IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

Scott Kitterman <sklist@kitterman.com> Fri, 25 September 2020 23:21 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8140F3A0B83 for <dmarc@ietfa.amsl.com>; Fri, 25 Sep 2020 16:21:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_FAIL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=OSwpDsTW; dkim=pass (2048-bit key) header.d=kitterman.com header.b=eqIyzOqH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BP6yACOf9jye for <dmarc@ietfa.amsl.com>; Fri, 25 Sep 2020 16:21:24 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1712B3A0B7B for <dmarc@ietf.org>; Fri, 25 Sep 2020 16:21:23 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id 31C53F80295 for <dmarc@ietf.org>; Fri, 25 Sep 2020 19:21:23 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1601076083; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=F8n29Qem3i5+BVAN8UywdBc0a0yRf57BW6g7mKcxQGk=; b=OSwpDsTW7BeWb8CyrU0AYZx/Xh35LpHbkT9wm2lwRUtZAPOXB02272puGNIJn+rxqjrRK 7lr1NTQrLc0jWRYCg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1601076083; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=F8n29Qem3i5+BVAN8UywdBc0a0yRf57BW6g7mKcxQGk=; b=eqIyzOqHsssKHrKtxvZ7XecA4+dtR2VIo0wakRF4fo2kx94Klf4d6YXB+B3tr+FObsmjG Q4ELT8aHE9aYHofEbJXkzgovGbNpq8pJSF9yW3+e+Wp+rz7xzSLW9qtdqKAXRTX7XujkzFH W9mX7DTOrQuggLMuyj0VIwiKB1hGMQGlUXTzMgEr7GSDWS43wIZalTw4fMVugEEP6Yq+w4G I0Uu97eSyxwD/RquELc2iOMxK+U4hw9yBOaF4FiNOkXi+/Z6EoMhgEC/6LfiJaj1s/QGlxK OBbgiPPnsRUAgduLgi7zSfb71GSGLKiGSmJYpU3m0lZf9bJGqjKptbTWSTTA==
Received: from zini-1880.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTP id 02462F801A2 for <dmarc@ietf.org>; Fri, 25 Sep 2020 19:21:22 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Fri, 25 Sep 2020 19:21:22 -0400
Message-ID: <6484002.GchzCIbhPQ@zini-1880>
In-Reply-To: <159dc0da-0f34-fa71-e20f-89135f14182e@dcrocker.net>
References: <20200815225306.967CC1E9E41D@ary.local> <6089649.VB6F1bvo3X@zini-1880> <159dc0da-0f34-fa71-e20f-89135f14182e@dcrocker.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/dSRdMWt2OdJe3molm1p06ZagIR8>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Sep 2020 23:21:26 -0000

On Friday, September 25, 2020 7:05:22 PM EDT Dave Crocker wrote:
> On 9/25/2020 4:00 PM, Scott Kitterman wrote:
> > In my view the linkage between the identity in From to domains
> > authenticated by DKIM and SPF (d= and mail from) is a fundamental
> > property of DMARC.  If you change that, it's not DMARC anymore.
> 
> It doesn't change that.  It doesn't alter the current use of the From:
> field.
> 
> Mediators might, and so far people have thought that acceptable.
> 
> My suggestion is that you offer some detailed analysis of current
> security-related processing and specify how that will change to the worse.
> 
> The tendency for these topics is for people to make overly-terse,
> overly-broad assertions and conclusions, without any of the detail that
> permits validating the claim.

Sure it does, given what DMARC is.

I think the obligation to justify is on the advocate for change.  Having 
reviewed a large pile of messages from this list to try and catch up, I may 
have missed it, but I haven't seen any justification for this other than you 
claiming it's true:

   Because the current email protection behavior involves the
   RFC5322.From field, and pertain to the human author, it is common to
   think that the issue, in protecting the field's content, is behavior
   of the human recipient.  However there is no indication that the
   enforced values in the RFC5322.From field alter end-user behavior.
   In fact there is a long train of indication that it does not.
  Rather, the meaningful protections actually operate at the level of
   the receiving system's mail filtering engine, which decides on the
   dispostion of received mail.

Please provide references for your long train of indications, speaking of 
making overly broad assumptions.  If that's accurate, I'd like to understand 
the data that tells us that.

If this is just an input into an algorithm, then your assertion that you are 
only providing another input is supportable, but that's contrary to the DMARC 
design.  DMARC is based on an expectation that specific actions ought to be 
taken based on policy [1], which is totally different than what this draft 
proposes. Which, to circle back around, is why I don't think it would be DMARC 
anymore.

Scott K

[1] RFC 7489, Section 6.6.2, Step 6:

   6.  Apply policy.  Emails that fail the DMARC mechanism check are
       disposed of in accordance with the discovered DMARC policy of the
       Domain Owner.  See Section 6.3 for details.

v2.23.0 | Report a Bug | By Email