Re: [dmarc-ietf] Do is need a new ptype? Was Re: New authentication method, DNSWL

Alessandro Vesely <vesely@tana.it> Thu, 08 August 2019 09:48 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 664EE12011C for <dmarc@ietfa.amsl.com>; Thu, 8 Aug 2019 02:48:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ve1Me6RSQRgJ for <dmarc@ietfa.amsl.com>; Thu, 8 Aug 2019 02:48:43 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02B7C120044 for <dmarc@ietf.org>; Thu, 8 Aug 2019 02:48:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1565257720; bh=v1vOxvG8yCuysxrrSx2B0O6x6OrbHQNVtjGUM1D7fhE=; l=1208; h=To:Cc:References:From:Date:In-Reply-To; b=AOmw8SmI6zcei2bocMXTGXAoAs9dCYixELATPrt51IxzTZslV1iH4ZXzZddWBI5B8 5MhlypBfoiZ4tkRXsTSuUYwQEVEWNuOVIBVSuQmyOHBEoVKdfuJxfhiA1rALHynLRW i53V1/0H+lCFvO96bTGjYiDTn4OctYH6oXmTkTbjINrp7P69kWcNkoDU5Rtt1
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [192.168.1.101] ([5.170.69.76]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLSv1.2, 128bits, ECDHE-RSA-AES128-GCM-SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC056.000000005D4BEFF8.0000610C; Thu, 08 Aug 2019 11:48:40 +0200
To: "Murray S. Kucherawy" <superuser@gmail.com>, Matthias Leisi <admins@dnswl.org>
Cc: IETF DMARC WG <dmarc@ietf.org>
References: <e580ada3-d9b5-0e5b-9ac3-eade41ac92d2@tana.it> <CAL0qLwa5yR5dVzkDSD48MDgpUa11+ri=KOwrNSqOxi8fB2i6PA@mail.gmail.com> <eabefc6b-7542-1a46-4272-b786433ed0b5@tana.it> <4783309.BXR8ZdE9c3@l5580> <CAL0qLwb5FAaYZ7AX_H=aeUFkv8cvY+xd1bQ5uCDp4tmrbx2CQg@mail.gmail.com> <7a21b80b-e6bb-d8b9-cf63-601a8d1e47e7@tana.it> <C1E711A8-F3A6-4A20-B71D-53FA773A61D9@kitterman.com> <aca25d30-3b01-4eaf-6d0b-3bae6f3f796b@tana.it> <CAL0qLwaY=YPskxLwZXkm9Gj4yvYEdJTMBSECOxvg6B4+Xb4EJA@mail.gmail.com> <a2bcc8a6-8fe6-54b8-5134-f1c51f74a35d@tana.it> <CAL0qLwa2LAQsCNRtN-dS9oxmTDRyEQNDiQtyWTDCWh_NkMVdvQ@mail.gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Openpgp: preference=signencrypt
Message-ID: <b32420b1-2854-d606-119b-fa2fb7e33c00@tana.it>
Date: Thu, 8 Aug 2019 11:48:32 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <CAL0qLwa2LAQsCNRtN-dS9oxmTDRyEQNDiQtyWTDCWh_NkMVdvQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/_wy0bozmtMugrSI6jDLEA8Dfz3I>
Subject: Re: [dmarc-ietf] Do is need a new ptype? Was Re: New authentication method, DNSWL
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Aug 2019 09:48:44 -0000

On Wed 07/Aug/2019 17:14:22 +0200 Murray S. Kucherawy wrote:
> On Sat, Aug 3, 2019 at 8:28 AM Alessandro Vesely  wrote:
>>
>> IOW, dnswl=pass means the sender was whitelisted.
> 
> 
> If that's the case, why do downstream agents need "policy.ip" at all?


To be whitelisted just means that the sender is a legitimate SMTP
server, AFAICS.  I add Matthias to the recipients list as he can be
much more precise on such criteria, at least for the whitelist he runs.

policy.ip carries more details.  In my use case, "HEURISTIC" viruses
have a significant probability of being false positive.  A downstream
filter extracts the trustworthiness from the policy.ip and makes a
decision based on that value.  Note that this filter runs after the AV
filter, after the end of DATA, while dnswl=pass can be used at HELO to
mitigate SPF forwarding issues.

Some ISPs, albeit whitelisted, either have policies so sloppy as to
tolerate infected customers, or don't spend enough energy to sanitize
them anyway.  The trustworthiness somehow reflects that quality.
Dnswl.org also reports the category, another octet of policy.ip.


Best
Ale

-- 
https://tools.ietf.org/html/draft-vesely-authmethod-dnswl