IETF Logo Mail Archive

Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal

Emil Gustafsson <emgu@google.com> Fri, 23 June 2023 00:00 UTC

Return-Path: <emgu@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16BEAC15199B for <dmarc@ietfa.amsl.com>; Thu, 22 Jun 2023 17:00:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -22.596
X-Spam-Level:
X-Spam-Status: No, score=-22.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gQS05ZTaQ8eB for <dmarc@ietfa.amsl.com>; Thu, 22 Jun 2023 17:00:09 -0700 (PDT)
Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69CDEC151700 for <dmarc@ietf.org>; Thu, 22 Jun 2023 17:00:09 -0700 (PDT)
Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-3fa7226de6aso25e9.1 for <dmarc@ietf.org>; Thu, 22 Jun 2023 17:00:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1687478407; x=1690070407; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=98sRaO6DuqWEQ+ITlRLFVHGC0oySWgoj4Idp8PqOIs0=; b=wlfcUVQYDHBj98v4rswqoY8GJEI/z3mV8y20y+auIHYe23UVSpy7t326vI66WvQdIr BBpN5CxlryrLXCE5EaQ6FQ0GGROuQDUYiMqxctVf6TdUePvMLwpcFxAaqN9MU3eaysNK qD0DtjxnRzk/ocjN4tXH/k9P/JVd5dXrdcLWWT6Hou3tcpaSATf6+8Wncp77vR0HoHAO C6l87f2pMgB+ZiLDE5AC/Lp6/xB0h5FugLbGB9zrAY60p0dAbkG/WO62rrKh/xNEJJLM CO2HeZELAmPfS1cbfT4sdZj0bXm2oETIpYumuJdGSoJ7SQw/0rtXDpg7K5bMPiknlX1G VXlg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687478407; x=1690070407; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=98sRaO6DuqWEQ+ITlRLFVHGC0oySWgoj4Idp8PqOIs0=; b=aManp7uJpe+xLq7/mDFoE82voTmToTd2W1DiWOxau/cPqEEbR3e1eFwsefT6dcZFmy WFkk8pddCwgtK0ftce7G8Z49hT0rjva+Os3YvqATZDHTXikxY3iwvoLTHMs4YMFChvcQ M/hakP9LtERMXy7ykhC8/ERnki3qA/oOyJMYOU3I/+xxOjZbx3/mgmxWLPaDEcYy/W5i 2AvGxJIbX1mwC6aMj/uElc8w3lMb32vmqG/+ZuHC//tIiDaVe/M/td7ZHqy7MeGuRoIy +5Q20WYJZG0VZ75Ya7s72ytsxaqD7pRc8hnAk8VMGwEUGQSALf5+/khS0PhRB/s1gpRk UBow==
X-Gm-Message-State: AC+VfDyy6LvMJgozi3VH3mZGeZW8fJlZDdBJ1td+8BxPDhAP0bd0BeMM +38qmsHzHEpv12DhN7xzPE+BTLKpfeBug7l5EuPy+g==
X-Google-Smtp-Source: ACHHUZ4fqdesyHDM58rLqejUrusL37kuS3V3LjZDQFCDv8iaoESvU+gFsYocXc2cpnlkLAsufBnTgLKRNdoObL2p+4c=
X-Received: by 2002:a05:600c:3b9d:b0:3f9:738:4efe with SMTP id n29-20020a05600c3b9d00b003f907384efemr1481wms.1.1687478407244; Thu, 22 Jun 2023 17:00:07 -0700 (PDT)
MIME-Version: 1.0
References: <30BB83B2-B454-41B8-992B-8E2569802D9C@1und1.de> <D225D7FC-C570-4B63-A694-9F16DB1F33E1@kitterman.com> <CALaySJKwuOK-81dW2H9dtURxa5mLQDUNo+MWcs+Hho8N+yP9qg@mail.gmail.com> <2817813.dRqVH37e0G@localhost> <CALaySJJbPFBAV_7mZaARYWuMzuX+74r2Cm0jD+z92_iuFRn_MQ@mail.gmail.com> <25736.57534.195344.782189@fireball.acr.fi> <1ec42959-977a-9ce0-907a-83a5eb2b6ef2@tana.it> <25739.5435.550786.601699@fireball.acr.fi> <25739.33240.127804.524371@fireball.acr.fi> <5d9