Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
Alessandro Vesely <vesely@tana.it> Mon, 17 August 2020 09:57 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A278C3A1473 for <dmarc@ietfa.amsl.com>; Mon, 17 Aug 2020 02:57:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.047
X-Spam-Level:
X-Spam-Status: No, score=-3.047 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.949, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wrBO4f4FTC0F for <dmarc@ietfa.amsl.com>; Mon, 17 Aug 2020 02:57:57 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 369F93A146F for <dmarc@ietf.org>; Mon, 17 Aug 2020 02:57:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1597658274; bh=yt+eoysYM8S3MhIM8pOOumRDtTDOdl6t5gIaKm2QmjQ=; l=4122; h=To:Cc:References:From:Date:In-Reply-To; b=CriJD8Vm/ySfiyzE0QtCqryunx7kI3y332OAQI2DwRiFj6CU9r+Z+jRNn5JouaiC8 qay3s86XelpwPQ//qmLaratHgk0YVXA802HHp/8pEJN1jko5azMWJ5ulCudHVPRym2 t259cY8ZlIPZt0/0XTG9ieJR/HEbH5l1TIA2ZHJ6k4x8wbPvlti3pt0WPJDNy
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [192.168.1.102] ([5.170.69.62]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC026.000000005F3A54A1.00006FC7; Mon, 17 Aug 2020 11:57:53 +0200
To: dcrocker@bbiw.net
Cc: IETF DMARC WG <dmarc@ietf.org>
References: <CAJ4XoYcFbh8-nAxjxzzRgUahFfhcgcZQ2yMF2ewv_-DgUmhL=g@mail.gmail.com> <20200814164237.313071E971DB@ary.local> <CAJ4XoYeqj_5mpZu1PZP4rNfrWRyC5gC-2dfK7oX9xQHiR24QeA@mail.gmail.com> <085c6a5f-5451-ae8c-4873-133673ba1754@tana.it> <CAL0qLwaVUi9QtV4zcCwncuy4N3YPwsGZPzFfd1q19io79UG2VQ@mail.gmail.com> <c1844590-4b12-9763-21c5-6ac5b730321b@tana.it> <6358f3da-806b-f4eb-b9a0-8ee8ce4121d7@dcrocker.net> <4e549ca6-6047-6ff2-325c-fe8d7247e157@tana.it> <c972e0af-b589-1780-47b3-8cb2a2024ec2@dcrocker.net> <13a0ed72-2c5a-8ba6-84ab-b857e29403f1@tana.it> <1703e878-e20a-8ae2-09e8-25470c0cf5f8@dcrocker.net>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <e89a5551-f8cc-2d8e-4bfb-65fef943e9fe@tana.it>
Date: Mon, 17 Aug 2020 11:57:48 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <1703e878-e20a-8ae2-09e8-25470c0cf5f8@dcrocker.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/XzgHCOQopr_SIjF1ELcX8rthbUg>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2020 09:57:59 -0000
On Sun 16/Aug/2020 20:16:17 +0200 Dave Crocker wrote: > >>>>> If I put my gmail address into the from field, there is no >>>>> pretending, no matter what platform I am using. >>>> >>>> >>>> That conflicts with the coarse-grained authentication strategy, >>>> established at the FTC Email Authentication Summit in November >>>> 2004, as Doug^W Michael recalled >>> >>> 1. I was making a semantic point, not a technical or technical >>> policy one. >> >> They have to match at some point. > > it would be nice, wouldn't it? > > but that's separate from the factual statement I made. Separate but related. >>> 2. There was nothing 'established' at that event. There were >>> interesting discussions, but that's all. >> >> >> I wasn't there. Can't it be considered the historic event that >> marked domain-level authentication as the promising strategy to >> counter email abuse? > > Reference to that event as if it 'established' anything is misguided, > at best. The meetings were helpful, but not definitive. And the > efforts at domain level authentication were wholly independent of > these events. Would it be still correct to mention that summit as a conspicuous event that testifies the emergence of domain-level authentication around the early 2000s? > As already noted on this list, the events served as a plea from the > government and, therefore, a signal that the government was concerned. A noteworthy historical detail. >>>> Your gmail address needs to be authenticated by gmail. >>> >>> Good grief, no. There is no system rule to that effect. DMARC >>> created that, but no policy before it was in place, never mind >>> accepted. >> >> >> DMARC took that strategy to the extremes. A number of users and >> operators seem to have accepted it. Why cannot we accept it too? > > That DMARC does something and that some people use it is quite > different from claiming that there was some grand change in the > semantics and operational policy of email. Why can't THAT be accepted? There's been a combination of events, from IETF's reluctant laissez-faire to Yahoo/AOL adoption, which brought up the illusion that email authentication can provide a global means to counter spoofing. To believe that such illusion will come true makes for a strong motivation. Couldn't we meet somewhere halfway? I can see that you, John, Herr Hammer, and other relevant participants don't accept that domain-level authentication is semantically mandatory. What d'you reckon about the possibility that such grand semantic change can be made official within the next 10~20 years? I think that by just spelling the technical means /as if/ such change is going to happen, we can design a consistent authentication protocol. >>>> Sending From: bbiw.net, SPF-authenticated as dcrocker.net, and >>>> whitelisted as yet another domain (songbird.com) can hardly be >>>> verified. There is no "pretending", since it's you, but it is not >>>> formally distinguishable from spoof, is it? >>> >>> Whether valid and invalid uses can be distinguished does not alter >>> the fact that valid uses are valid. >> >> The problem is to find the technical means that allow receivers and >> recipients to verify such validity. > > Of course. But when it's at the expense of valid use that has worked > for 45 years, then those means are problematic. Highly. It seems to me most expenses have been paid already, for example this mailing list is applying From: rewriting. We don't need to propose further restrictions. To the opposite, there are means on the table[*] that can enable us to sketch a time horizon where From: rewriting can cease. 16 years have passed since the FTC event, which is 1/3 of those 45. What I see looks much like a very mild shift. Lazy operators have plenty of time before the semantic change is established, at some point in the medium-term future, if ever. Best Ale -- [*] For MLMs to resume traditional address usage, the most promising I-D's is dkim-transform, IMHO.
- [dmarc-ietf] Call for Adoption: DMARC Use of the … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Kurt Andersen (b)
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Jim Fenton
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Brandon Long
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John R Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John R Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Joseph Brennan
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Rolf E. Sonneveld
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Brandon Long
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … David I
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Jim Fenton
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Brandon Long
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John R Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … ned+dmarc
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Kurt Andersen (b)
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Kurt Andersen (b)
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- [dmarc-ietf] I Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- [dmarc-ietf] Objections to Sender header as overr… Brandon Long
- Re: [dmarc-ietf] Objections to Sender header as o… Brandon Long
- Re: [dmarc-ietf] Objections to Sender header as o… Murray S. Kucherawy
- Re: [dmarc-ietf] Objections to Sender header as o… Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Jesse Thompson
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Vittorio Bertola
- Re: [dmarc-ietf] ARC usage, was Call for Adoption… John Levine
- Re: [dmarc-ietf] ARC usage, was Call for Adoption… John Levine
- Re: [dmarc-ietf] ARC usage, was Call for Adoption… Jesse Thompson