IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

Joseph Brennan <brennan@columbia.edu> Mon, 17 August 2020 13:45 UTC

Return-Path: <jb51@columbia.edu>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBFAB3A1563 for <dmarc@ietfa.amsl.com>; Mon, 17 Aug 2020 06:45:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=columbia.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G8edCo_LzjdO for <dmarc@ietfa.amsl.com>; Mon, 17 Aug 2020 06:45:18 -0700 (PDT)
Received: from mx0a-00364e01.pphosted.com (mx0a-00364e01.pphosted.com [148.163.135.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D68F3A1562 for <dmarc@ietf.org>; Mon, 17 Aug 2020 06:45:17 -0700 (PDT)
Received: from pps.filterd (m0167068.ppops.net [127.0.0.1]) by mx0a-00364e01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 07HDdQv1007057 for <dmarc@ietf.org>; Mon, 17 Aug 2020 09:45:17 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=mime-version : references : in-reply-to : from : date : message-id : subject : to : content-type; s=pps01; bh=r5j/qZ6soOttOuM8Bya4jboFDOFTW8rFz7lP8Zo3AoY=; b=qL/9H6eiXn90Ca3Wu/r0kIXCISSSw3OWDpDwl1GbN/aCczIGPb4jVEAto/r2EgqmOwXC DX8UtypwB1N7vtT6leYTAEoMLM9/SJHoc5BxlpiY45D45ALOl65R+aQ8zIfF0/4vzjoT d5Yd0OomCrCI+2rowXxYjdukpS8WngleIfurU+Hg6udLuAVXg9Vvoj+kG0lHJXGzd/IR FkmX88RpXDb3PSlkOd4+TQBE2UiioQZWr4WkE4u6UoBFVNuhuFDf/SqDJfXf2cwz179q fh/WkAK/wU1yy9JV9ZCvriPSLBGEyn1TFZgAZ9vL6rlGSWXjmoNLoWYa1RE34Rg23Blz xw==
Received: from sendprodmail11.cc.columbia.edu (sendprodmail11.cc.columbia.edu [128.59.72.19]) by mx0a-00364e01.pphosted.com with ESMTP id 32x9ywrspk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <dmarc@ietf.org>; Mon, 17 Aug 2020 09:45:17 -0400
Received: from mail-io1-f71.google.com (mail-io1-f71.google.com [209.85.166.71]) by sendprodmail11.cc.columbia.edu (8.14.4/8.14.4) with ESMTP id 07HDjFIu001527 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <dmarc@ietf.org>; Mon, 17 Aug 2020 09:45:16 -0400
Received: by mail-io1-f71.google.com with SMTP id f22so9861552iof.20 for <dmarc@ietf.org>; Mon, 17 Aug 2020 06:45:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=r5j/qZ6soOttOuM8Bya4jboFDOFTW8rFz7lP8Zo3AoY=; b=VJklxLFh33lQs4NLv0tkr3tqPdrWwclje+64Woj/MIg0PDI9D680zOUPHV9YYSGIPp uPNwPTGmFG/oWO6/nzBDyxdjpD+aLhEoZg2VGuLmVyesiq0WdruC1CkdiLjMdQTmIK+6 XpS9ABSLPVJ3UszzLhKlw0xI2+4/SXK6SQKHTu30AsaGZrKBOs3mnJNLh79F7uS+nD/x VnPXMiXXIMCq8Es1eOAwAE+P3g1CChhmWgm1iMYi2s4hQD34RzULtKcKc3/OMOXnSc3W RH7mVe+yJQ7CX0zwJM9WLosY02/tL26N3cJUlb+dxeJQxo4F5ryWqiexKi0Ozf2yZ8oZ 6ENA==
X-Gm-Message-State: AOAM5304BkAjl3B8qTeGU/WHImANe7vha93hsBvhLk+1+3NgOiGwOfgr KEVqvzYRcJ8HDNi9oHpRtsUslvmye53kfkKGmoJscLBia2gWwz/URD5EbnJLOo7GFzC4UanjLFj 3YAGh/+1xQVMqD1V7kp+ti41FB/ZRlQ==
X-Received: by 2002:a92:d843:: with SMTP id h3mr5039762ilq.197.1597671914500; Mon, 17 Aug 2020 06:45:14 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJx3OJAcQ9BDzMCdCK5YHgxyb0AYCXv72zFVmykStPJZ7VFgIkbGAlQhmv+6GtZQliFkoMPFaOOf0qJgfHlCa6g=
X-Received: by 2002:a92:d843:: with SMTP id h3mr5039745ilq.197.1597671914198; Mon, 17 Aug 2020 06:45:14 -0700 (PDT)
MIME-Version: 1.0
References: <CAJ4XoYcFbh8-nAxjxzzRgUahFfhcgcZQ2yMF2ewv_-DgUmhL=g@mail.gmail.com> <20200814164237.313071E971DB@ary.local> <CAJ4XoYeqj_5mpZu1PZP4rNfrWRyC5gC-2dfK7oX9xQHiR24QeA@mail.gmail.com> <085c6a5f-5451-ae8c-4873-133673ba1754@tana.it> <CAL0qLwaVUi9QtV4zcCwncuy4N3YPwsGZPzFfd1q19io79UG2VQ@mail.gmail.com> <c1844590-4b12-9763-21c5-6ac5b730321b@tana.it> <6358f3da-806b-f4eb-b9a0-8ee8ce4121d7@dcrocker.net> <4e549ca6-6047-6ff2-325c-fe8d7247e157@tana.it> <c972e0af-b589-1780-47b3-8cb2a2024ec2@dcrocker.net> <13a0ed72-2c5a-8ba6-84ab-b857e29403f1@tana.it> <1703e878-e20a-8ae2-09e8-25470c0cf5f8@dcrocker.net> <e89a5551-f8cc-2d8e-4bfb-65fef943e9fe@tana.it> <3AFAA767-9CC1-4722-80FB-5C4F9BE1FC05@wordtothewise.com>
In-Reply-To: <3AFAA767-9CC1-4722-80FB-5C4F9BE1FC05@wordtothewise.com>
From: Joseph Brennan <brennan@columbia.edu>
Date: Mon, 17 Aug 2020 09:45:03 -0400
Message-ID: <CAMSGcLAoiH8mDRk4yr2eSvr-yMdY6qXj64JV4+D9xensX1gH7g@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ea038b05ad12fa1c"
X-CU-OB: Yes
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-08-17_09:2020-08-17, 2020-08-17 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ecgHssvUjFfVxDH7lJMCI1gpnac>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2020 13:45:20 -0000

On Mon, Aug 17, 2020 at 6:24 AM Laura Atkins <laura@wordtothewise.com>
wrote:

>
>
> The DMARC proponents have asserted that DMARC prevents domain specific
> spoofing and phishing. The amount of harm DMARC authentication has caused,
> however, seems disproportional to this small benefit. Phishing is still
> happening using cousin domains (and even random domains). Departments
> inside companies avoid DMARC mandates buy buying cousin and “campaign
> specific” domains which trains users to be phishing targets for those
> domains. Companies have tried to cut down on this by saying DMARC must be
> done for all those domains as well. Unfortunately, those “from above”
> decrees have often created more problems than they solved.
>
> Mailing lists have coped by rewriting from addresses, but that has caused
> a lot of issues. Two of the big ones are members can no longer search for
> “mail from this list member” and cannot easily create filters acting on
> mail from other participants.
>

Well said (I liked the poetic indentation too)

The fact is that DMARC has disrupted the flow of ordinary legitimate email.
Actors not involved or interested in DMARC have had to spend time and money
developing ways to work around DMARC in order to keep mailing lists and
forwarding working, or else they have had to spend time and money on the
alternative of informing their customers that legitimate practices they
have done for years no longer work reliably and have to be discontinued.

Adding more complexity does not make a broken thing less broken. I think
the proposed standard should simply spell out in plain words that the
purpose of DMARC is to protect transactional mail, e.g. about bank and
credit accounts or purchase confirmations, and that it is not for mail from
ordinary end users. Given that I think more sending systems would be
willing to publish p=reject and more receiving systems would be willing to
honor it. It won't be the end of spoofs, but it would reduce the disruption
to people outside the DMARC club.


---
Joseph Brennan

v2.23.0 | Report a Bug | By Email