IETF Logo Mail Archive

Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows

Jesse Thompson <zjt@fastmail.com> Fri, 28 April 2023 03:09 UTC

Return-Path: <zjt@fastmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30B28C151701 for <dmarc@ietfa.amsl.com>; Thu, 27 Apr 2023 20:09:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.796
X-Spam-Level:
X-Spam-Status: No, score=-2.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.com header.b="awA8RGrb"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="To+kH17S"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DrMzTFO-xikM for <dmarc@ietfa.amsl.com>; Thu, 27 Apr 2023 20:09:25 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CA63C1524BC for <dmarc@ietf.org>; Thu, 27 Apr 2023 20:09:25 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 756C23200985 for <dmarc@ietf.org>; Thu, 27 Apr 2023 23:09:24 -0400 (EDT)
Received: from imap42 ([10.202.2.92]) by compute1.internal (MEProxy); Thu, 27 Apr 2023 23:09:24 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm3; t=1682651364; x=1682737764; bh=Uz FaPr63heStNvNm9SzJ2S0ozF9UDqeFkPcPKjoV19Q=; b=awA8RGrbyjAY+su1Pu Bm34ao3uW1neiEIZpLBpGgROhutEaZP//YFO9JHnh/vSRk6CGvQ9l1s/5npE0vLr ZV0aviHTXBeRFfrufarpZf67QXvsOOcqLNYTQNghW4h5Kjx9z1cdlFvWE1WxlRX1 1oL0x56eYrJ3gMR/jzLO41nLBlnqWAqaUKb/X9pPKL7ucQF9DO1krl0IgRMj1Hf6 mFwx4o+WUT2bleg+Eq+EBc/EITOfuruEhGNWRa0KHg4AhUvhxf6tCZUpLUpgO6+0 CI3uI07hNgDcVFIqXMx1u1hQX/c25eHI214ZlqwuNRttIN1Wdmx8x8qebFaCeSac fTlA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1682651364; x=1682737764; bh=UzFaPr63heStN vNm9SzJ2S0ozF9UDqeFkPcPKjoV19Q=; b=To+kH17Sgo8D5dGtoAU9cU9UgHQiW 5h1IUvaFxZbQf9Xb4iSQO8c4C8R3wM8fDMs5363qaE1AJhvlObdmkL+TUwtqdQPs Hbse9bRoCBiRSk0DneLL0JOBJ7HEARCbazGTM8vGaj+MmHVUp81CNe/VD/9QKc2q Yz4r7QQjaX8P6GWmxyGZXqMkP+14UchNBXZT8hDonX9OoC/dIv22uPDuxaoVwqBo Mhi90WLZ6WfOX+LAjGHNDxVDPPbnxohXNiMYrNrP4+hX9TSqq3bwGZ1LVyFhXXCZ 5m0FMNkZi8cl2oLS0z6xzDseN8XXUp6cEqu5c0LAmXrZNWLE5zBxDgYkg==
X-ME-Sender: <xms:4zhLZD0d18LfYtxQ9SU_tmWRHr1LbYrv-XTXwAeYgxSYsuiA3ykIEw> <xme:4zhLZCFdDlxMrAvHdULsdESbHDls4z3UG8AttX5WfcXihpK39kGrSW_nJc2MXU4KC RU6HqzKZpfiG357sTQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfedujedgjedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsegrtd erreerredtnecuhfhrohhmpedflfgvshhsvgcuvfhhohhmphhsohhnfdcuoeiijhhtsehf rghsthhmrghilhdrtghomheqnecuggftrfgrthhtvghrnhepveeufeekiefhkeeuffehke efleffuedtgfekleeilefhvdfgteeukeefffeuhfdtnecuffhomhgrihhnpegvgigrmhhp lhgvrdhorhhgpdhlihhsthhmrghilhdqvgigrghmphhlvgdrohhrghenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpeiijhhtsehfrghsthhmrghi lhdrtghomh
X-ME-Proxy: <xmx:4zhLZD6llYkt_z7501_oONEYYYgNECGQLuV_2dp-dn3KgjrMwXHM2A> <xmx:4zhLZI17OGWbXehULKZ_zY1-SRG2oSm3KiiXO28A4urXoo6BXUcqcQ> <xmx:4zhLZGENTUAop_FaH258tWSu93sP6uO6Eq4Eihyjc5B5GIxe_p0ZiQ> <xmx:5DhLZKQSBWKe7i3zU38BEHyuoI6ZKsxzComvzvArwXtDikPC8xasqw>
Feedback-ID: i1a614672:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id DA3C1BC0078; Thu, 27 Apr 2023 23:09:23 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-374-g72c94f7a42-fm-20230417.001-g72c94f7a
Mime-Version: 1.0
Message-Id: <43461542-46e7-4312-9d4e-84ed279b94df@app.fastmail.com>
In-Reply-To: <31A475FB-09B8-4F49-9F16-990B434B9BFB@kitterman.com>
References: <20230426160609.8532BC586620@ary.qy> <B08C7AD1-B14B-43FC-BE85-DFBD5282A8DB@bluepopcorn.net> <BF125E76-EAEF-468B-93F2-3318736F932F@kitterman.com> <MN2PR11MB43511D3478D3682AABD35969F76A9@MN2PR11MB4351.namprd11.prod.outlook.com> <8fdcf7ce-f154-4a2a-80b8-12a6e53f4aa7@app.fastmail.com> <31A475FB-09B8-4F49-9F16-990B434B9BFB@kitterman.com>
Date: Thu, 27 Apr 2023 22:09:02 -0500
From: Jesse Thompson <zjt@fastmail.com>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="171e7021ea69470b9780b52a060d6c7f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ZIpN4_G5IhCxqGSWdeg5Jh9fFOs>
Subject: Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Apr 2023 03:09:30 -0000

