IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

Scott Kitterman <sklist@kitterman.com> Sat, 26 September 2020 21:22 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DDA13A0B25 for <dmarc@ietfa.amsl.com>; Sat, 26 Sep 2020 14:22:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=8Y3YwNUH; dkim=pass (2048-bit key) header.d=kitterman.com header.b=nrMOmery
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qjxlmz91WQsC for <dmarc@ietfa.amsl.com>; Sat, 26 Sep 2020 14:22:39 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8EED3A0B20 for <dmarc@ietf.org>; Sat, 26 Sep 2020 14:22:38 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id 20082F80279 for <dmarc@ietf.org>; Sat, 26 Sep 2020 17:22:38 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1601155358; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=rgzs2dwOI9GESjV1doLEqN7NWL5Enwm/6MbhL9Tf/TQ=; b=8Y3YwNUHy564/wXJiPaEyw5NP3p4p/EXtJJsc1/Jsg1yegUTmy45BW0MJRyTpeBgkxQeE DM5tA+QZoyDPYd6DA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1601155358; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=rgzs2dwOI9GESjV1doLEqN7NWL5Enwm/6MbhL9Tf/TQ=; b=nrMOmeryauDVnVNx68ManbKZhc6Lh8C+8EaSgsa0KgFXwKThLlYx44HFA6o4JbKqdKK9v 0L7PwwR7IG9gEzNJ/Yti4LisKAB2pJZAYWiDEdfBAqDEYc4L0S4/YZGPGhCltqzZGvEo8Cr 7/7j9MVTNMo7LYgjYi1Kb9A2j2pXXUoXG5sf2mGW67HJOyh/SAPHXScMU5L/pOSVIv1RksS Zzb9JDeCQcSuPw0lgNxMFFspCnlPoFiYmkuL/CSJrTfs4p9ip0eyXSV0MfOJYXhGAhMnFGh YZ5oZWlC0UbGhpUrg0bIF94NQ5VA2hYJLiju4uyGsOwGsnPNpg03x6Zd5kLA==
Received: from zini-1880.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTP id EE80DF801A2 for <dmarc@ietf.org>; Sat, 26 Sep 2020 17:22:37 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Sat, 26 Sep 2020 17:22:37 -0400
Message-ID: <10820530.83mPTe1DEG@zini-1880>
In-Reply-To: <f0bf22da-7b79-35d5-09b9-b80f21aafccc@dcrocker.net>
References: <20200815225306.967CC1E9E41D@ary.local> <6537157.XWSk9BjR4o@zini-1880> <f0bf22da-7b79-35d5-09b9-b80f21aafccc@dcrocker.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/b-VaBHQvvJ9GpQV_057KB5YzkL0>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Sep 2020 21:22:40 -0000

On Saturday, September 26, 2020 3:59:50 PM EDT Dave Crocker wrote:
> On 9/26/2020 8:41 AM, Scott Kitterman wrote:
> > On Friday, September 25, 2020 11:03:51 PM EDT Dave Crocker wrote:
> >> Perhaps you have not noticed but the demonstrated field use of DMARC, to
> >> date, tends to be contrary to the design, to the extent anyone thinks
> >> that the design carries a mandate that receivers follow the directives
> >> of the domain owners.
> >> 
> >> So the text in the draft merely reflects real-world operational style.
> > 
> > I think it's not nearly as clear as you seem to think.  If the standard is
> > users will not 100% do the right thing, then I agree that won't happen,
> > but I don't think it's a reasonable standard.  I think the standard ought
> > to be that there is an overall tendency towards reduced risk.
> 
> And there is no (or perhaps only minuscule) evidence that such a
> tendency is demonstrated.
> 
> Even the 'study' you cited uses the word 'slight'.
> 
> The larger question is:  where is the body of research and/or experience
> that demonstrates the positive effect you are relying on?  As far as I
> know "trust indicators" have somewhere between a poor and a terrible
> history.  So to the extent you believe they are helpful, please produce
> the body of work demonstrating it.
> 
> My real point is that we /know/ there is a critical and demonstrably
> useful -- actually, essential -- function performed by anti-abuse
> filtering engines at receivers, independent of the end-user.  Good ones
> reduce incoming abuse down from roughly 95% of the stream to a tiny
> percent.
> 
> DMARC processing is included in some such engines' repertoire.
> 
> The proposal adds to that, but based on the Sender: field, rather than
> the From: field.
> 
> > My claim is that this proposal is substantially at odds with the protocol
> > as documented (#1).
> 
> I disagree.
> 
> Again, please clarify exactly how it is at odds and please explain in
> detail what real-world processing of DMARC it impedes.
> 
> > I think we agree that this proposal is at odds with DMARC as documented.
> 
> We do not agree.
> 
> Again, rather than making a broad claim, please provide actual detail to
> substantiate your claim.

Since I've been directed to stop this discussion by one of the chairs, I guess 
we'll save it for last call.

Scott K

v2.23.0 | Report a Bug | By Email