IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC policy overrides

Dave Crocker <dcrocker@gmail.com> Tue, 02 July 2013 20:59 UTC

Return-Path: <dcrocker@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71CF321F8B21 for <dmarc@ietfa.amsl.com>; Tue, 2 Jul 2013 13:59:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u9ierl1gcRXB for <dmarc@ietfa.amsl.com>; Tue, 2 Jul 2013 13:59:30 -0700 (PDT)
Received: from mail-ob0-x233.google.com (mail-ob0-x233.google.com [IPv6:2607:f8b0:4003:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id A322021F8B33 for <dmarc@ietf.org>; Tue, 2 Jul 2013 13:59:30 -0700 (PDT)
Received: by mail-ob0-f179.google.com with SMTP id xk17so6030972obc.38 for <dmarc@ietf.org>; Tue, 02 Jul 2013 13:59:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=CWmc26cGMqQoh+CKXAtWJHU/apoQYOX2W0Fk3fPAUxg=; b=vGRYIUe9/AgsliJogLnihxzEZvZggXOdxzC76+CMnQue+FOQsIDwFK5MSxnkCNPY+4 iEzclkHGGwtVK4nKaD1r8DInk2ZEplqTi0pas9VSsOfKxk3gYdPw5X5emEvDXmK1MeOn IKygQvCTayDhYG+M1O5xlvk6S20hBtLeWMQVfJI/hGSgH6HuUZROxHtyvNnr+YYbP5zj itlrDIzdX1p49E0mlSOAxMl1ywgtKoL6Nzu0smeCzF937GcUB8Z4hrjVGEuBC1gYb1/v wQ6JKJ4HdSiokeR/tfRIV87FE5L7Q8vbDzhYxbM0+jFxwgY1uD1yRQ2s9xaxU/NiZaIf fZ6w==
X-Received: by 10.182.233.137 with SMTP id tw9mr14105878obc.2.1372798770214; Tue, 02 Jul 2013 13:59:30 -0700 (PDT)
Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net. [76.218.9.215]) by mx.google.com with ESMTPSA id x10sm6714157obw.13.2013.07.02.13.59.28 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 02 Jul 2013 13:59:29 -0700 (PDT)
Message-ID: <51D33F23.8050502@gmail.com>
Date: Tue, 02 Jul 2013 13:59:15 -0700
From: Dave Crocker <dcrocker@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: "Murray S. Kucherawy" <superuser@gmail.com>
References: <77426B543150464AA3F30DF1A91365DE533DD678@ESV4-MBX01.linkedin.biz> <51D32B7F.40007@gmail.com> <CAL0qLwbYYEjrnnQby9iMFOz1Vm-Azcbu2vVXigMauED+mUwSHw@mail.gmail.com>
In-Reply-To: <CAL0qLwbYYEjrnnQby9iMFOz1Vm-Azcbu2vVXigMauED+mUwSHw@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Subject: Re: [dmarc-ietf] DMARC policy overrides
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2013 20:59:31 -0000

On 7/2/2013 1:42 PM, Murray S. Kucherawy wrote:
> It seems to me that prose which spells this out, including the costs of
> the "override" (namely processing through to the end of DATA), is
> potentially a fine compromise.

Since the horse is possible still having some spasms, whether alive or 
not, I'll beat it some more:  My comments are about language, not 
technical details.  My concern is that the language many folk are using 
can lead to misunderstanding what is inside or outside the spec.


> I also think it's necessary to consider some current realities.  In an
> architecture such as the one I use, filters operate serially on the
> data.  The SPF module runs ahead of DKIM, which in turn runs ahead of
> DMARC.  If the SPF module decides to act on a "-all" and reject the
> message, DMARC and DKIM simply can't happen.  DMARC, by saying SHOULD
> over SPF, is attempting to require that the SPF module change what it's
> doing.  That means, at least in my local example, that DMARC is not a
> pure overlay atop SPF and DKIM.

Right. It's not.

As for DMARC 'replacing' some SPF portions, yeah, it's doing that.

If someone thinks the text is not sufficiently clear about what is 
specified to do or why, we know how to fix that.  As for /whether/ to do 
it, again, one can choose to live within DMARC or...

d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email