IETF Logo Mail Archive

Re: [dmarc-ietf] Header Rewriting

Douglas Foster <dougfoster.emailstandards@gmail.com> Wed, 06 January 2021 23:33 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 215633A0DBD for <dmarc@ietfa.amsl.com>; Wed, 6 Jan 2021 15:33:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20--GduBr1hJ for <dmarc@ietfa.amsl.com>; Wed, 6 Jan 2021 15:33:06 -0800 (PST)
Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com [IPv6:2607:f8b0:4864:20::e36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE8313A0D75 for <dmarc@ietf.org>; Wed, 6 Jan 2021 15:33:06 -0800 (PST)
Received: by mail-vs1-xe36.google.com with SMTP id s85so2711273vsc.3 for <dmarc@ietf.org>; Wed, 06 Jan 2021 15:33:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HMYJTPWRq76FJ/ufdhunqdjmCndDa7daObRlLn+whO0=; b=oa7+iZxQaJASW8kNlcEqQTYHnKurmMih1I/dWBGYVANxsU7l6+wg8pPUSMj5Zy9fG+ dqmanw9xUReNsN9yuvzdK5pXKoSZojZQRQ1Q7yT4ZospX0DNDp2MrnLWqf6iE3mFG5bA ZwSqQ1xSI7hM+t7VlML1uNXNcDgqu2ERH4qnI7mCG7BQ7AcrNqCz0TbiygdjM+MOwt5H WYoifgpz4B1WKBb7IzRNdxTMkLXn1XRrb5l0z81zLnoWFqs38G7gRPKraXwIXWq+DWII NElh5FD9ZFtzpOw07gt/O/z63davhtMlpcDFZO7gH7gOmm9fC9JjQZQ5+l023NpwSo5H KsKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HMYJTPWRq76FJ/ufdhunqdjmCndDa7daObRlLn+whO0=; b=YOqRAn43wH5vD1YWSi5fymbR4DHQQoV+JdJ90YeQJBMLV3Yy9xVvGjIDJSo53mKBkj ge4hbmgIjw/O5kIwd4H0m5/x7e3K5LbHfz4l+YTfddYQnUZS/ahfkUShOOxv9Mn2/CvK aDf+lsTm4FZipMFjQFp4tyY/O9AHyBTHs1zPNG8MjBfMVlzl7YoFF5QFLMgpZUdb38Gh D1fee/2qE72yUtWzAfp/0/Zj55Y+j2G/+56+YGpv3+LsdjiFPG3O/cCl/AmbRrMO8uNY jnZlTVrLZ1B7l+3jYjVvruRzv+ZwUpg6C8wcPv/crqxLtNVClXoXMEFeMiXaBM6YNT+b jg6g==
X-Gm-Message-State: AOAM532KhxPcp0tgG+qsuejEq6vUJeftZ/ZogYrN5QWmpOxdOxK16f+N NGUvlP4QsTzsRYP/w/66yC2FLmVV+TLWcqol8F0hlqwJnqg=
X-Google-Smtp-Source: ABdhPJwUXQlrh1FtbQut95r+IDMBxpMqxKL/zpdXiWh7E/ZbAkeS1tgjc3T6UdrvXwXvnnLMXQQX/pOLEsdEQuzratk=
X-Received: by 2002:a67:d083:: with SMTP id s3mr4979894vsi.25.1609975985743; Wed, 06 Jan 2021 15:33:05 -0800 (PST)
MIME-Version: 1.0
References: <20210104174623.2545154CFF9F@ary.qy> <FD45F9FC-46B0-40A9-ADC6-DDD7650D62F2@bluepopcorn.net> <ae77d9f-6f63-16ca-903a-7cb463a7b58d@taugh.com> <CABuGu1o2t7WaEOh+nsx3_MRUGgGHqKHzQ9302FM9-HL0GxvJvA@mail.gmail.com> <f15c8f53-8075-99a1-83c7-f687200e6a94@gmail.com> <f640ee95-ba0a-6aa7-1a14-2af1db151e27@mtcc.com> <050e8614-c088-a165-a733-35c5eee52eed@gmail.com> <ECBF25D9-F05C-4DE9-AD97-6D4D01B01B57@wordtothewise.com> <CAH48ZfyTUNg2_PnHFHEtZFemfvBgWBMpGLphGTL=3mRvD9o==w@mail.gmail.com> <D3A51087-6E1A-465F-89CD-63172E8075D4@wordtothewise.com>
In-Reply-To: <D3A51087-6E1A-465F-89CD-63172E8075D4@wordtothewise.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Wed, 06 Jan 2021 18:32:55 -0500
Message-ID: <CAH48Zfyf=NV0dJJZzG7bPKSro1hd1q=4eGQLBkDG1oo4XU3dXw@mail.gmail.com>
To: Laura Atkins <laura@wordtothewise.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ba2a8205b843be8b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/bjdoctfHA3AKuPEqvDRhjhRQnYQ>
Subject: Re: [dmarc-ietf] Header Rewriting
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jan 2021 23:33:08 -0000

A previous attempt at this reply was sent prematurely.  Sorry about that.

I said:
Forwarding hides information that the email filter needs to make a correct
decision.   Header rewrite hides the problem, but does not solve it.   When
we get the automation right, predicting user behavior will not be necessary.

Laura replied:
You’re going to need to provide evidence this is the case.

Happy to explain, but I have been saying as much for some time.

My source filtering uses five parameters:   Source IP, Reverse DNS of the
Source, Helo name, SMTP address, and From Address.

Assuming that a forwarder adds no threat content, the need to evaluate the
actual source remains.    But this is difficult to do:

-- Forwarding hides the three elements of server identity behind the
forwarding server.
-- SMTP rewrite hides the source domain identity, such as the ESP which
sent the message.
-- From rewrite hides the asserted author identity.

We have hidden everything.   If the forwarder could be trusted to block all
spam, this might not be a concern.   But everybody assesses spam
differently and everybody misses some of it.   As a group, forwarding
services have an incentive to minimize false positives, so the likelihood
of spam getting through is high.   Mailing lists have different incentives,
and should be able to block spam reliably.   Whether they do so or not is
outside my experience.




>
>

v2.23.0 | Report a Bug | By Email