Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC)
"Murray S. Kucherawy" <superuser@gmail.com> Fri, 27 March 2015 06:59 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C7001A8AB0 for <dmarc@ietfa.amsl.com>; Thu, 26 Mar 2015 23:59:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WiLscbDEDtfJ for <dmarc@ietfa.amsl.com>; Thu, 26 Mar 2015 23:59:04 -0700 (PDT)
Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 800D71A8A7C for <dmarc@ietf.org>; Thu, 26 Mar 2015 23:59:04 -0700 (PDT)
Received: by wiaa2 with SMTP id a2so18455106wia.0 for <dmarc@ietf.org>; Thu, 26 Mar 2015 23:59:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=/kvJG4yZGBERHyuFWMG1fEWwNlsToTWycbxPVwqyzFg=; b=tT1Hkqq86vNsLsSlS5IeqAvVUzD65J7UeAkJIv6BkENIrZn1Cj+Lm0tvyzwAtbUVAC qCQbGWys6L6uUN0e/3SxysAyQPePg7+OqvbNXBW4+VCtZY1oNgQapXXiIr5SjIAeIZCV zO5qg3MPkHH5pGgikhoAieQG3vnjIqRBrBuzrH7mDTAllBThek8XQS5znGaopYC3Rklk zCPDzspHUyg/wRRxC/iLMLuhylnfTKDbcUMbJCn60p9Uo6bBFTVbTNaccZZA5cQaYARn AFp8qft/hF/YLkqYcJhxN8aorGR4RjoxNiDJXWSGz1HQkINlKXk3KjK3GXLl4Xjt7002 RpqQ==
MIME-Version: 1.0
X-Received: by 10.194.179.194 with SMTP id di2mr34744716wjc.4.1427439543260; Thu, 26 Mar 2015 23:59:03 -0700 (PDT)
Received: by 10.27.179.212 with HTTP; Thu, 26 Mar 2015 23:59:02 -0700 (PDT)
In-Reply-To: <87twx7j6yb.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <20150318200459.23F9B18020A@rfc-editor.org> <CAL0qLwbvp_-zt61ZBFUkChHoB55Z3RjCoMmD-uHaU3RD4RZM9Q@mail.gmail.com> <C50BF729-D096-438C-A4A6-F720E59BFC9C@gmail.com> <BL2SR01MB60534ABA5171ABD31679F4A96000@BL2SR01MB605.namsdf01.sdf.exchangelabs.com> <CAL0qLwZF2=0rDC=6bSW-koGYJN_Dpx6Otpfh_LDW59gUNY3adg@mail.gmail.com> <550CAFEE.8060706@dcrocker.net> <CAL0qLwbO4ZhpdawCG6OcYeijbRVC9sCu7za+6dVKqRBKj0n_+A@mail.gmail.com> <550D6A2D.7050500@gmail.com> <87vbhunw0v.fsf@uwakimon.sk.tsukuba.ac.jp> <550E10C5.1070509@dcrocker.net> <CAL0qLwaoxqa9f6m3+gG3tGuNG+=otQz8HbavgGVPE7z_6zpPrA@mail.gmail.com> <55100395.4060003@dcrocker.net> <30834.1427141274@vindemiatrix.encs.concordia.ca> <55107A81.6000702@dcrocker.net> <3262.1427212761@vindemiatrix.encs.concordia.ca> <6F28A207601345BBAF012FED7BE612EE@fgsr.local> <CE39F90A45FF0C49A1EA229FC9899B0525FDC496@USCLES544.agna.amgreetings.com> <B7F274B2A3B54CBC9C527223DB36F65D@fgsr.local> <55136A23.8080306@isdg.net> <CAL0qLwZp-_ahqo13KM9-XXJYcECj5H7cuK_QCjWDEYVj_6XEGA@mail.gmail.com> <201503262312.t2QNCDeF002084@shadrach.encs.concordia.ca> <87twx7j6yb.fsf@uwakimon.sk.tsukuba.ac.jp>
Date: Thu, 26 Mar 2015 23:59:02 -0700
Message-ID: <CAL0qLwbS2My9Xmr1pc3LoB1ksST1GkOKg479J6uBS-cWatOj8g@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
To: "Stephen J. Turnbull" <stephen@xemacs.org>
Content-Type: multipart/alternative; boundary="089e01419d1cea1aad05123faac9"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dmarc/ZX7NyW-s2TATw3lpXHqaPR3ZP4c>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>, Michael Jack Assels <mjassels@encs.concordia.ca>
Subject: Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2015 06:59:07 -0000
On Thu, Mar 26, 2015 at 11:22 PM, Stephen J. Turnbull <stephen@xemacs.org> wrote: > Murray's point is that "proof of illegitimacy" is probably a pipe > dream, as shown by past experience with "policy frameworks".[1] > Legitimacy, on the other hand, is fairly easy to prove, as DMARC shows > in daily use by financial institutions and in other transactional mail > flows. > Put another way, you only really know something when DMARC, DKIM, SPF, etc. produce a passing result. (Due credit to Dave for this observation.) All of them have false negatives with respect to anything that's not a direct mail flow, so "fail" results don't tell you anything conclusive if you plan to accept any sort of mail that isn't direct. What Hector characterizes as a watering down of SPF with the publication of RFC7208 was merely this fact put into text, even though it's been true since RFC4408. > Footnotes: > [1] Hector is right that they haven't really been tried, but I don't > think the chance that they'll be tried in the future is high, because > the reasons they've been hard to implement in the past remain true. > I agree. And although Hector likes to ascribe considerable power and influence to me, I'm not the one standing in the way of their success. I would happily embrace any such solution that stood a chance of working. I, and others, simply ask some basic questions about scalability of such solutions, their complexity, and their ability to be "gamed", and then they never go anywhere because there simply aren't any good answers to those questions. Thinking I might be wrong, and since the same people insist I am, I published RFC6541 (ATPS) as an experimental draft to try to tackle the third-party problem, and made a free version of it available via open source. That was over three years ago. There has been exactly one site (one person, rather) that tried it besides me and reported back about its effectiveness. Though Doug will shortly claim that ATPS saw no uptake because it is "flawed", I also had a grand total of zero operators report that they were using it in