Re: [dmarc-ietf] SPF follies, WGLC editorial review of draft-ietf-dmarc-dmarcbis-30
Tim Wicinski <tjw.ietf@gmail.com> Mon, 01 April 2024 17:57 UTC
Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2916FC15106B for <dmarc@ietfa.amsl.com>; Mon, 1 Apr 2024 10:57:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.994
X-Spam-Level:
X-Spam-Status: No, score=-1.994 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BcTnENjyUm76 for <dmarc@ietfa.amsl.com>; Mon, 1 Apr 2024 10:57:10 -0700 (PDT)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88A80C151064 for <dmarc@ietf.org>; Mon, 1 Apr 2024 10:57:05 -0700 (PDT)
Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-56c1a65275bso2105177a12.1 for <dmarc@ietf.org>; Mon, 01 Apr 2024 10:57:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711994223; x=1712599023; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=6wLdLohMVoRSISacLAeYFQt7cinEVLUPH4bNJaQBMRA=; b=GyrVD8V0+wdtljV4VXL7fAFm9+4P8Z0W/mNDlKacvhsy/ALLwIzLcsEJIyJ4SpqROf icKwoHHxYzgZ9zeu+gRM6HDwL8F+vEakTnok34EMSFNLKjDoaEa2DvTFi3bdFsrgfv4L hzSsEUpb748bh5+zuD8+4bSvoWQsBsNynquPH6oH1hAOLRepXmLVvSQjcbtKVbEyTUsJ ksRM/trxVpvrQI6jTnqHyPwxLUyzGZJFl383PMh7t30EkoJmc8C5nCB8b0HXzpzhRzo+ YR+B0jWjvTxanqin9W3WHkaDLC3LQ2pvTdpr1SYQE+4xp3+nSe9sZuZH33FLYgr/F1X0 CCQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711994223; x=1712599023; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6wLdLohMVoRSISacLAeYFQt7cinEVLUPH4bNJaQBMRA=; b=I3DAtDaaDrYqZzBIjJnw5voJwkDSHcNiTzCFIS95WcH6McryfWWURS1AJrMM8BIm3g R13x9JKqrNN65z4cLeqqrwZ137Ut9BRUB7CA5ICxX6KqnWv8XyMaFAEk6GbyXSbz+J2v xXAtxuHbJahu2RlJT1ZY5UT0ZO2tU5jLmvQAGz7dC/M4GMfUKWuawS2YDTlhBSzKX0dt Vi/4pU/8lm4xwRrdJgpt0Gqh6BdKiitwa3DNfHeBK6hx68uQ6PynGFBR/8XqcorBkfx7 L1+ACQhhaRVO99t+FKwYijytFSG2dz/vRtb+iQd4F46+I6s/XV3ENGM6dqOGv1lNVUFi Qw4w==
X-Gm-Message-State: AOJu0YwdudXjXI2w/obTki6V9ZH10g1brPm7s9sVVG893i5Mn1nFJmHF 5TrZnCZu6QY0WroN25Fv7T+FaXUyFVv4RqPqHoFzx+dv+zCpE8g0YxIy/a3kqpjGQayUKCpxad1 BYVF6SIwMou9l9GhksWardyuqbdGYBFo9
X-Google-Smtp-Source: AGHT+IEL7GF4gsXoTPPGYNKufPp2qJn/aU36o+IwWsvPwxA5yK9LobLPKO5DlVj+prh4RFs+4ntS8uCJYlaPrwnKvMc=
X-Received: by 2002:a50:d68d:0:b0:56b:8439:6daa with SMTP id r13-20020a50d68d000000b0056b84396daamr8514872edi.33.1711994223240; Mon, 01 Apr 2024 10:57:03 -0700 (PDT)
MIME-Version: 1.0
References: <eda55c54-c149-475c-8117-bfdf3885a883@tekmarc.com> <20240331180009.F36CD8687B50@ary.qy> <CAOZAAfP9tXi80Fi=ZkgPpGwHo1fDbdSOZwVcnuPDbbc2xQd-7A@mail.gmail.com> <lIU60SB3NeCmFAG+@highwayman.com> <CAL0qLwZt+bo4ydCVOQbfg6bQEv-ufXrrwr8Aege9Wsv7LgH=kA@mail.gmail.com> <CAOZAAfPtxdBwEthN26cgvAnAbQ70wym+2k0WjtKqNVf44=-vMg@mail.gmail.com> <MN2PR11MB435115B7428C63C1B1058D9EF73F2@MN2PR11MB4351.namprd11.prod.outlook.com> <CAJ4XoYfmyDykZGm9Gb1bxjz=pW_scqon3pDv-DRGHjFrnyCLoQ@mail.gmail.com> <CADyWQ+HbfegU=07gNyR-5Dby_71GNim4Nq-LyFerKHk1dV0=Nw@mail.gmail.com> <MN2PR11MB4351A0A12D5EBF923C98496FF73F2@MN2PR11MB4351.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB4351A0A12D5EBF923C98496FF73F2@MN2PR11MB4351.namprd11.prod.outlook.com>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Mon, 01 Apr 2024 13:56:51 -0400
Message-ID: <CADyWQ+FHc2R1c+5sqTDqYCzM=3Qf7YFTXP15uv-iu7h6k2KW4A@mail.gmail.com>
To: "Brotman, Alex" <Alex_Brotman=40comcast.com@dmarc.ietf.org>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000088adad06150cb70d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/eRXjE4Nu6hBByZgYegvuTH5d_Cc>
Subject: Re: [dmarc-ietf] SPF follies, WGLC editorial review of draft-ietf-dmarc-dmarcbis-30
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2024 17:57:11 -0000
