IETF Logo Mail Archive

Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows

Alessandro Vesely <vesely@tana.it> Thu, 27 April 2023 15:44 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05C01C151540 for <dmarc@ietfa.amsl.com>; Thu, 27 Apr 2023 08:44:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=tana.it header.b="riCGb4E4"; dkim=pass (1152-bit key) header.d=tana.it header.b="Df83hWvS"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IdRyKZpYX6aa for <dmarc@ietfa.amsl.com>; Thu, 27 Apr 2023 08:44:42 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [94.198.96.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91099C14F748 for <dmarc@ietf.org>; Thu, 27 Apr 2023 08:44:41 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=tana.it; s=epsilon; t=1682610277; bh=FTE5sh+205jm3JVpqDuzzboq3wpBXB0ePehJv7NZWQA=; h=Author:Date:Subject:To:References:From:In-Reply-To; b=riCGb4E4hpAyTLH/u/ZAzJ/PHosv1/AcOCa8MwVCVXboSk67mzVfRfK9s/uf8lEgj FsIulG37IuBTlCYeRH0CQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1682610277; bh=FTE5sh+205jm3JVpqDuzzboq3wpBXB0ePehJv7NZWQA=; h=Date:Subject:To:References:From:In-Reply-To; b=Df83hWvScMtPZ1ZWtetl0REeZiGL01lJuVpmZikKxhGUYyUmOjNTqxv+VcqW0P2Jd 0AEkfQEKQAKNRGtAXhGP47fVqghtdkbtAQiiAb6DJy0clOYBJEQbC5wUBJbi+pNY+F kgEcd1wsUOrb1JjBk3Kt4cktEysWPv97H5/z6C3368pa+dvDIyMeo34oj7WSZ
Original-Content-Transfer-Encoding: base64
Original-Subject: Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows
Author: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC131.00000000644A9865.00002205; Thu, 27 Apr 2023 17:44:37 +0200
Message-ID: <0db5e3fd-68cf-22ad-7c63-e1c1d5debe14@tana.it>
Date: Thu, 27 Apr 2023 17:44:37 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0
Content-Language: en-US, it-IT
To: dmarc@ietf.org
References: <20230426160609.8532BC586620@ary.qy> <B08C7AD1-B14B-43FC-BE85-DFBD5282A8DB@bluepopcorn.net> <BF125E76-EAEF-468B-93F2-3318736F932F@kitterman.com> <MN2PR11MB43511D3478D3682AABD35969F76A9@MN2PR11MB4351.namprd11.prod.outlook.com>
Authentication-Results: tana.it; auth=pass (details omitted)
From: Alessandro Vesely <vesely@tana.it>
In-Reply-To: <MN2PR11MB43511D3478D3682AABD35969F76A9@MN2PR11MB4351.namprd11.prod.outlook.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ckFlisdWkDpBlzsRDRQDq8MC9hs>
Subject: Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Apr 2023 15:44:49 -0000

On Thu 27/Apr/2023 16:30:14 +0200 Brotman, Alex wrote:
> Attempt to make it a tad more concise (I think), altering some of the language:
> 
> ---------------------
> There can be inherent damage to the ability to use certain SMTP-based systems in conjunction with a policy of quarantine or reject.  These could include, though are not limited to, mailing lists, forwarding services, and other types of indirect mail flows.  Especially in situations where the sending domain is SPF-only, or the intermediary is known to alter messages.  If the users of the domain may utilize these types of systems, the domain administrator MUST NOT deploy a policy of quarantine or reject without serious considerations to the impact to interoperability.  These considerations will be informed by careful analysis of DMARC aggregate reports prior to deploying such a policy.  Some third-party systems may be willing to create a workaround for these situations, though it cannot be guaranteed.  Domain owners MAY choose to create a sub-domain (listmail.example.org) or cousin domain (listmail-example.org) which uses a different policy for users wishing to utilize those services.
> ---------------------


I like this kind of text.  I'd still s/MUST NOT/must not/.  Also, state that 
serious consideration includes testing p=quarantine; pct=0^H t=y.


Best
Ale
--

v2.23.0 | Report a Bug | By Email