Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
Joseph Brennan <brennan@columbia.edu> Mon, 17 August 2020 13:45 UTC
Return-Path: <jb51@columbia.edu>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBFAB3A1563 for <dmarc@ietfa.amsl.com>; Mon, 17 Aug 2020 06:45:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=columbia.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G8edCo_LzjdO for <dmarc@ietfa.amsl.com>; Mon, 17 Aug 2020 06:45:18 -0700 (PDT)
Received: from mx0a-00364e01.pphosted.com (mx0a-00364e01.pphosted.com [148.163.135.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D68F3A1562 for <dmarc@ietf.org>; Mon, 17 Aug 2020 06:45:17 -0700 (PDT)
Received: from pps.filterd (m0167068.ppops.net [127.0.0.1]) by mx0a-00364e01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 07HDdQv1007057 for <dmarc@ietf.org>; Mon, 17 Aug 2020 09:45:17 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=mime-version : references : in-reply-to : from : date : message-id : subject : to : content-type; s=pps01; bh=r5j/qZ6soOttOuM8Bya4jboFDOFTW8rFz7lP8Zo3AoY=; b=qL/9H6eiXn90Ca3Wu/r0kIXCISSSw3OWDpDwl1GbN/aCczIGPb4jVEAto/r2EgqmOwXC DX8UtypwB1N7vtT6leYTAEoMLM9/SJHoc5BxlpiY45D45ALOl65R+aQ8zIfF0/4vzjoT d5Yd0OomCrCI+2rowXxYjdukpS8WngleIfurU+Hg6udLuAVXg9Vvoj+kG0lHJXGzd/IR FkmX88RpXDb3PSlkOd4+TQBE2UiioQZWr4WkE4u6UoBFVNuhuFDf/SqDJfXf2cwz179q fh/WkAK/wU1yy9JV9ZCvriPSLBGEyn1TFZgAZ9vL6rlGSWXjmoNLoWYa1RE34Rg23Blz xw==
Received: from sendprodmail11.cc.columbia.edu (sendprodmail11.cc.columbia.edu [128.59.72.19]) by mx0a-00364e01.pphosted.com with ESMTP id 32x9ywrspk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <dmarc@ietf.org>; Mon, 17 Aug 2020 09:45:17 -0400
Received: from mail-io1-f71.google.com (mail-io1-f71.google.com [209.85.166.71]) by sendprodmail11.cc.columbia.edu (8.14.4/8.14.4) with ESMTP id 07HDjFIu001527 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <dmarc@ietf.org>; Mon, 17 Aug 2020 09:45:16 -0400
Received: by mail-io1-f71.google.com with SMTP id f22so9861552iof.20 for <dmarc@ietf.org>; Mon, 17 Aug 2020 06:45:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=r5j/qZ6soOttOuM8Bya4jboFDOFTW8rFz7lP8Zo3AoY=; b=VJklxLFh33lQs4NLv0tkr3tqPdrWwclje+64Woj/MIg0PDI9D680zOUPHV9YYSGIPp uPNwPTGmFG/oWO6/nzBDyxdjpD+aLhEoZg2VGuLmVyesiq0WdruC1CkdiLjMdQTmIK+6 XpS9ABSLPVJ3UszzLhKlw0xI2+4/SXK6SQKHTu30AsaGZrKBOs3mnJNLh79F7uS+nD/x VnPXMiXXIMCq8Es1eOAwAE+P3g1CChhmWgm1iMYi2s4hQD34RzULtKcKc3/OMOXnSc3W RH7mVe+yJQ7CX0zwJM9WLosY02/tL26N3cJUlb+dxeJQxo4F5ryWqiexKi0Ozf2yZ8oZ 6ENA==
X-Gm-Message-State: AOAM5304BkAjl3B8qTeGU/WHImANe7vha93hsBvhLk+1+3NgOiGwOfgr KEVqvzYRcJ8HDNi9oHpRtsUslvmye53kfkKGmoJscLBia2gWwz/URD5EbnJLOo7GFzC4UanjLFj 3YAGh/+1xQVMqD1V7kp+ti41FB/ZRlQ==
X-Received: by 2002:a92:d843:: with SMTP id h3mr5039762ilq.197.1597671914500; Mon, 17 Aug 2020 06:45:14 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJx3OJAcQ9BDzMCdCK5YHgxyb0AYCXv72zFVmykStPJZ7VFgIkbGAlQhmv+6GtZQliFkoMPFaOOf0qJgfHlCa6g=
X-Received: by 2002:a92:d843:: with SMTP id h3mr5039745ilq.197.1597671914198; Mon, 17 Aug 2020 06:45:14 -0700 (PDT)
MIME-Version: 1.0
References: <CAJ4XoYcFbh8-nAxjxzzRgUahFfhcgcZQ2yMF2ewv_-DgUmhL=g@mail.gmail.com> <20200814164237.313071E971DB@ary.local> <CAJ4XoYeqj_5mpZu1PZP4rNfrWRyC5gC-2dfK7oX9xQHiR24QeA@mail.gmail.com> <085c6a5f-5451-ae8c-4873-133673ba1754@tana.it> <CAL0qLwaVUi9QtV4zcCwncuy4N3YPwsGZPzFfd1q19io79UG2VQ@mail.gmail.com> <c1844590-4b12-9763-21c5-6ac5b730321b@tana.it> <6358f3da-806b-f4eb-b9a0-8ee8ce4121d7@dcrocker.net> <4e549ca6-6047-6ff2-325c-fe8d7247e157@tana.it> <c972e0af-b589-1780-47b3-8cb2a2024ec2@dcrocker.net> <13a0ed72-2c5a-8ba6-84ab-b857e29403f1@tana.it> <1703e878-e20a-8ae2-09e8-25470c0cf5f8@dcrocker.net> <e89a5551-f8cc-2d8e-4bfb-65fef943e9fe@tana.it> <3AFAA767-9CC1-4722-80FB-5C4F9BE1FC05@wordtothewise.com>
In-Reply-To: <3AFAA767-9CC1-4722-80FB-5C4F9BE1FC05@wordtothewise.com>
From: Joseph Brennan <brennan@columbia.edu>
Date: Mon, 17 Aug 2020 09:45:03 -0400
Message-ID: <CAMSGcLAoiH8mDRk4yr2eSvr-yMdY6qXj64JV4+D9xensX1gH7g@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ea038b05ad12fa1c"
