 for <dmarc@ietfa.amsl.com>; Sun, 13 Aug 2023 23:05:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.606
X-Spam-Level:
X-Spam-Status: No, score=-17.606 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ted5ff1xDO2i for <dmarc@ietfa.amsl.com>; Sun, 13 Aug 2023 23:05:29 -0700 (PDT)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89945C14EB19 for <dmarc@ietf.org>; Sun, 13 Aug 2023 23:05:29 -0700 (PDT)
Received: by mail-qt1-x82c.google.com with SMTP id d75a77b69052e-410394dad50so21cf.0 for <dmarc@ietf.org>; Sun, 13 Aug 2023 23:05:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691993128; x=1692597928; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=HHKtoagF25Gvolp2ASN20Q5WyahfbCB/AsnbhCnuvx0=; b=KjA9gRUiVlcNd2MtYV0578yUwG0rN20Z+vepTgGP8QFDWlBeOlNL8RAvU9yBC53jFH SC51BkaFMyArVyj1g3HK92I6zqU+MQBJDCZ+QrI8tJZhPYDwAZHlPyrssS4ZRz+CMzSO Yt90JuRJFjjz7iw1PGPJRcXUAF0CpXHn5sDaCT01V7wLkUwf/s1cjssut/LeYPp7Lr4/ 4+v9o4T0X7cUcIX/xkxTU6RkqVbriP+1y8fl4cDqBv1RZW6ZeDeJJsZmy5V9sfs1HoAb FivePjJgnc4jFrIlj6QVQWa1gaIUjpwG9ReXHjXUR0SHE55F+7sagz+BcSQE4Wrzd+AH C6LA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691993128; x=1692597928; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=HHKtoagF25Gvolp2ASN20Q5WyahfbCB/AsnbhCnuvx0=; b=EFmOx2+7tgNv/uIhL6WODjrJthsU9/xoeSPjcuBpSfPo4s5Gz57EsFAff7n/MCPuJi hVZzR0SxG7y44cJqQhGHm0U79EM4194/4474Y8AJgtqfaDvd9mfo1IIvGRxhq7WBCxsG y9q24LOfvP75ktXgnhopMHPPc8hMyz1Wddqv51mgi5N3bq/pF3BLU82p8HPoMEN2GTVm UUkkxt7UGfBrilGUN5IWBjyPjDFQCmyfJ1XAVGuuGs6V+U1yCI2wITT5/3fhKu4xGjSG 16nTSP54sTGKYMOvhFmEnEpA4Z/NASrR1gBz/2LhrTHAQqeuBmIsoo0DDk1eFAJZY8p9 PVDg==
X-Gm-Message-State: AOJu0YzVB949nQtYCyCRSATofDpnMvCkiSldwNYIdkEYmDH7pksJjbZz +q959GN7flK0PU7v+IDcInDO8SgJ1LgxCCI15HHWj6S+7lnqPGZ9UDMsjw==
X-Google-Smtp-Source: AGHT+IECfRSNBr0M73J4eL0b/cCoRGjoKRVIBKplJ6LRHH0ksRSlLBUNhV45D1IEdLh/v2oMYnrT/fZ/4Ccr0wVpkKI=
X-Received: by 2002:a05:622a:580a:b0:3f3:91c7:14d4 with SMTP id fg10-20020a05622a580a00b003f391c714d4mr140042qtb.0.1691993128005; Sun, 13 Aug 2023 23:05:28 -0700 (PDT)
MIME-Version: 1.0
References: <5f94a895-f57b-564d-a646-a7c605c95c74@taugh.com> <CAP1hoySFwr1z3gmSPLTi9aTZOVtpweHjrLdFcpWKPOdUX41p=A@mail.gmail.com>
In-Reply-To: <CAP1hoySFwr1z3gmSPLTi9aTZOVtpweHjrLdFcpWKPOdUX41p=A@mail.gmail.com>
From: Wei Chuang <weihaw@google.com>
Date: Sun, 13 Aug 2023 23:05:07 -0700
Message-ID: <CAAFsWK0miB8PbQ2y2BjyGVDJE8hrYbzuLA1vP1zuXYT9GM0cFA@mail.gmail.com>
To: Mark Alley <mark.alley=40tekmarc.com@dmarc.ietf.org>
Cc: John R Levine <johnl@taugh.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005be8040602dbd99e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/XMkYzGvvDmsx4wefdKhqq1boU20>
Subject: Re: [dmarc-ietf] New Version Notification for draft-levine-dmarc-listugh-00.txt (fwd)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2023 06:05:30 -0000
Joining the chorus supporting this draft as it seems like having this document would be a prerequisite for systematically working on the "indirect mail flows" issues mentioned in the DMARC charter. I would suggest at some point expanding the details of the various scenarios perhaps as examples. -Wei On Sun, Aug 13, 2023 at 7:20 PM Mark Alley <mark.alley= 40tekmarc.com@dmarc.ietf.org> wrote: > > +1 It looks good to me. > > Just a side note on the ARC section - from a consumer's point of view, > several mail systems and filters today do have the option for ARC overrides > on DMARC failure. > > Many come pre-configured with trusted sealer domains (most are loosely > based on the ARC GitHub community sealers list). > > Others, such as Microsoft 365 and others, provide an administrator DMARC > failure override capability via ARC, but relegate the sealer trust for the > DMARC fail override feature entirely to the customer with no pre-configured > (known reputable) sealer trusts. > > So, an M365 administrator not only has to understand what ARC is, and how > to make it useful, but also who to trust based on their own interpretation > of a sealer's reputation, which, as we already know, not all receivers and > operators have exhaustive data points of which to make this determination, > nor the processes or resources to do so. > > Most of these admins/operators (especially in the case of a service like > M365) are usually consumers utilizing the service with cursory knowledge of > the inner workings of email authentication, which only compounds the > problem of ARC's effectiveness and adoption within similar services when > the protocol is used this way. > > -Mark Alley > > On Sun, Aug 13, 2023, 4:25 PM John R Levine <johnl@taugh.com> wrote: > >> At the S.F. meeting I said I'd write a draft describing the problems that >> DMARC causes for lists and forwarders. Take a look, let me know what I >> got wrong. >> >> ---------- Forwarded message ---------- >> Date: Sun, 13 Aug 2023 17:23:52 >> From: internet-drafts@ietf.org >> To: John Levine <standards@standcore.com> >> Subject: [standcore.com-standards] New Version Notification for >> draft-levine-dmarc-listugh-00.txt >> >> >> A new version of I-D, draft-levine-dmarc-listugh-00.txt >> has been successfully submitted by John Levine and posted to the >> IETF repository. >> >> Name: draft-levine-dmarc-listugh >> Revision: 00 >> Title: Mailing lists and mail forwarders vs. DMARC >> Document date: 2023-08-13 >> Group: Individual Submission >> Pages: 7 >> URL: >> https://www.ietf.org/archive/id/draft-levine-dmarc-listugh-00.txt >> Status: >> https://datatracker.ietf.org/doc/draft-levine-dmarc-listugh/ >> Html: >> https://www.ietf.org/archive/id/draft-levine-dmarc-listugh-00.html >> Htmlized: >> https://datatracker.ietf.org/doc/html/draft-levine-dmarc-listugh >> >> >> Abstract: >> DMARC introduced an authentication system intended to detect and >> deter domain name impersonation in mail message From header fields. >> Unfortunately, DMARC also has caused severe damage to mail forwarders >> and discussion lists. We describe the damage and some of the >> workarounds. >> >> >> >> >> The IETF Secretariat >> >> >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc >> >> >> > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- [dmarc-ietf] New Version Notification for draft-l… John R Levine
- Re: [dmarc-ietf] New Version Notification for dra… Hector Santos
- Re: [dmarc-ietf] New Version Notification for dra… Mark Alley
- Re: [dmarc-ietf] New Version Notification for dra… Wei Chuang
- Re: [dmarc-ietf] New Version Notification for dra… Alessandro Vesely
- Re: [dmarc-ietf] New Version Notification for dra… Hector Santos