Re: [dmarc-ietf] Ticket #1 - SPF alignment

John R Levine <johnl@taugh.com> Sat, 30 January 2021 21:57 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A44453A11B4 for <dmarc@ietfa.amsl.com>; Sat, 30 Jan 2021 13:57:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=B4nuguMz; dkim=pass (2048-bit key) header.d=taugh.com header.b=KvgGNapm
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FEqS8UxknPVZ for <dmarc@ietfa.amsl.com>; Sat, 30 Jan 2021 13:57:49 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C269C3A11B2 for <dmarc@ietf.org>; Sat, 30 Jan 2021 13:57:48 -0800 (PST)
Received: (qmail 15074 invoked from network); 30 Jan 2021 21:57:45 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=3ae0.6015d659.k2101; bh=t12jVdXgZ5ADu3gcBngE5iO0XMcL9psOztSAGtYF4qk=; b=B4nuguMz59fppCioiUPFyDVU4J8j7hvWTx0la1bm7BD41JHUAieqR+MMopJC91YWqeJfUO3ikmW0RPbtHSS21rOfSh3vZTZd/pOnsABUq3bpZPw81QnuecShyK0HLwqeBxMnr7XXtqnGJ2nhm59ldYCyuY0xmnKkyhegpNv0tRKhS158LeeWVYi0TG6+Mo/x+a5eN7v5+r9z+SgFeBzPBNERYKgvDDJrVA59RFAegJK6Z+ZUMmlcrYS6GnurY8SAe15x5e50mo55MQAHALFyixgHzljkuIH1DVAOBhWNK2uzr1yklbrps4s8h82qOkBsNAcSYFk3h0x/6obx+6xN2A==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=3ae0.6015d659.k2101; bh=t12jVdXgZ5ADu3gcBngE5iO0XMcL9psOztSAGtYF4qk=; b=KvgGNapmpmjwSFA6LaxAk6OVu9LRFMbBIZcIDqEB+Lk5U8KgkUm7DEa9siSHMyClcIgEtmlybsgRgFggG3vYfQFJcqJBZEbLXGPw7+A16PSZA1+pZgcPfl3x3bw8IBjUcn15XHWWEG/j5dBFecfwKud9r3VEZLcJ/AjtppTSNLf8ZHkmwZZFiFkv86cPEDOa7XCKKWeIQdiMj7FQDX1Qrc1X2JFgeEZ/K9aty1OTXhT+TiRCT7KJ79FRP8FL6Cr221UufTy3M/TUt2hH9986rNAhr/gQ/xkvH+FwjMfel3AKTSM6bTYnJFLSCR0l6BFoox3oFkhXGFX5lB+yhh8eFg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 30 Jan 2021 21:57:45 -0000
Received: by ary.qy (Postfix, from userid 501) id CFF906D04E33; Sat, 30 Jan 2021 16:57:44 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id 7FCB46D04E15; Sat, 30 Jan 2021 16:57:44 -0500 (EST)
Date: 30 Jan 2021 16:57:44 -0500
Message-ID: <1edea785-2420-9812-643-c38bc4bf9577@taugh.com>
From: "John R Levine" <johnl@taugh.com>
To: "Jim Fenton" <fenton@bluepopcorn.net>, "John Levine" <johnl@taugh.com>
Cc: dmarc@ietf.org
In-Reply-To: <66EB1EFC-753D-49FA-8652-BABB10397990@bluepopcorn.net>
References: <20210130212339.447316D04763@ary.qy> <66EB1EFC-753D-49FA-8652-BABB10397990@bluepopcorn.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1702332684-1612043864=:95229"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/YT4tVxYjNq2MeeQL_AYq8VagIhA>
Subject: Re: [dmarc-ietf] Ticket #1 - SPF alignment
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2021 21:57:51 -0000

>> This is DMARC -- the HELO domain has to match the header From: and there
>> has to be an SPF record that validates it.
>
> True, but only if the MAIL FROM address is null and there isn’t a valid 
> aligned DKIM signature.

True, but I don't see why that matters.

>> The most plausible case is that it's a bounce messsage
>>
>>  From: MAILER-DAEMON@mta27.foo.bar.example.com
>> 
>> the MAIL FROM is null, HELO is mta27.foo.bar.example.com, and the SPF
>> record for mta27.foo.bar.com says that IP is OK.
>
> So in this case, why involve the HELO at all? One could just check the SPF 
> record of the header From: that it’s trying to align with. Except that’s 
> probably SenderID, not SPF.

Because that's how DMARC works.  The header From has to match a DKIM or 
SPF identity.

Part of the problem here is that DMARC generally sits on top of an SPF 
library which doesn't tell you how it got its result.  My DMARC code just 
calls the SPF library and uses the result.  I suppose I could put in a 
hack to say don't use the SPF result if the MAIL FROM is null, but I don't 
think that's what 7489 says.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly