IETF Logo Mail Archive

Re: [dmarc-ietf] SPF follies, WGLC editorial review of draft-ietf-dmarc-dmarcbis-30

Richard Clayton <richard@highwayman.com> Sun, 31 March 2024 22:28 UTC

Return-Path: <richard@highwayman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33162C14F698 for <dmarc@ietfa.amsl.com>; Sun, 31 Mar 2024 15:28:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=highwayman.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M8_IXUHQuOG5 for <dmarc@ietfa.amsl.com>; Sun, 31 Mar 2024 15:28:33 -0700 (PDT)
Received: from mail.highwayman.com (mail.highwayman.com [82.69.6.249]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F04DDC14F602 for <dmarc@ietf.org>; Sun, 31 Mar 2024 15:28:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=highwayman.com; s=rnc1; h=MIME-Version:In-Reply-To:References:Subject:From: To:Date:Message-ID:Sender:Reply-To:Cc:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=20nUdzg9yFrFbea68aoEaJhCHjOWBKilx4UnlO7iQMI=; t=1711924112; x=1712788112; b=Oaqj/Zl4fQ3TSRSA4dVBQCMYaAMf17TGhsInDvbnTHwdnqOUntRjJ2TnoTi7f2QObj50nZy34fw YvJb8cmrWu079fhHh+S2Q6bwwZ9nvA0zVOnX3cGIY9zC2pwwbg0MIpePIBZF9V2kBqr1hcTnQiCY2 g+4Km/s2/4zyz6JujH9jpLzXL/rVTqmTPHFSqx8JJpZKy00j4oBvBHiLgzAzZYZWb9avbscvMITlz +dm77dwJ2FGa62ET7+tzUcXVYZj5QmeDz4GEOO01mXkqf09f1YA8LHiTvCYf19tFPBvxlj8DQRPrg LOzh1mo9rpAIBdQqG9k5dzmT9SGnjGbgki4g==;
Received: from localhost ([127.0.0.1]:32697 helo=happyday.al.cl.cam.ac.uk) by mail.highwayman.com with esmtp (Exim 4.97.1) (envelope-from <richard@highwayman.com>) id 1rr3fB-0000000020k-3ShN for dmarc@ietf.org; Sun, 31 Mar 2024 22:28:29 +0000
Message-ID: <lIU60SB3NeCmFAG+@highwayman.com>
Date: Sun, 31 Mar 2024 23:28:07 +0100
To: dmarc@ietf.org
From: Richard Clayton <richard@highwayman.com>
References: <eda55c54-c149-475c-8117-bfdf3885a883@tekmarc.com> <20240331180009.F36CD8687B50@ary.qy> <CAOZAAfP9tXi80Fi=ZkgPpGwHo1fDbdSOZwVcnuPDbbc2xQd-7A@mail.gmail.com>
In-Reply-To: <CAOZAAfP9tXi80Fi=ZkgPpGwHo1fDbdSOZwVcnuPDbbc2xQd-7A@mail.gmail.com>
MIME-Version: 1.0
X-Mailer: Turnpike Integrated Version 5.03 M <vB1$+TWD77$tOMKL72S+duKF03>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/YkXTBxqA0Zlqk-hehVRt2roFno0>
Subject: Re: [dmarc-ietf] SPF follies, WGLC editorial review of draft-ietf-dmarc-dmarcbis-30
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Mar 2024 22:28:38 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <CAOZAAfP9tXi80Fi=ZkgPpGwHo1fDbdSOZwVcnuPDbbc2xQd-
7A@mail.gmail.com>, Seth Blank <seth=40valimail.com@dmarc.ietf.org>
writes

>    Some Mail Receiver architectures implement SPF in advance of any 
>    DMARC operations. This means that an SPF hard fail ("-") prefix on 
>    a sender's SPF mechanism, such as "-all", could cause that 
>    rejection to go into effect early in handling, causing message 
>    rejection before any DMARC processing takes place, and DKIM has a 
>    chance to validate the message instead of SPF. Operators choosing 
>    to use "-all" to terminate SPF records should be aware of this. 

I understood what this said thus far ... but I wonder what it is doing
in a document about DMARC.   Some architectures may reject email from
IPs listed in the PBL ... again nothing to do with DMARC. This isn't a
document on how to improve deliverability is it ?

>    Since DMARC only relies on an SPF pass, all failures are treated 
>    equally. 

This makes less sense ... I think you mean something like, when
considering whether or not SPF has passed, the type of failure is
irrelevant to DMARC  (since clearly DMARC does not even require SPF be
specified at all...)

>Therefore, it is considered best practice when using SPF 
>    in a DMARC context for domains that send email to end records with 
>    a soft fail ("~" / "~all").

I don't see why it is Best Practice ... it rather depends what you wish
to achieve doesn't it ?

>    Could this work with simply the removal of the last sentence 
>    covering best practice?

the more that was removed the better

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBZgnjd92nQQHFxEViEQIkVgCeIQIwiTYO3rZbipFmFTNUn8BpmFEAn2lc
a+iTWfEDnYmwReECYdekhMkO
=IR3+
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email