Re: [dmarc-ietf] ARC questions

Alessandro Vesely <vesely@tana.it> Thu, 26 November 2020 12:39 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EC163A12D5 for <dmarc@ietfa.amsl.com>; Thu, 26 Nov 2020 04:39:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.121
X-Spam-Level:
X-Spam-Status: No, score=-2.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cCIO6gcUXZ7P for <dmarc@ietfa.amsl.com>; Thu, 26 Nov 2020 04:38:58 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF1C43A12C0 for <dmarc@ietf.org>; Thu, 26 Nov 2020 04:38:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1606394335; bh=NYN4ywKpQ15Jlej2pnWZDwNJLCTTjc39e2ornSlaK58=; l=2013; h=To:Cc:References:From:Date:In-Reply-To; b=CKD/RdRM46QxyQ9O5APxkfnr8vWkTKjFgtWmqQxolSPegaBnRqQexvMaF/3uPmaPa legt4mXLkrvabfG7EwOQEq47SEPdjsLYgVvCxZy63BAGF6LGmozc9MaTqQ/bnMWqde S4qyyJne7Q4AdTfiE9hqguwu74w28q5ScyoO90rIBGJMMEx00QAEK3P1bBamE
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Original-Cc: IETF DMARC WG <dmarc@ietf.org>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC08B.000000005FBFA1DF.00007361; Thu, 26 Nov 2020 13:38:55 +0100
To: "Murray S. Kucherawy" <superuser@gmail.com>, Michael Thomas <mike@mtcc.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
References: <20201124020453.AFDC027CE5C8@ary.qy> <cd855b53-d9bd-3412-3bd5-dc4b7720dc5c@mtcc.com> <CABa8R6s0bfs87Fu9eOq_R3WH1pngauVXrw3RSPe9iWWCtf3AmQ@mail.gmail.com> <c954eadd-5c85-c0d9-2168-8a42de506b72@mtcc.com> <CAH48Zfx25_o+-j0=mEA6ib=2aKPqBDihA4rt0c9_vE+570Q+TQ@mail.gmail.com> <CAL0qLwY3fc+YP-Pw1k2XJgOM0cU1W9AhuPD+kouh8Ns9UzW_HA@mail.gmail.com> <e39252f5-12d1-cdfa-5413-30cfbf2b8a4b@mtcc.com> <CAL0qLwZzg_MzX1cRe8pYZnLQovaBZJtCuUPMZpkt+TKtc=4K7w@mail.gmail.com> <2347b5dd-54b8-a042-a435-b64c4e54d3bb@mtcc.com> <CAL0qLwaaiU3AGaCQ5=4GQP5vvu_kGmBK7PhDYGYc_LiSVbexdw@mail.gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <0889a589-0e0e-3694-69ba-31805b9b54c8@tana.it>
Date: Thu, 26 Nov 2020 13:38:55 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <CAL0qLwaaiU3AGaCQ5=4GQP5vvu_kGmBK7PhDYGYc_LiSVbexdw@mail.gmail.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/efRqe0cSMBVkTRICojAKY-kppnI>
Subject: Re: [dmarc-ietf] ARC questions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2020 12:39:00 -0000

On 26/11/2020 10:56, Murray S. Kucherawy wrote:
> On Wed, Nov 25, 2020 at 4:52 PM Michael Thomas <mike@mtcc.com> wrote:
> 
>>
>> Yeah, quantifying the problems kinda seems like the first order of
>> business if you ask me.


Quantifications will differ depending on what you count.  Total number of 
messages versus total number of mail operators who find ARC useful.

Small operators had better not forward spam, whether ARC sealed or not.


>> Software. Only software can pry apart that ball of header spaghetti. But I
>> think with the simple a mailing list it is pretty easy to determine, which
>> now that I think about it I actually did back in the day when I was
>> experimenting with recovering mailing list modifications. It didn't occur
>> to me that that was supposed to be hard.
>>
> I haven't put hand to coding keyboard on this problem yet, but I'm trying
> to imagine how it would be easy to determine (a) that Subject had been
> modified (for example), (b) what the specific modification was, and (c)
> which hop did it.  You could say a message failing to validate an author
> signature with "[...]" at the front of Subject was likely tagged by an MLM,
> or that everything after "--" should be ignored, or that those probably
> happened at non-submission hop #1, but those are heuristics, and I think
> we're hoping for something more deterministic.  The 80/20 rule isn't
> sufficient.


Again, you cannot get 100% lists.  For example, anonymizing lists will never 
let you recover an author domain's signature.  MLM has to comply.

On a compliant list like this one, you cannot get 100% users.  For example, 
those who sign a Content-Type: multipart/alternative without giving the 
original value, or a quoted-printable body that the MLM will encode differently 
will never verify.  Author domains have to comply.

On a compliant list, you can verify 99.99% compliant author domains' 
signatures.  (~0.01% due to cosmic rays and similar accidents.)


Best
Ale
--