IETF Logo Mail Archive

Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC and What To Say About SPF -all

Seth Blank <seth@valimail.com> Sat, 06 April 2024 17:47 UTC

Return-Path: <seth@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60E5DC14F614 for <dmarc@ietfa.amsl.com>; Sat, 6 Apr 2024 10:47:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jOJAXr6M2cgr for <dmarc@ietfa.amsl.com>; Sat, 6 Apr 2024 10:47:20 -0700 (PDT)
Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33390C14F615 for <dmarc@ietf.org>; Sat, 6 Apr 2024 10:47:20 -0700 (PDT)
Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-1e3e84a302eso2049365ad.0 for <dmarc@ietf.org>; Sat, 06 Apr 2024 10:47:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; t=1712425639; x=1713030439; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=jNGLQdbypNMStAaGBFn+KLqexeGlV9Xjk2lLLdJSQyg=; b=YmdRR9oH+1uZi7A1ZLYkBDJSlnBYqGKjItnf7ozma3p5w7JqeaFzqzKPVaT+0Jc7P2 wt2PyxP8FjCTuhKEqYJGWWswTs8or+4j8dT+s7fF2h46veK4e0CJxxJh1HA9OQDuq2kH Gu6I5LswMbdKjrUdiE/c3oglA2qC7OiscMba0z0Q1GbOXvGJSkbVOgydEnUSpdhw2ocS d6qGCY2CAze4HfyeaKOyRY7BYJPom2tbU4zYbJBkihu7nyo9kz00ptLAXzZABodx+3UR 7QzVM2tfNNn9ecvQH+28OoVP7fGimSKrWLEFjdb3tQ00ZRIKJeBuq9t64ddSmub+v4aD lZoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712425639; x=1713030439; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jNGLQdbypNMStAaGBFn+KLqexeGlV9Xjk2lLLdJSQyg=; b=ZO1CPf4aoHxTM+E2797nCCa46+qqasKuG40Urkp44aZMCjfiwetdtTaav/viIshem6 T9RRTmiNGibr22Vi+XDBYcFXIGxGRO8Dia7BL5mTqHsSaUE1maq/g3YlPnCdCe2JNdC6 3JU3Rs06cTP/WDj+pbg6qFXIn3u6KZ3YwvngYZdkjAMfiu/znVbKlBGpRE98X5uuk9gy Wb1GaY182z+o3+tjziZoXHiYspVMykVbBfRMeW0fiLrTtwZ7Zyx29UoXXlAu3gyIBPyN KcfcbXHdnGhxXI4UON/xIkhqyZrxjWMeoRkDqDNr1kgwlYhHwlzUgr6t41VYDrWhPJ1b 2inw==
X-Gm-Message-State: AOJu0Yz7bP9rb2Fgy7PKeKcnsrrvECl760fnJplu/L2X9V8cf/0dW2xi 5XnbzqENbhIGu31Mt/vbJiz9wqBw48RaQEwe8gTpyGtg8FdvyEt8/c4GOhiejjBiaVxX5rwaEKM rdvoTcEScE8TpZMg1WWizc9CFFcRgioaiW/sYTSqD14wdlxJJ
X-Google-Smtp-Source: AGHT+IFbXn7M90i8taoo5fQDu6qjk9sJWd6EWqv3VLKyEec/XeNEIwAznCctyuN/VKvwTI/WXJSvzRaz3haMB1vMCmQ=
X-Received: by 2002:a17:902:d504:b0:1e3:f248:192e with SMTP id b4-20020a170902d50400b001e3f248192emr742337plg.20.1712425639240; Sat, 06 Apr 2024 10:47:19 -0700 (PDT)
MIME-Version: 1.0
References: <CAHej_8=te5Zx_5-rB67CLPy_Eh03H6bE=34T-sTAwwmnvRTqWg@mail.gmail.com> <2267299.JiQHTZpMlS@zini-1880> <CAOZAAfO3CY3z0cCHEeRvqf0r3Vac+ZJ2n5iZY_2GV0ZET5ohKg@mail.gmail.com> <2791156.Tha2kTCVin@zini-1880>
In-Reply-To: <2791156.Tha2kTCVin@zini-1880>
From: Seth Blank <seth@valimail.com>
Date: Sat, 06 Apr 2024 13:47:07 -0400
Message-ID: <CAOZAAfNkz6wu_ZOUR7-iojreAzTHONnC600SnTLArHd+EK28ag@mail.gmail.com>
To: Scott Kitterman <sklist@kitterman.com>
Cc: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ee8ac40615712970"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/c9c24ApNb_2zq-qNXclNqFk39Ps>
Subject: Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC and What To Say About SPF -all
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Apr 2024 17:47:24 -0000

You’re not hearing me— this is something that comes up frequently for
organizations working to implement DMARC. Others have confirmed on list.
This is not an academic concern, it’s an operational one as elevated by the
charter.

Your other examples you cited do not come up in practice as issues for
domain owners looking to do DMARC.

Yes, let’s get back to N.

S

Seth Blank | Chief Technology Officer
Email: seth@valimail.com


This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.



On Sat, Apr 6, 2024 at 13:44 Scott Kitterman <sklist@kitterman.com> wrote:

> The same thing can be said for every step of email processing that comes
> before DMARC.  If I reject your mail due to your IP being on a block list,
> you
> also don't get DMARC feedback about it.
>
> It was long enough ago that I don't remember if it was RFC 7489 or early
> in
> this working group, but we did have extensive discussions about this
> before
> and that's how we got where we are.  I don't think there's a lot of value
> in
> redoing that discussion.
>
> I think your N=5 versus N=8 topic is more important and much more on topic.
>
> Scott K
>
> On Saturday, April 6, 2024 1:27:18 PM EDT Seth Blank wrote:
> > Scott, I disagree.
> >
> > SPF hardfail in a DMARC context is an operational issue that comes up
> with
> > some frequency for domain owners.
> >
> > We should have some minimal amount of clarifying text.
> >
> > S, individually
> >
> > Seth Blank | Chief Technology Officer
> > Email: seth@valimail.com
> >
> >
> > This email and all data transmitted with it contains confidential and/or
> > proprietary information intended solely for the use of individual(s)
> > authorized to receive it. If you are not an intended and authorized
> > recipient you are hereby notified of any use, disclosure, copying or
> > distribution of the information included in this transmission is
> prohibited
> > and may be unlawful. Please immediately notify the sender by replying to
> > this email and then delete it from your system.
> >
> > On Sat, Apr 6, 2024 at 13:01 Scott Kitterman <sklist@kitterman.com>
> wrote:
> > > On Monday, April 1, 2024 4:45:20 PM EDT Todd Herr wrote:
> > > > Greetings.
> > > >
> > > > Issue 141 has been opened to collect ideas around the discussion
> about
> > >
> > > what
> > >
> > > > to say in DMARCbis (if anything) about honoring SPF records that end
> in
> > > > -all when SPF fails.
> > > >
> > > >
> https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-dmarcbis/issues/141
> > >
> > > I don't really understand the need for this.  What to do when SPF
> produces
> > > a
> > > fail result is an SPF question.  Not a DMARC question.  Additionally,
> we
> > > have
> > > discussed this before.  Note that not even RFC 7208 tells receivers
> what
> > > to do
> > > with SPF fail.  It seems far, far out of scope to do so here.
> > >
> > > On the theory that the invocation not to relitigate things we've
> already
> > > gone
> > > through won't be honored entirely in the breach, can we not do this?
> > >
> > > Scott K
> > >
> > >
> > >
> > > _______________________________________________
> > > dmarc mailing list
> > > dmarc@ietf.org
> > > https://www.ietf.org/mailman/listinfo/dmarc
>
>
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email