IETF Logo Mail Archive

Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?

Hector Santos <hsantos@isdg.net> Mon, 17 April 2023 14:20 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43D15C151B1E for <dmarc@ietfa.amsl.com>; Mon, 17 Apr 2023 07:20:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9etHixW5M7SX for <dmarc@ietfa.amsl.com>; Mon, 17 Apr 2023 07:20:28 -0700 (PDT)
Received: from mail.winserver.com (mail.winserver.com [3.137.120.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5D22C151B1C for <dmarc@ietf.org>; Mon, 17 Apr 2023 07:20:27 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1706; t=1681741223; atps=ietf.org; atpsh=sha1; h=Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=pc+73dbAW+L3ap5NRScRvDl1l8hcyhF3Ld3Ko4sDmwQ=; b=j7kH H49kAAqSHJnesvrx68tgGFtV3kaW4erHMkyeXevoQl82rRfEcJFG87ooMyN5Uy5V CwswDP5cZa0mb8ordzs85vSP52RHdkTn0quhJmkqjygpiAghMGo9VGgtjuO6mZUw rEW36Ydlu5l7DqyKEt2vvjVhS11KsV9Khi0P/tw=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.13) for dmarc@ietf.org; Mon, 17 Apr 2023 10:20:22 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by winserver.com (Wildcat! SMTP v8.0.454.13) with ESMTP id 2134015223.1.3864; Mon, 17 Apr 2023 10:20:21 -0400
Message-ID: <643D55A6.1070804@isdg.net>
Date: Mon, 17 Apr 2023 10:20:22 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dmarc@ietf.org
References: <4FD1C711-7A7D-40E5-88DE-95CDD248F92B@wordtothewise.com> <4091078.A07lAYmWBP@localhost> <1937153A-4731-408B-92DA-3E459789651C@wordtothewise.com> <3412961.LncKL8lBis@localhost>
In-Reply-To: <3412961.LncKL8lBis@localhost>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/e5iZYO91gqinXbm5CdoldOkTEIg>
Subject: Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Apr 2023 14:20:32 -0000

On 4/17/2023 9:43 AM, Scott Kitterman wrote:
>
> OK.  The discussion of the 5322.From comment through me off, I guess.
>
> I think there's probably room for the IETF to document Bext Current Practices
> (BCP) around DMARC usage.  I think it's a step beyond the interoperability
> discussion we need for the DMARCbis protocol document.  Assuming we think we
> know enough, we might consider that for additional WG scope after we have
> (essentially) completed the currently chartered work.
>

 From my readings, my support considerations are:

+1 Codifying a MUST NOT use p=reject for XYZ reasons,
+1 Changing status to Informational, Experimental.

We can't make this a "Standard" when the odds are extremely high there 
is going to be many addressing this DKIM POLICY problem that could not 
be resolved for the 2nd time in nearly 17 years, for the same 
reasons.  Thanks to DMARC.  We have more DKIM Policy advocates today.  
If have had this with ADSP, we would be debating MUST NOT use 
"Discardable" instead use "All".

We should piggyback off DMARC calls.  It would be nice to see support 
by the key cogs for section 4.4.3 and Extended Tag Extensions. 
Suggestion: Add some more text here regarding dealing with authorization.

I consider DMARC today as the new "railroad tracks," the DNS method to 
get a mail operations policy from the Author Domain.  But its policies 
are incomplete. We need to recognize there are other policies other 
than the most restrictive with perfect alignment. We had more 
flexibility with SSP and a few with ADSP  "must be signed by me" and 
"must be signed by someone."   More flexible.

-- 
Hector Santos,
https://santronics.com
https://winserver.com

v2.23.0 | Report a Bug | By Email