Re: [dmarc-ietf] WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)
Hector Santos <hsantos@isdg.net> Sun, 20 July 2014 20:01 UTC
Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DADFC1A0B0C for <dmarc@ietfa.amsl.com>; Sun, 20 Jul 2014 13:01:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.002
X-Spam-Level:
X-Spam-Status: No, score=-102.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HAcA-AcWCmdu for <dmarc@ietfa.amsl.com>; Sun, 20 Jul 2014 13:01:36 -0700 (PDT)
Received: from news.winserver.com (dkim.winserver.com [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id 2625B1A0089 for <dmarc@ietf.org>; Sun, 20 Jul 2014 13:01:36 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=8796; t=1405886489; h=Received:Received: Message-Id:From:Subject:Date:To:Organization:List-ID; bh=3Axh0Cd PPkhOcNM04E5iXW2nMmI=; b=kwxLzxNtvE9m8G8LCw5xjuhIORoKMijPM4YSgI/ WKO/4nQtacq9OD/SqK53K5gABDZ85JUXPT2XOc7u0mgGq/YM49ynPQVVIVto5+59 k8/GHcMJAqijPu7Gufsk2LrG8hxOsDTF7qSjWHTYY4DS5Wdoy73ddvZLPdoMUy9H +NJs=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for dmarc@ietf.org; Sun, 20 Jul 2014 16:01:29 -0400
Received: from [192.168.1.162] (99-72-160-212.lightspeed.miamfl.sbcglobal.net [99.72.160.212]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1071605033.3783.3520; Sun, 20 Jul 2014 16:01:28 -0400
References: <20140714164212.22974.20340.idtracker@ietfa.amsl.com> <D1E6E3BC-EC43-4FBA-894C-5A0C8EF1705D@standardstrack.com>
Mime-Version: 1.0 (1.0)
In-Reply-To: <D1E6E3BC-EC43-4FBA-894C-5A0C8EF1705D@standardstrack.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <9198FB23-31CC-421E-B5F2-DDE063CD9959@isdg.net>
X-Mailer: iPad Mail (11B651)
From: Hector Santos <hsantos@isdg.net>
Date: Sun, 20 Jul 2014 16:01:27 -0400
To: Eric Burger <eburger@standardstrack.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/dmarc/egrDZKogZuKZCPMFbV6H5SVS6ZE
Cc: dmarc WG <dmarc@ietf.org>, IETF <ietf@ietf.org>
Subject: Re: [dmarc-ietf] WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Jul 2014 20:01:40 -0000
I would like to see a better integrated, cross-area engineering effort. There is much to do in the integrated area of new domain authorization "permission-based" policy concepts. We have a tendency of repeating the similar concepts across proposed multiple protocols. In an evolved, modern SMTP receiver, it could perform 3-6 or more DNS redundant lookups for each transaction, and they are not flexible enough to be lumped together. -- Hector Santos http://www.santronics.com > On Jul 20, 2014, at 2:23 PM, Eric Burger <eburger@standardstrack.com> wrote: > > I will not comment on the 85 messages in the thread. However, I would like to point out that STIR is working on a similar problem with similar goals but in a more constrained environment. I would offer coordination between WG’s, should DMARC be chartered, would be “a good thing.” > >> On Jul 14, 2014, at 12:42 PM, The IESG <iesg-secretary@ietf.org> wrote: >> >> A new IETF working group has been proposed in the Applications Area. The >> IESG has not made any determination yet. The following draft charter was >> submitted, and is provided for informational purposes only. Please send >> your comments to the IESG mailing list (iesg at ietf.org) by 2014-07-24. >> >> Domain-based Message Authentication, Reporting & Conformance (dmarc) >> ------------------------------------------------ >> Current Status: Proposed WG >> >> Assigned Area Director: >> Pete Resnick <presnick@qti.qualcomm.com> >> >> Mailing list >> Address: dmarc@ietf.org >> To Subscribe: https://www.ietf.org/mailman/listinfo/dmarc >> Archive: http://www.ietf.org/mail-archive/web/dmarc/ >> >> Charter: >> >> Domain-based Message Authentication, Reporting & Conformance (DMARC) >> uses existing mail authentication technologies (SPF and DKIM) to >> extend validation to the RFC5322.From field. DMARC uses DNS records >> to add policy-related requests for receivers and defines a feedback >> mechanism from receivers back to domain owners. This allows a domain >> owner to advertise that mail can safely receive differential >> handling, such as rejection, when the use of the domain name in the >> From field is not authenticated. Existing deployment of DMARC has >> demonstrated utility at internet scale, in dealing with significant >> email abuse, and has permitted simplifying some mail handling >> processes. >> >> The existing base specification is being submitted as an Independent >> Submission to become an Informational RFC. >> >> However, DMARC is problematic for mail that does not flow from >> operators having a relationship with the domain owner, directly to >> receivers operating the destination mailbox. Examples of such >> "indirect" flows are mailing lists, publish-to-friend functionality, >> mailbox forwarding (".forward"), and third-party services that send >> on behalf of clients. The working group will explore possible updates >> and extensions to the specifications in order to address limitations >> and/or add capabilities. It will also provide technical >> implementation guidance and review possible enhancements elsewhere in >> the mail handling sequence that could improve could DMARC >> compatibility. >> >> Specifications produced by the working group will ensure preservation >> of DMARC utility for detecting unauthorized use of domain names, >> while improving the identification of legitimate sources that do not >> currently conform to DMARC requirements. Issues based on operational >> experience and/or data aggregated from multiple sources will be given >> priority. >> >> The working group will seek to preserve interoperability with the >> installed base of DMARC systems, and provide detailed justification >> for any non-interoperability. As the working group develops solutions >> to deal with indirect mail flows, it will seek to maintain the >> end-to-end nature of existing identifier fields in mail, in >> particular avoiding solutions that require rewriting of originator >> fields. >> >> >> Working group activities will pursue three tracks: >> >> 1. Addressing the issues with indirect mail flows >> >> The working group will specify mechanisms for reducing or eliminating >> the DMARC's effects on indirect mail flows, including deployed >> behaviors of many different intermediaries, such as mailing list >> managers, automated mailbox forwarding services, and MTAs that >> perform enhanced message handling that results in message >> modification. Among the choices for addressing these issues are: >> >> - A form of DKIM signature that is better able to survive transit >> through intermediaries. >> >> - Collaborative or passive transitive mechanisms that enable an >> intermediary to participate in the trust sequence, propagating >> authentication directly or reporting its results. >> >> - Message modification by an intermediary, to avoid authentication >> failures, such as by using specified conventions for changing >> the aligned identity. >> >> Consideration also will be given to survivable authentication through >> sequences of multiple intermediaries. >> >> >> 2. Reviewing and improving the base DMARC specification >> >> The working group will not develop additional mail authentication >> technologies, but may document authentication requirements that are >> desirable. >> >> The base specification relies on the ability of an email receiver to >> determine the organizational domain responsible for sending mail. An >> organizational domain is the 'base' name that is allocated from a >> public registry; examples of registries include ".com" or ".co.uk". >> While the common practice is to use a "public suffix" list to >> determine organizational domain, it is widely recognized that this >> solution will not scale, and that the current list often is >> inaccurate. The task of defining a standard mechanism for identifying >> organizational domain is out of scope for this working group. However >> the working group can consider extending the base DMARC specification >> to accommodate such a standard, should it be developed during the >> life of this working group. >> >> Improvements in DMARC features (identifier alignment, reporting, >> policy preferences) will be considered, such as: >> >> - Enumeration of data elements required in "Failure" reports >> (specifically to address privacy issues) >> - Handling potential reporting abuse >> - Aggregate reporting to support additional reporting scenarios >> - Alternate reporting channels >> - Utility of arbitrary identifier alignment >> - Utility of a formalized policy exception mechanism >> >> >> 3. DMARC Usage >> >> The working group will document operational practices in terms of >> configuration, installation, monitoring, diagnosis and reporting. It >> will catalog currently prevailing guidelines as well as developing >> advice on practices that are not yet well-established but which are >> believed to be appropriate. >> >> The group will consider separating configuration and other deployment >> information that needs to be in the base spec, from information that >> should be in a separate guide. >> >> Among the topics anticipated to be included in the document are: >> >> - Identifier alignment configuration options >> - Implementation decisions regarding "pct" >> - Determining effective RUA sending frequency >> - Leveraging policy caching >> - Various options for integrating within an existing flow >> - Defining a useful, common set of options for the addresses to >> which feedback reports are to be sent >> - When and how to use local policy override options >> >> >> Work Items >> ---------- >> >> Phase I: >> >> Draft description of interoperability issues for indirect mail >> flows and plausible methods for reducing them. >> >> Phase II: >> >> Specification of DMARC improvements to support indirect mail flows >> >> Draft Guide on DMARC Usage >> >> Phase III: >> >> Review and refinement of the DMARC specification >> >> Completion of Guide on DMARC Usage >> >> >> >> References >> ---------- >> >> DMARC - http://dmarc.org >> SPF - RFC7208 >> DKIM - RFC6376 >> Internet Message Format - RFC5322 >> OAR / Original Authentication Results - >> draft-kucherawy-original-authres >> Using DMARC - draft-crocker-dmarc-bcp-03 >> >> >> Milestones: >> >> TBD > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc
- [dmarc-ietf] WG Review: Domain-based Message Auth… The IESG
- Re: [dmarc-ietf] WG Review: Domain-based Message … Dave Crocker
- Re: [dmarc-ietf] WG Review: Domain-based Message … Dave Crocker
- Re: [dmarc-ietf] WG Review: Domain-based Message … Scott Kitterman
- Re: [dmarc-ietf] WG Review: Domain-based Message … Hector Santos
- Re: [dmarc-ietf] WG Review: Domain-based Message … Pete Resnick
- Re: [dmarc-ietf] WG Review: Domain-based Message … Douglas Otis
- Re: [dmarc-ietf] WG Review: Domain-based Message … Douglas Otis
- Re: [dmarc-ietf] WG Review: Domain-based Message … Hector Santos
- Re: [dmarc-ietf] WG Review: Domain-based Message … Eric Burger
- Re: [dmarc-ietf] WG Review: Domain-based Message … Hector Santos