Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
John Levine <johnl@taugh.com> Sun, 19 July 2020 15:08 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 175403A095D for <dmarc@ietfa.amsl.com>; Sun, 19 Jul 2020 08:08:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.7
X-Spam-Level:
X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, PP_MIME_FAKE_ASCII_TEXT=0.999, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1536-bit key) reason="fail (message has been altered)" header.d=iecc.com header.b=u++D+WYJ; dkim=fail (1536-bit key) reason="fail (message has been altered)" header.d=taugh.com header.b=pXyqu+8r
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xyX3gRMXkoxU for <dmarc@ietfa.amsl.com>; Sun, 19 Jul 2020 08:08:17 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5F7B3A095C for <dmarc@ietf.org>; Sun, 19 Jul 2020 08:08:16 -0700 (PDT)
Received: (qmail 50805 invoked by uid 100); 19 Jul 2020 15:08:15 -0000
Date: Sun, 19 Jul 2020 15:08:15 -0000
Message-ID: <rf1nkv$1hj6$1@gal.iecc.com>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:references:in-reply-to:cleverness; s=c66a.5f1461df.k2007; i=news@user.iecc.com; bh=x79n1STEroYxQgw/GIjdi+pgGJvHlOlUUEYSOC/Bdu0=; b=u++D+WYJmFoJNbCLwNzwcaSYOzEGOQhrxf8NK72IDjKTPatNdZwi+6rRxVqHpa0Z6NDByDALyykj11jOvVRmJXqiZVMwGUIOX20xCELWBCm4ZnsAwD3IAdJLC62rFxj+ku0mFBBRpCMADQZX6Mn+Eupkz5gp/qGUg7bPUsXW9p0wCh84qlhF/F6mH86kDAMBWqIhphr8BdqK8Bt9Tdt9hvj6mUo8PqwGcngayAq6OE/BKPOSN7atRZu+3pCDzSNd
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:references:in-reply-to:cleverness; s=c66a.5f1461df.k2007; olt=news@user.iecc.com; bh=x79n1STEroYxQgw/GIjdi+pgGJvHlOlUUEYSOC/Bdu0=; b=pXyqu+8rtXPVSrV4WO5lnep1OkUuM9NLXt0uri7lB8iQFUJaivULYUqU7f8Jo9qESV2MolnVFhhQDwi1d4xeV66AWxMNY69jCXIgG/2mYCWgmPdZAyIoo7rrxJoNTFrsYf0/8yd1GyjUL42H6jvFOMjGCUZrn4Ir+wTWjeV0lYcCK/YFQ53wCIDg5Kz1IQyHGaFGFD4peFmTEp3nxr/Tn7AhJWsFNAhVEhByjR6txtnCrtWTFtumhD8hgm0RTpKY
Organization: Taughannock Networks
References: <cd9258e6-3917-2380-dd9b-66d74f3a64d3@gmail.com> <20200717210053.674D61D2C431@ary.qy> <CAL0qLwbkhG-qUyGqxaEjcFn2Lb7wPMhcPFEMA8eqptBJpePPxA@mail.gmail.com> <0bbf7999-0b40-401f-24d0-09eb1c8ec2d4@gmail.com>
In-Reply-To: <cd9258e6-3917-2380-dd9b-66d74f3a64d3@gmail.com> <20200717210053.674D61D2C431@ary.qy> <CAL0qLwbkhG-qUyGqxaEjcFn2Lb7wPMhcPFEMA8eqptBJpePPxA@mail.gmail.com> <0bbf7999-0b40-401f-24d0-09eb1c8ec2d4@gmail.com>
Cleverness: some
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: johnl@iecc.com (John Levine)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/_kT7g_FEYx97V-XTdhgsqUlGETw>
Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jul 2020 15:08:19 -0000
In article <0bbf7999-0b40-401f-24d0-09eb1c8ec2d4@gmail.com>, Dave Crocker <dcrocker@gmail.com> wrote: >On 7/18/2020 5:16 PM, Murray S. Kucherawy wrote: >> At some point in the past, Gmail decided to show the email address >> only unless that address was in the recipient's contact list, > >btw, I just logged in to gmail's web interface -- I normally access via >imap -- and it is only showing display-name text. No email address for >any of the messages. As far as I can tell, I have no address book at gmail. I just sent my Gmail account a test message from an address that never existed before, and it only showed the display name in the web site and the iOS and Android apps. This tells us that at least at one big gorilla, the header address isn't something that users see. This leads to two questions, one being why the From address is a better authentication handle than, say, DKIM d=. The other is that if the users don't see the address, why do we care if mailing lists change it? I think I have some reasonable answers, starting with the way it screws up replies. something we know from experience that Reply-To can't fix. R's, John -- Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- [dmarc-ietf] Response to a claim in draft-crocker… Kurt Andersen (IETF)
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker on behalf of Kurt Andersen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] no from addresses nowhere, Respo… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Benny Lyne Amorsen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Benny Lyne Amorsen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Doug Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- [dmarc-ietf] DMARC marketing Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Joseph Brennan
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Benny Pedersen
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Benny Pedersen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] DMARC marketing Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker