IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

"Douglas E. Foster" <fosterd@bayviewphysicians.com> Tue, 06 October 2020 02:14 UTC

Return-Path: <btv1==548709ad3b1==fosterd@bayviewphysicians.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEB473A0EEC for <dmarc@ietfa.amsl.com>; Mon, 5 Oct 2020 19:14:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bayviewphysicians.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KFAi9NqykCiC for <dmarc@ietfa.amsl.com>; Mon, 5 Oct 2020 19:13:58 -0700 (PDT)
Received: from mail.bayviewphysicians.com (mail.bayviewphysicians.com [216.54.111.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32C4B3A0EF2 for <dmarc@ietf.org>; Mon, 5 Oct 2020 19:13:57 -0700 (PDT)
X-ASG-Debug-ID: 1601950432-11fa31207327b30001-K2EkT1
Received: from webmail.bayviewphysicians.com (smartermail4.bayviewphysicians.com [192.168.1.49]) by mail.bayviewphysicians.com with ESMTP id bSd59xRhuuV70lOO (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO) for <dmarc@ietf.org>; Mon, 05 Oct 2020 22:13:52 -0400 (EDT)
X-Barracuda-Envelope-From: fosterd@bayviewphysicians.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.1.49
X-SmarterMail-Authenticated-As: fosterd@bayviewphysicians.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bayviewphysicians.com; s=s1025; h=message-id:reply-to:subject:to:from; bh=Be4sBQCnrf53JVxiCc5R5KBDZ9Ny2LCKv8mvZzfJq8g=; b=BADP3IYi3pdCIQxsrFwV6FTJz1RUA9ds7QBN3PqQvYHkKHzjEm5WbIagCIlSGiPCV krNt1LNtLmbAdm5ijbGFf5b1qOMFXqNguw8ujl+0oQZMcYQWcOHMoxh/7lpEgW7It wAogYrFSF8nBP3l4BTCagoUS7CrgsM9/bbHIDffKM=
From: "Douglas E. Foster" <fosterd@bayviewphysicians.com>
To: dmarc@ietf.org
Date: Mon, 05 Oct 2020 22:13:45 -0400
X-ASG-Orig-Subj: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
Reply-To: fosterd@bayviewphysicians.com
Message-ID: <8bf5fc0363e1493890fb7496a8a35ceb@bayviewphysicians.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="307e52deb1d14fcf850587d110d99d48"
In-Reply-To: <c46003a4-1200-e9f4-4608-c1edf3717238@wisc.edu>
References: <20200927171611.838B321D9BAD@ary.qy> <5069099.lO0Lvmlme3@zini-1880> <CABuGu1oSshRN20twB6w1r6bnDDt8sunkPG9JY=V8Nme1Y5hVUg@mail.gmail.com> <c46003a4-1200-e9f4-4608-c1edf3717238@wisc.edu>
X-Exim-Id: 8bf5fc0363e1493890fb7496a8a35ceb
X-Barracuda-Connect: smartermail4.bayviewphysicians.com[192.168.1.49]
X-Barracuda-Start-Time: 1601950432
X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384
X-Barracuda-URL: https://mail.bayviewphysicians.com:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at bayviewphysicians.com
X-Barracuda-Scan-Msg-Size: 13942
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.85100 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/YQ7_w7PWhd1ZuGaqeRBIzvdZK8w>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2020 02:14:01 -0000

>From Rewrite
------------------
The need for From rewrite was predictable, based on the experience with SPF.  It should have been included in the original specification.

SPF says that "The last domain to handle this message must authenticate itself."   If the message is sent directly, this is achieved by the domain owner's server identity, SMTP MailFrom identity, and SPF policy.   If the message is relayed for any reason, the SMTP MailFrom must be rewritten while also protecting the Return-Path.   SRS is the most common implementation for doing this, but there are other possibilities.

DMARC says that "The last domain to alter this message must authenticate itself."   If the message is sent without modification, the domain owner's DKIM signature authenticates the message whether it is sent directly or relayed.   If it is altered in transit by a mediator, the mediator must rewrite the From address while protecting the recipient's perception of authorship and also protecting the Reply-To.    The most common method seems to be user=domain@listdomain, but there are other possibilities, including my suggestion of useralias.listname@listdomain.