On Thu, Apr 27, 2023, at 9:52 PM, Scott Kitterman wrote:
> 
> 
> On April 28, 2023 2:25:57 AM UTC, Jesse Thompson <zjt@fastmail.com> wrote:
> >On Thu, Apr 27, 2023, at 9:30 AM, Brotman, Alex wrote:
> >> Attempt to make it a tad more concise (I think), altering some of the language:
> >> 
> >> ---------------------
> >> There can be inherent damage to the ability to use certain SMTP-based systems in conjunction with a policy of quarantine or reject.  These could include, though are not limited to, mailing lists, forwarding services, and other types of indirect mail flows.  Especially in situations where the sending domain is SPF-only, or the intermediary is known to alter messages.  If the users of the domain may utilize these types of systems, the domain administrator MUST NOT deploy a policy of quarantine or reject without serious considerations to the impact to interoperability.  These considerations will be informed by careful analysis of DMARC aggregate reports prior to deploying such a policy.  Some third-party systems may be willing to create a workaround for these situations, though it cannot be guaranteed.  Domain owners MAY choose to create a sub-domain (listmail.example.org) or cousin domain (listmail-example.org) which uses a different policy for users wishing to utilize those service
> s.
> >> ---------------------
> >
> >I like this, and it gives room for best common practices to evolve that don't necessarily conflict.
> >
> >s/
> >    Especially in situations where the sending domain is SPF-only, or the intermediary is known to alter messages.  If the users of the domain may utilize these types of systems, the domain administrator MUST NOT deploy
> >/
> >    For situations where the sending domain is not DKIM signing all of its traffic in an aligned fashion or there is legitimate use of an intermediary known to alter messages, the domain administrator MUST NOT deploy
> >/x
> 
> I think most of this would be good in a non-normative appendix.  For my immediate purpose, I'm imagining that in addition to the [adjective] domain, there would need to be an amplification of [adjective] that would explain exactly what we mean by [adjective] and what actions a domain owner might take in order to be [not adjective].
> 
> I don't think it's formally part of the protocol, but it's quite important.

+1

v2.23.0 | Report a Bug | By Email