any modified form or asking me to add this or that to it before they would deploy it to production. It wasn't just an idea, it was a reality, but nobody came to play. Policy and third-party solutions haven't failed because of some cabal keeping them from seeing the light of day, unless by "cabal" you mean "group of people who agree that this won't work." These are hard problems, and the last thing any of us should want to do is foist yet another blob onto the global email infrastructure that has not been properly vetted. If an idea doesn't stand up to scrutiny or gets no uptake, or can't even get consensus in a small working group, what prayer does it have for success on the greater Internet? I want to make things better, not worse. There are those among you that disagree, I know. Does anyone have actual data (not theory, not passion, but data) that any of the policy or third-party solutions we've discussed before can work, work just about everywhere, and work at scale? If the answer to that is "no" (or, as usual, silence), then I suggest this (still!) isn't a productive use of our precious time or energy. -MSK
- Re: [dmarc-ietf] RFC 7489 on Domain-based Message… Tim Draegen
- Re: [dmarc-ietf] RFC 7489 on Domain-based Message… Murray S. Kucherawy
- Re: [dmarc-ietf] RFC 7489 on Domain-based Message… Tim Draegen
- [dmarc-ietf] Fwd: RFC 7489 on Domain-based Messag… Murray S. Kucherawy
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Terry Zink
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Douglas Otis
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Douglas Otis
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Murray S. Kucherawy
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Scott Kitterman
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Murray S. Kucherawy
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Murray S. Kucherawy
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Dave Crocker
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Hector Santos
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Dave Crocker
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) John Levine
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Dave Crocker
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Murray S. Kucherawy
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Dave Crocker
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) John Levine
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Murray S. Kucherawy
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Dave Crocker
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Anne Bennett
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) MH Michael Hammer (5304)
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Dave Crocker
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) John Levine
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Anne Bennett
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Anne Bennett
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Dave Crocker
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Anne Bennett
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Murray S. Kucherawy
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) MH Michael Hammer (5304)
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) MH Michael Hammer (5304)
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Murray S. Kucherawy
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Anne Bennett
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Murray S. Kucherawy
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Steve Atkins
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Dave Crocker
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Dave Crocker
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Steven M Jones
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Hector Santos
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Murray S. Kucherawy
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Hector Santos
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Franck Martin
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Murray S. Kucherawy
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Michael Jack Assels
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Franck Martin
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Steven M Jones
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Franck Martin
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Franck Martin
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Murray S. Kucherawy
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Murray S. Kucherawy
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Michael Jack Assels
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Stephen J. Turnbull
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) J. Gomez
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Scott Kitterman
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Michael Jack Assels
- Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC) Hector Santos