X-CU-OB: Yes
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-08-17_09:2020-08-17, 2020-08-17 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ecgHssvUjFfVxDH7lJMCI1gpnac>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2020 13:45:20 -0000
On Mon, Aug 17, 2020 at 6:24 AM Laura Atkins <laura@wordtothewise.com> wrote: > > > The DMARC proponents have asserted that DMARC prevents domain specific > spoofing and phishing. The amount of harm DMARC authentication has caused, > however, seems disproportional to this small benefit. Phishing is still > happening using cousin domains (and even random domains). Departments > inside companies avoid DMARC mandates buy buying cousin and “campaign > specific” domains which trains users to be phishing targets for those > domains. Companies have tried to cut down on this by saying DMARC must be > done for all those domains as well. Unfortunately, those “from above” > decrees have often created more problems than they solved. > > Mailing lists have coped by rewriting from addresses, but that has caused > a lot of issues. Two of the big ones are members can no longer search for > “mail from this list member” and cannot easily create filters acting on > mail from other participants. > Well said (I liked the poetic indentation too) The fact is that DMARC has disrupted the flow of ordinary legitimate email. Actors not involved or interested in DMARC have had to spend time and money developing ways to work around DMARC in order to keep mailing lists and forwarding working, or else they have had to spend time and money on the alternative of informing their customers that legitimate practices they have done for years no longer work reliably and have to be discontinued. Adding more complexity does not make a broken thing less broken. I think the proposed standard should simply spell out in plain words that the purpose of DMARC is to protect transactional mail, e.g. about bank and credit accounts or purchase confirmations, and that it is not for mail from ordinary end users. Given that I think more sending systems would be willing to publish p=reject and more receiving systems would be willing to honor it. It won't be the end of spoofs, but it would reduce the disruption to people outside the DMARC club. --- Joseph Brennan
- [dmarc-ietf] Call for Adoption: DMARC Use of the … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Kurt Andersen (b)
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Jim Fenton
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Brandon Long
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John R Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John R Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Joseph Brennan
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Rolf E. Sonneveld
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Brandon Long
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … David I
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Jim Fenton
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Brandon Long
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John R Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … ned+dmarc
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Kurt Andersen (b)
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Kurt Andersen (b)
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- [dmarc-ietf] I Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- [dmarc-ietf] Objections to Sender header as overr… Brandon Long
- Re: [dmarc-ietf] Objections to Sender header as o… Brandon Long
- Re: [dmarc-ietf] Objections to Sender header as o… Murray S. Kucherawy
- Re: [dmarc-ietf] Objections to Sender header as o… Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Jesse Thompson
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Vittorio Bertola
- Re: [dmarc-ietf] ARC usage, was Call for Adoption… John Levine
- Re: [dmarc-ietf] ARC usage, was Call for Adoption… John Levine
- Re: [dmarc-ietf] ARC usage, was Call for Adoption… Jesse Thompson