Re: [dmarc-ietf] not ADSP, was is DMARC informational?

Dave Warren <dw@thedave.ca> Tue, 08 December 2020 00:45 UTC

Return-Path: <dw@thedave.ca>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A02B93A0CF8 for <dmarc@ietfa.amsl.com>; Mon, 7 Dec 2020 16:45:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=thedave.ca header.b=RiFQhhBM; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=r0SNvuXY
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rhibxikcBeHy for <dmarc@ietfa.amsl.com>; Mon, 7 Dec 2020 16:45:15 -0800 (PST)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 655163A0825 for <dmarc@ietf.org>; Mon, 7 Dec 2020 16:45:15 -0800 (PST)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 949595C020B for <dmarc@ietf.org>; Mon, 7 Dec 2020 19:45:14 -0500 (EST)
Received: from imap9 ([10.202.2.59]) by compute4.internal (MEProxy); Mon, 07 Dec 2020 19:45:14 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thedave.ca; h= mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=UQNR7kjyBQIa8DJWCfvTbLDapo7u6bd OHr382sf3PUE=; b=RiFQhhBM7omlONQah8m3m3895hV9Xsu8GRfnicY2IApSvOG dGKNBJSUzbixceYLt7KheFat4m3XlPBmwNJ8kqKFEA9yJEjFn2/KAChc/WfwwhKj xBk8timWGJqFfHKuXyHCzI1iASul59YXsztMWSnxwg8uE9KalP/P7GFp2NLwNnjG Uqm++riYRHubdYt6X6E0z4owL5x6eS/+QqJaCV/GywqMhMFkEvvuu8L5HdHuvH/x 4+QazD8X9tnZgLoG/hfbE6gIgYWMZb2gMQTQUhvfpv/Zhbe+3mRIFAyrwlVCYIy4 EMtHNH5YY5bCumgv8c9ATu8fl/POTdAuuSpLjtQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=UQNR7k jyBQIa8DJWCfvTbLDapo7u6bdOHr382sf3PUE=; b=r0SNvuXYK1Prvss0chVuwF Y/yjUlN8iUWC24E3y2s8bwBbGm/Ht0lK/jxOT/oT3BM0N4jMxsLQCSj9SwOrlmW1 Lv3Ho0gisQIOvhZHjyQNLliRNldHOCKtuHSQwBomPS2meDDw1fKZgzk0m1Ml6YNX iaJfXbKt9/MX9okP2IoGQIuWgRBP+DkxPJT3VNaiaDtsXEy2G7clkqf3/LRRGCoP 85zVujLuDMiguodF7Lcatt24ssHT+P/Xlj1K5AVQdiGEFTFQI9fPa7Ktx4XnxSMt rDce6J6nfZjRQiiGkqqJzZJEQ385sh+6c0f+i15dfPV5DKZ3L7BsX9BHIRM2mrEw ==
X-ME-Sender: <xms:mszOX2Du5EN64IZ_xJ5ZclPtkQfAHrq2P8KRixSXXpBYCxXm2aAMuQ> <xme:mszOXwjbGd-qlrtWZw_CxXwjoZKw5u0mtAwYJq8INHA8I13qvckfIr59L0B3HOy_9 hBXCAwvbt2xiVE0rA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudejhedgvdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfffgrvhgvucghrghrrhgvnhdfuceougifsehthhgvuggr vhgvrdgtrgeqnecuggftrfgrthhtvghrnhepjeeugfefudekgfevtdehvddvhfetueefke fhuedukeefgeekhefgtdduiedvgfejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghr rghmpehmrghilhhfrhhomhepugifsehthhgvuggrvhgvrdgtrg
X-ME-Proxy: <xmx:mszOX5nKiwulKb9OlG85MF7ZQorWE4HEE1lxbXTnzPEcVKLSAOFPxA> <xmx:mszOX0wlejpYs8IWEXeRn-PY-1poxHLjOBGm-ykpH62MSpA6qkuC5A> <xmx:mszOX7Tt1ykpjiRuBuVsfmwTKGpuXYc9MAiDtDN6bZA3SCQXIk3KWg> <xmx:mszOXyfFwJCKSsMLMV_M67E2PAxZkY3jBBQpEaX-kSZIvx0TGjwwpw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 2EC061C0099; Mon, 7 Dec 2020 19:45:14 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-622-g4a97c0b-fm-20201115.001-g4a97c0b3
Mime-Version: 1.0
Message-Id: <7a992502-349c-45a0-ac2a-9ec33aa98035@www.fastmail.com>
In-Reply-To: <e4db313a-630b-32e9-f3bb-00baf5e8e884@mtcc.com>
References: <20201207051846.CBEEE291CC3F@ary.qy> <e4db313a-630b-32e9-f3bb-00baf5e8e884@mtcc.com>
Date: Mon, 07 Dec 2020 17:44:54 -0700
From: "Dave Warren" <dw@thedave.ca>
To: dmarc@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/cqxgPmo6kpWNrSi7Vjo9VPLnST4>
Subject: Re: [dmarc-ietf] not ADSP, was is DMARC informational?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2020 00:45:17 -0000

On Sun, Dec 6, 2020, at 22:31, Michael Thomas wrote:
> there are clearly many use cases where that isn't a problem -- like bank 
> transactional mail -- and ADSP was just fine for that.

There were still surprises to be had here. I still, to this day, find mail direct from various senders that are wanted by the recipient but that fails SPF without forwarding (with a -all) or hits a dmarc=reject. I quarantine such for review and release to users as needed.

Obviously lots is spam, or forwarding that broke SPF or whatever, but just as often it is a small piece of a big company doing something without fully understanding how modern email works. Oddly it is often security sensitive stuff, not crazy long ago it was Facebook password resets, often it is 2FA codes (which are probably going through a separate channel to get immediate delivery without risking backlog?), and other reasonably important things from parts of the company that I would expect to be at least moderately aware of the email security world.

I agree that ADSP was theoretically fine for this type of use, but in practice, DMARC's feedback simplifies things a lot when a client complains their outbound mail isn't making it and we can quickly see what is being rejected.

it is an imperfect world.