Alex It is in charter, so it would be worth discussing. It could also be Informational and not Standards Track, which could be useful. tim On Mon, Apr 1, 2024 at 1:52 PM Brotman, Alex <Alex_Brotman= 40comcast.com@dmarc.ietf.org> wrote: > To Tim’s note below, should the group create an operational guidance > document for DMARCbis? This could allow for more lengthy discussions around > policy decisions, and move that discussion out of the technical document. > > > > -- > > Alex Brotman > > Sr. Engineer, Anti-Abuse & Messaging Policy > > Comcast > > > > *From:* dmarc <dmarc-bounces@ietf.org> *On Behalf Of * Tim Wicinski > *Sent:* Monday, April 1, 2024 12:17 PM > *To:* Dotzero <dotzero@gmail.com> > *Cc:* Brotman, Alex <Alex_Brotman=40comcast.com@dmarc.ietf.org>; > dmarc@ietf.org > *Subject:* Re: [dmarc-ietf] SPF follies, WGLC editorial review of > draft-ietf-dmarc-dmarcbis-30 > > > > I have to agree with Seth's comments that "security teams believe an SPF > hard fail is more secure". > > I've been on the receiving end of that discussion more than once. > > > > Also, can we reference those two M3AAWG documents ? That seems like > operational guidance. > > > > tim > > > > > > On Mon, Apr 1, 2024 at 8:55 AM Dotzero <dotzero@gmail.com> wrote: > > > > > > On Mon, Apr 1, 2024 at 8:18 AM Brotman, Alex <Alex_Brotman= > 40comcast.com@dmarc.ietf.org> wrote: > > One item left out of Seth’s text is that due to MBPs who act in this > fashion, these SPF evaluation failures will (understandably) not show up in > DMARC reports, and the domain owner may not have visibility for these > failures. However, the text also puts the onus on the domain owner instead > of the MBP. The text could be altered to instead suggest that MBPs who > deploy DMARC should not utilize the outcome of SPF in this fashion. If the > domain owner wants to protect their domain, and has no idea if the MBP > supports DMARC properly (presuming they also have an enforcing policy), is > it more or less advisable to use “-all” with your SPF record? > > > > I’d be curious to see the Venn diagram of MBPs who implement SPF in this > fashion, and also fully support DMARC. I feel like the MBPs who I’ve > encountered deploying an SPF check in this way had not at the time > supported DMARC. > > > > -- > > Alex Brotman > > Sr. Engineer, Anti-Abuse & Messaging Policy > > Comcast > > > > I was just thinking along these lines and was going to post but you beat > me to the punch. > > > > +1 > > > > Michael Hammer > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/dmarc__;!!CQl3mcHX2A!Fb-J3cXtCi-g9GrtAS4dOqVZX7mqGuHPpsx_WiInM3oaf51dbfoNWfZ8G67ACgtN7VjFXXC2eIvT794GNh4R$> > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- [dmarc-ietf] WGLC editorial review of draft-ietf-… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… John Levine
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Douglas Foster
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Mark Alley
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… John Levine
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Seth Blank
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Murray S. Kucherawy
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Richard Clayton
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Tero Kivinen
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Brotman, Alex
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Dotzero
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Todd Herr
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Jim Fenton
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Brotman, Alex
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Todd Herr
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Murray S. Kucherawy
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… John Levine
- Re: [dmarc-ietf] ARC, was WGLC editorial review o… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Laura Atkins
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Dotzero
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Scott Kitterman
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Scott Kitterman
- Re: [dmarc-ietf] the long march, WGLC editorial r… John R. Levine
- Re: [dmarc-ietf] the long march, WGLC editorial r… Scott Kitterman
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Neil Anuskiewicz
- Re: [dmarc-ietf] the long march, WGLC editorial r… Murray S. Kucherawy
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Murray S. Kucherawy
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N (choose 6) Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Neil Anuskiewicz
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely