IETF Logo Mail Archive

Re: [dmarc-ietf] THIS IS ABUSE (it might be)

Scott Kitterman <sklist@kitterman.com> Sat, 08 April 2023 13:57 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B75FC1516E3 for <dmarc@ietfa.amsl.com>; Sat, 8 Apr 2023 06:57:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="JNIMeHfE"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="phBMnXWk"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D0Msnx88PBMw for <dmarc@ietfa.amsl.com>; Sat, 8 Apr 2023 06:57:19 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B175C15155F for <dmarc@ietf.org>; Sat, 8 Apr 2023 06:57:19 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id 51A46F802EF for <dmarc@ietf.org>; Sat, 8 Apr 2023 09:57:09 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1680962213; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=WKi/cV9a9FDEmjyVLyPYMWX1HVm7Fa7kYTcSWtwxwl4=; b=JNIMeHfEcZRJJ9PQSctAF9pwu0BJ3TxYD+3Cvhj/eBNI3rXBBtgIxOARfiKylt6smQAJ4 4fSx+58cUvpVrf5Cg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1680962213; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=WKi/cV9a9FDEmjyVLyPYMWX1HVm7Fa7kYTcSWtwxwl4=; b=phBMnXWk5DROcklzu4d0urNMD89P1JXzfbDM/r6rEPs0fjx6giS20uDlYUFCx8Z6JRgnc ysNCfJGRYCvpJXE5e/BVatmcjVh3LxLej256PuJYAzYBEKTEDNN72IbxtUpe3Ufdi1q27oF hXgdbKa3ZCzUhtCJtzWMHtIuLWJo1gD3LCmy+josSfZM5ky8qMphD/DjKo7XcJNmA87CS38 OjNHAnGFaNeKwX06MOi+rlOgKcS9MPnYIUPJ8QqrExAihre138jyI/fI+SKSCr1hGbMbEWn tyViXsJvPlLVSkJTdc7CYPNcTurOIcuwuhvYH8PzViaeSf8icvh0uSi3Z49w==
Received: from localhost.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTP id 98362F801AC for <dmarc@ietf.org>; Sat, 8 Apr 2023 09:56:53 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Sat, 08 Apr 2023 09:56:48 -0400
Message-ID: <2519702.QxFZymMNXS@localhost>
In-Reply-To: <2a35cc3f-7dde-8e63-98c3-05f64ab63f57@tana.it>
References: <MN2PR11MB43519A6CD95E5C80AA1EC2CFF7899@MN2PR11MB4351.namprd11.prod.outlook.com> <CAH48ZfwH44nXntNEycDLxO8MbZ-pdwAbQWVZs9Kmn+BYsTp__A@mail.gmail.com> <2a35cc3f-7dde-8e63-98c3-05f64ab63f57@tana.it>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/c_PU3amxhdexADubvINIb9Tr_6A>
Subject: Re: [dmarc-ietf] THIS IS ABUSE (it might be)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Apr 2023 13:57:23 -0000

I think you have gotten yourself side tracked.

The problem with DMARC and mailing lists is that receivers doing DMARC checks 
can't (absent a list of mailing lists) reliably distinguish DMARC fail due to 
normal mailing list processing and DMARC fail due to abusive behavior.  To 
mitigate this issue, a number of mailing lists (this one included) have taken 
measures so that list mail will pass DMARC checks at the receiver.  These 
measures have been a net negative for mailing list usability.

Mailing list managers can (and probably should) include DMARC in how they 
manage abusive postings to their lists, but that's not any kind of a special 
case for DMARC.

Scott K

On Saturday, April 8, 2023 7:16:05 AM EDT Alessandro Vesely wrote:
> Identifier rewrite affects the leg from MLM to subscriber.  Email security
> in the leg from poster to MLM is completely ignored by the draft, although
> MLMs constitutes a major concern.
> 
> We joyfully rely on traditional techniques to counter potential attacks,
> estimating that there is no reason to adopt cryptographic stuff to secure
> email.
> 
> Water we talking about?
> 
> 
> Best
> Ale
> 
> On Sat 08/Apr/2023 01:54:21 +0200 Douglas Foster wrote:
> > Scott's approach solves our longest-running argument, but not in the way
> > that I expected.    We can embrace his approach with a single Security
> > Consideration to this effect:
> > 
> > "Mailing lists are frequently characterized by operating practices that
> > depend on security through obscurity rather than Sender Authentication.
> > 
> >   Identifier rewrite may be used as necessary to evade detection of weak
> > 
> > Sender Authentication practices.   While exceptions doubtless exist,
> > determining the trustworthiness of messages from any particular mailing
> > list is difficult, and beyond the scope of this document.   Participation
> > risk should be taken into account when subscribing to a mailing list and
> > accepting incoming messages from a list."
> > 
> > However, this type of truthfulness does not seem to be what the charter
> > document intended.
> > 
> > Doug Foster
> > 
> > On Fri, Apr 7, 2023 at 4:24 PM Scott Kitterman <sklist@kitterman.com> 
wrote:
> >> On April 7, 2023 6:43:33 PM UTC, Alessandro Vesely <vesely@tana.it> 
wrote:
> >> >It is going to be problematic to kick off someone who impersonates
> >> 
> >> different users.  What do you do, block IP numbers?
> >> 
> >> >We keep on saying that mailing list have worked this way for decades.
> >> 
> >> Sure. And email in general has been working for decades before the need
> >> to
> >> use authentication arose.  So we can bet that people using MLs is highly
> >> selected and well behaved... but is that true?  Wouldn't a jester be able
> >> to completely disrupt our work by heavily repeating impersonations to the
> >> point that we'll be forced to restrict to Github tools to discuss our
> >> drafts?  I wouldn't bet...
> >> 
> >> >Some time ago I proposed a p=mlm-validate[*] telling receivers to reject
> >> 
> >> on failure only if they are a mailing list or similar forwarder.  I
> >> thought
> >> that would cause minimal disruption since such kind of posts most of the
> >> times reach destination in one hop —akin to transactional stuff— and a
> >> poster who gets a bounce can quickly retry.  Such kind of tool would
> >> eliminate impersonation chances.
> >> 
> >> >An obvious truth is that we cannot publish a successful protocol if we
> >> 
> >> ourselves see no reason to make any use of it.
> >> 
> >> To the extent managing mailing list subscriber abuse is a problem, it's
> >> not a DMARC problem.
> >> 
> >> The IETF has had problems with sock puppets before and managed to address
> >> them.
> >> 
> >> Scott K
> >> 
> >> _______________________________________________
> >> dmarc mailing list
> >> dmarc@ietf.org
> >> https://www.ietf.org/mailman/listinfo/dmarc
> > 
> > _______________________________________________
> > dmarc mailing list
> > dmarc@ietf.org
> > https://www.ietf.org/mailman/listinfo/dmarc
> 
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email