IETF Logo Mail Archive

Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?

John Levine <johnl@taugh.com> Wed, 19 April 2023 16:24 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C48D5C1516EA for <dmarc@ietfa.amsl.com>; Wed, 19 Apr 2023 09:24:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.848
X-Spam-Level:
X-Spam-Status: No, score=-6.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="NcdSbwoj"; dkim=pass (2048-bit key) header.d=taugh.com header.b="xt5PQ7bx"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QnGJlifLj8Li for <dmarc@ietfa.amsl.com>; Wed, 19 Apr 2023 09:24:22 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F33ABC14CE4F for <dmarc@ietf.org>; Wed, 19 Apr 2023 09:24:21 -0700 (PDT)
Received: (qmail 99831 invoked from network); 19 Apr 2023 16:24:19 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=185f5.644015b3.k2304; bh=r4kUJbp8Cx62h88wmMG1iwh9UXgXF+v7kxJmsT4SLZo=; b=NcdSbwojFkySHbuAXGNtkauWMKa6JwHO3QIFlTY+v4X4gJagfu0KMxlmGHWH6n8Dy4N5DUo1qxaKaVTRqwdldeAJQtp0dSoEhsT9WISiAhqd7oORVCzuBtnpkFmcswcpiiyzjtlDbjzzlp5lOLIqchbXSM1nBwK3uxr5dNS+40xiYiErm9nNhzoF+V9cuQWbEVyRPsQBGlxH/oKKcHJ4lI58+6vlkq+sFg7rpxKduvzo8NGNplRdPaiiXDRhlRqdzwvGmLh/uheSoZw4EMf2OUgd27Hg+QMPpbJtdRi6U45Rd21c0rjo2TChG+Mt1epO7ko/nMxJocNFIcNEjboYHQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=185f5.644015b3.k2304; bh=r4kUJbp8Cx62h88wmMG1iwh9UXgXF+v7kxJmsT4SLZo=; b=xt5PQ7bxMzlH8n2drS03PioiB2ZazFuNzn6ojAQMdmP6PPvK3OlixRjWNZL2/vTZVRyU1rZzWxWidGCHJnsad7K5ieeyjdvNux5czZ7X7ZxozIn24n0/SrY3dtXGlKnt81PytcjYInfA1aDdDebR7nhz5kyLUt1hr1czSa0rMIBFro/AHI1l2ACMW7G6TIYHGxVSOfQm/nippDOYgDG5tskgXFVb54YqdB6Ga2w8pNkwYN4r2N76wjZGTBylFkA/KyDgkA8RJbUSzi09Oez2s6pCL7qV5mjAtEyHzeFAHoOTbtxI9tGrOTxtF41yli6NxDkPVRj/teDKQynQcUWrOA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 19 Apr 2023 16:24:18 -0000
Received: by ary.qy (Postfix, from userid 501) id D11EAC02E870; Wed, 19 Apr 2023 12:24:17 -0400 (EDT)
Date: Wed, 19 Apr 2023 12:24:17 -0400
Message-Id: <20230419162417.D11EAC02E870@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: laura@wordtothewise.com
In-Reply-To: <CF4A2AA2-7EAC-4525-844F-530A12DEC065@wordtothewise.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/dd9rvyd9gti-blOXcidia_7UyIQ>
Subject: Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2023 16:24:26 -0000

It appears that Laura Atkins  <laura@wordtothewise.com> said:
>That was my question: is it an interop issue that ESPs (whether they be your traditional ESP or a SaaS provider that sends
>mail on behalf of their customers) cannot support custom domains in the SPF and DKIM and thus cannot support DMARC? Many of
>the current companies have made the decision that supporting DMARC is too hard, and so what they do is use their own domain
>for DMARC (some publish restrictive polices and some don’t). 

I don't see how it's an interop problem. They send mail, recipients do
the usual DMARC thing with it. The choice of identity may be a
business problem between them and their customers, but that's not up
to us. I can easily imagine situations where a company figures it's
not a particularly attractive phish target, they balance the possible
cost of misleading email against the cost of implementing delegated
DKIM or subdomains or whatever and decide just go ahead and send.

>Should DMARCbis make the recommendation that if you are providing mail services that you SHOULD be able to support corporate
>customers using DMARC? 

It seems to me purely a business decision what domain you use on your
mail, so long as it's not one you're not allowed to use.  While I agree
with you that it is not great that ESPs punt on DMARC, please see once
again my note about trying to enumerate all the dumb stuff people might do.

R's,
John

v2.23.0 | Report a Bug | By Email