a0b0f-8777-2494-d779-376c6ab8b37d@tana.it> <xtudkqv5sqxs4c2nnilna5lf4b266br4xwdjwoq4fdyjpgzjln@xdb5rldfeini> <3087d0fa-91b4-62b4-fc64-a705c7f0b672@taugh.com> <CAHej_8=VnOC1Pms2JKJYG=2Dqtp2nc9oe-j=aEmNfvGuNhvzZA@mail.gmail.com> <a9505fda-ed21-1fc6-adb6-f231225a1ceb@tana.it> <CAHej_8nNGQR9Bm59dsu=XG7iBGyyW=SCh4=0cBM8NWodHyo6pQ@mail.gmail.com> <2de0ca2a-2c18-91ae-f306-38e70aaebf8e@inboxsys.com> <CAH48ZfwjMEwG=b7EsKkXQLzPgcysMLOj2QhZ7_8fs6uQ7zxXYQ@mail.gmail.com> <2080c6e5-2b57-be82-995b-a0986c3a45c5@inboxsys.com> <CAHej_8=7M=zJB2ENbnEQfRMfwEXDnGo61jHE_qQPTc0V9tFMdA@mail.gmail.com> <CAL0qLwauT-Fq-c5ubf43S7O8Likp+Pjj8SoE2uDNisAZMWfLkA@mail.gmail.com> <CALaySJJ7_v6k63mcPOn7HnqXSnkFZhuK70M-LtpVvSYzzObtKQ@mail.gmail.com> <7F25BC09-3F26-49AC-9506-5451CEA2264F@isdg.net> <CAEYhs4Eoa0i=Bgc7mkydVQPopU8Cutwm2=hu4kmvcznrG2_ZpQ@mail.gmail.com>
In-Reply-To: <CAEYhs4Eoa0i=Bgc7mkydVQPopU8Cutwm2=hu4kmvcznrG2_ZpQ@mail.gmail.com>
From: Emil Gustafsson <emgu@google.com>
Date: Thu, 22 Jun 2023 17:59:26 -0600
Message-ID: <CABZJ8kmg75qo70V-N65b6C4w+g7gX0ehv3CsqG-765BbBGcn=A@mail.gmail.com>
To: Ken Simpson <ksimpson@mailchannels.com>
Cc: Hector Santos <hsantos=40isdg.net@dmarc.ietf.org>, Barry Leiba <barryleiba@computer.org>, "Murray S. Kucherawy" <superuser@gmail.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000008405405fec0af1f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ffVWIfJIZxQwbWGyK4mrpvjoLI0>
Subject: Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jun 2023 00:00:10 -0000

The #2 option (backward compatible with new auth tag) is a good
clarification what we were thinking and that Wei mentioned here:
https://mailarchive.ietf.org/arch/msg/dmarc/KeGbMfX91WJk_aziKsrRfI6AYkI/

I don't know if there is a better way to encode that, but I'm supportive of
making a change that that would allow domains to tell us (gmail) that they
prefer us to require both dkim and spf for DMARC evaluation (or whatever
combination of DKIM and SPF they desire).

/E

On Thu, Jun 22, 2023 at 3:38 PM Ken Simpson <ksimpson@mailchannels.com>
wrote:

>
>> Barry, this is obviously a new relaxation option.  From a mail system
>> integration standpoint, the options are:
>>
>> 1) A version bump to DMARC2 with new semantics with backward DMARC1
>> compatibility, or
>>
>> 2) Use a DMARC1 Extended tag option allowed by DMARC1.   Alessandro cited
>> an excellent backward compatible extended tag option:
>>
>> auth=dkim|spf (default value), auth=dkim+spf, auth=dkim, auth=spf
>>
>>
>>
>
> FWIW, I support the concept above, which would be compatible with DMARC
> today. Would anyone from a large receiver like to comment?
>
> Regards,
> Ken
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email