Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

[Scott Kitterman <sklist@kitterman.com>]

On Friday, April 14, 2023 1:38:42 PM EDT Alessandro Vesely wrote:
> On Wed 12/Apr/2023 13:41:16 +0200 Laura Atkins wrote:
> >> On 12 Apr 2023, at 12:21, Douglas Foster
> >> <dougfoster.emailstandards@gmail.com> wrote:
> >> 
> >> Any form of security creates inconvenience.
> > 
> > Yes. And we make tradeoffs between that. In this case, the security is
> > ensuring that users at specific domains can and should only send mail
> > through approved channels managed by those domains. Many users have
> > violated those security policies, by participating in mailing lists. This
> > caused problems for other folks on the mailing lists - as they were the
> > ones removed from the list due to the security policy. The lists
> > responded by rewriting. This causes yet more inconvenience to other
> > subscribers and, additionally, allows the users to bypass their domain
> > security policy.
> > 
> > I am not seeing how this creates an arena of security.
> 
> Security is not From: munging.  That's the workaround that security
> requires.
> >> Based on the header rewriting done by IETF, I have a hard time seeing how
> >> its rewrite of Comcast addresses can cause any of the problems that you
> >> cite.> 
> > That’s how the IETF rewrites, it’s not how everyone rewrites.
> 
> Couldn't the IETF say how to rewrite?
> 
> >> But does your domain require even headers to be rewritten?    Why doesn't
> >> IETF ask you, and omit rewrite if that is what your domain wants?> 
> > Because that doesn’t scale for the IETF.
> 
> Mailman options do scale.  From: rewriting is going to fade off by first
> allowing single subscribers to disable it, for the posts directed to them,
> after their MX set up some kind of agreement with the MLM.
> 
> >> It is hard for me to cry over mailing lists when they cannot ensure that
> >> a post comes from the asserted poster and they cannot adapt their DMARC
> >> defenses to the preferences of the recipient domains.   Life is hard.  
> >> It only gets harder if I wait for someone else to solve problems that I
> >> can solve myself.> 
> > I don’t understand how header rewriting ensures the authenticity of a
> > poster. Given the data is being modified by the MLM, it seems to me that
> > rewriting compounds the problem.
> It doesn't.  The authenticity should be checked on entry.  THIS IS ABUSE
> post had dkim=fail by ietfa.amsl.com, but they didn't bother rejecting for
> that, which is what they should have done.  We are suffering all the damage
> caused by DMARC but don't enjoy any of the advantages it could bring.

I think that's a distinct case.  I don't think there's significant controversy 
that mail which fails DMARC at the MLM's MTA can be rejected.  I think this 
would be relatively safe as it's less common to have indirect mail flows going 
into mailing lists than it is going out of them.

I thought what was being suggested for the mailing list case was not that.  I 
thought the suggestion was that mailing lists should check prospectively and 
not accept mail that would fail DMARC checks performed by mailing list 
recipients.  It's not particularly novel (I implemented an equivalent check 
for SPF in 2008), but it's different than the garden variety reject on DMARC 
fail that's relevant to that message.

Scott K