These requirements are inevitable consequences of the criterion being imposed.    So an important question is whether the end-user's dislike of From rewrite is sufficient reason to ignore the security benefits that DMARC provides.

Exception Mechanisms
-------------------------------
Both SPF and DMARC are subject to configuration errors by the domain owner, as well as abuse by "essential" sources of incoming mail.  Therefore implementations SHOULD provide an exception mechanism which does not create side-effect risks.   I have major grievance with commercial products that do not provide safe and sufficient exception mechanisms.  I would like the specification to document exception handling as a requirement.

ISP Limitations
--------------------
I am told that Office365 allows clients to place their own email filter in front of the one provided by Microsoft.  I don't know whether that solves the black box problem that Jesse raises. 

Consensus
---------------
I thought the group had informally agreed that none of the alternative authentication mechanisms had a reasonable expectation of widespread implementation.   If so, the discussion comes down to those who believe DMARC is a disaster that needs to be undone, and those who believe that DMARC is a good thing that needs to be formalized.   I see no available path to consensus between those two positions.

Doug Foster

----------------------------------------

From: jesse.thompson=40wisc.edu@dmarc.ietf.org
Sent: 10/5/20 8:22 PM
To: dmarc@ietf.org
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

On 9/28/20 10:35 AM, Kurt Andersen (b) wrote:
> On Sun, Sep 27, 2020 at 11:23 AM Scott Kitterman <sklist@kitterman.com <mailto:sklist@kitterman.com>> wrote:
>
> On Sunday, September 27, 2020 1:16:11 PM EDT John Levine wrote:
>
> Agreed.  Maybe it would help if someone who takes the latter view would
> explain what they think RFC 7489, Section 6.6.2, Step 6 is for:
>
> >    6.  Apply policy.  Emails that fail the DMARC mechanism check are
> >        disposed of in accordance with the discovered DMARC policy of the
> >        Domain Owner.  See Section 6.3 for details.
>
> I don't think that says "then toss the results into your classifier".
>
>
> You completely ignored section 6.7 (Policy Enforcement Considerations) which states:
>
>> Final disposition of a message is always a matter of local policy.
>
> Local policy could be considered "the output of some classifier" or other mechanics left to the invention of the receiver.
>
> This is a part of the documented DMARC spec, not a change.

Reading this thread, it comes to my mind that the "fundamental disconnect" that John raises is partly caused by an externalized factor: the shift to cloud mailbox hosting. The roles, responsibilities, and assumptions have changed.

The receiver, who is now a customer of an ISP, does not have the ability to "invent mechanics" because the tools aren't provided by the ISP. The ISP, of course, has a good reason to K.I.S.S. for support.

It means that the ISP takes over responsibility for local policy mechanics to a greater extent. Falling short of providing their customers a platform to invent mechanics the ISP will just implement the none|reject|quarantine mechanics and say they "support DMARC".

Even if the ISP has proprietary local policy mechanics that they apply to all of their customers' inbound mail, they aren't likely to document it in great detail or offer many exemptions. It's a black box.

e.g. I find it hard to imagine that an ISP would have the willingness to exempt a boutique MLM for all of their customers, so ARC, in and of itself, doesn't really help MLMs move away from From munging. Does it make sense to suggest that in order for ARC to succeed, then ISPs need to offer a way for their customers to define their trusted intermediaries? What if the ISP chooses not to offer that? Do they "support ARC" in a meaningful way?

For the "filtering signal" viewpoint to succeed, I would ask: is there a need to define some local policy mechanics into the spec so that the ISP can be held to account by customers to "fully support DMARC". If the ISP offers no adequate mechanics to do signal filtering, then that ISP's hosted receivers cannot realistically support DMARC based on the assumption baked into DMARC that receivers can and will implement override mechanics.

The roles have changed, which has diluted the "filtering signal's" value mostly to the ISPs, and the benefit to receivers is metered by the extent to which the ISPs are willing to build a platform for their customers to invent mechanics.

If the shift to cloud is incompatible with "filtering signal" mechanics for local policy overrides, is DMARC's only value left to receivers "what users see" and the simplistic none|quarantine|fail mechanics, as defined?

Jesse

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email