IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC policy overrides

Scott Kitterman <sklist@kitterman.com> Tue, 02 July 2013 21:54 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63DD821F901A for <dmarc@ietfa.amsl.com>; Tue, 2 Jul 2013 14:54:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CNh4dPIJ0OCs for <dmarc@ietfa.amsl.com>; Tue, 2 Jul 2013 14:54:11 -0700 (PDT)
Received: from mailout02.controlledmail.com (mailout02.controlledmail.com [72.81.252.18]) by ietfa.amsl.com (Postfix) with ESMTP id F28BD11E8104 for <dmarc@ietf.org>; Tue, 2 Jul 2013 14:53:53 -0700 (PDT)
Received: from mailout02.controlledmail.com (localhost [127.0.0.1]) by mailout02.controlledmail.com (Postfix) with ESMTP id 1552F20E40FC; Tue, 2 Jul 2013 17:53:48 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2007-00; t=1372802028; bh=X8flGyKOa84zeVumgMNDnTPx0KGn22m8wY+Dvpi4//w=; h=From:To:Subject:Date:In-Reply-To:References:From; b=qZWGQtdozrA/5FJYy3GkZVNALjr2/apHCKT4hKlbv4zXa6hNgtIYD5cO2JRXqOhca HjqHIgmck+JFAr2rCGIuYqGmZCE3jJVQ6kRsowbPSYD1Wbqw4+cSoKB+ElJ1+e40uI wKpAo3RFgRtjptmyqMLwPEfQOAeVhP3hYUPCIG80=
Received: from scott-latitude-e6320.localnet (static-72-81-252-21.bltmmd.fios.verizon.net [72.81.252.21]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout02.controlledmail.com (Postfix) with ESMTPSA id E9A0820E40D5; Tue, 2 Jul 2013 17:53:47 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Date: Tue, 02 Jul 2013 17:53:45 -0400
Message-ID: <1458562.mnNGVq3FHH@scott-latitude-e6320>
User-Agent: KMail/4.10.4 (Linux/3.8.0-25-generic; KDE/4.10.4; i686; ; )
In-Reply-To: <51D33F23.8050502@gmail.com>
References: <77426B543150464AA3F30DF1A91365DE533DD678@ESV4-MBX01.linkedin.biz> <CAL0qLwbYYEjrnnQby9iMFOz1Vm-Azcbu2vVXigMauED+mUwSHw@mail.gmail.com> <51D33F23.8050502@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
X-AV-Checked: ClamAV using ClamSMTP
Subject: Re: [dmarc-ietf] DMARC policy overrides
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2013 21:54:24 -0000

On Tuesday, July 02, 2013 01:59:15 PM Dave Crocker wrote:
> On 7/2/2013 1:42 PM, Murray S. Kucherawy wrote:
> > It seems to me that prose which spells this out, including the costs of
> > the "override" (namely processing through to the end of DATA), is
> > potentially a fine compromise.
> 
> Since the horse is possible still having some spasms, whether alive or
> not, I'll beat it some more:  My comments are about language, not
> technical details.  My concern is that the language many folk are using
> can lead to misunderstanding what is inside or outside the spec.
> 
> > I also think it's necessary to consider some current realities.  In an
> > architecture such as the one I use, filters operate serially on the
> > data.  The SPF module runs ahead of DKIM, which in turn runs ahead of
> > DMARC.  If the SPF module decides to act on a "-all" and reject the
> > message, DMARC and DKIM simply can't happen.  DMARC, by saying SHOULD
> > over SPF, is attempting to require that the SPF module change what it's
> > doing.  That means, at least in my local example, that DMARC is not a
> > pure overlay atop SPF and DKIM.
> 
> Right. It's not.
> 
> As for DMARC 'replacing' some SPF portions, yeah, it's doing that.
> 
> If someone thinks the text is not sufficiently clear about what is
> specified to do or why, we know how to fix that.  As for /whether/ to do
> it, again, one can choose to live within DMARC or...

Ah, so DMARC is what it's defined as, so by definition any suggestion that it 
should be changed is incorrect.  Got it.  Glad we cleared that up.


Scott K

v2.23.0 | Report a Bug | By Email