Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC and What To Say About SPF -all
Douglas Foster <dougfoster.emailstandards@gmail.com> Sun, 07 April 2024 17:49 UTC
Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFDB3C14F5FF for <dmarc@ietfa.amsl.com>; Sun, 7 Apr 2024 10:49:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V848GvLiBrIt for <dmarc@ietfa.amsl.com>; Sun, 7 Apr 2024 10:49:49 -0700 (PDT)
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 203FCC14F5F7 for <dmarc@ietf.org>; Sun, 7 Apr 2024 10:49:49 -0700 (PDT)
Received: by mail-lj1-x232.google.com with SMTP id 38308e7fff4ca-2d476d7972aso48898861fa.1 for <dmarc@ietf.org>; Sun, 07 Apr 2024 10:49:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712512187; x=1713116987; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=SOgHbxjdyTdMxqxkOzb6o3D4eBbpdBpAb/Ox67/dugA=; b=lfCErOgpO1dtqHGtC1H0/EfbBdSTlsIcVrjwyzVEkv+q72jyDjlD7P59Xvi4abpSST OGHwy9+Ekhv93hgJV3V5KeK/fXOlDVKQ8xV5BChDoEmgUCzJXbK3MjHWmtBgEV1WHTzy TKuEhgUhVZV9kHr4i9aqe98yhykMD0/g5zVGfaI02RvPHukN931em8O52E6eUVHYCmfV bBRf/eiBifhefXbQ1WxyAQqrfD7mU806kAvw0t0czzw9P6MNBdBXD0SdDd/4S6X/yn9R isLQBVfr9XRiV6tFXn+PolofHbC4zefjM2D+1HnukiKgQKc5k4ILc7+JH3XmPmo7Hvhj /dVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712512187; x=1713116987; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=SOgHbxjdyTdMxqxkOzb6o3D4eBbpdBpAb/Ox67/dugA=; b=HHE5jP3hks3aVSfeja2/kLF04m6rFMFYJKr5/7ykBHqdN+JA7tbbQoOAdcuctnklmi lhcCWHJJ02Vo5ZIu0qIeMH/HUy8enpLEYipg/Td2MD+llPIS93gH5hIvGaJlfA0pHx76 are81huHQBlzKcscr27y54Wvo5EnEEUvgCEijJIIGBFV91a5/2gA3UyOYfEbLcF6td9N Hgk95vxNovz3wDJ4afvuVimdYRRk1EDPnF7sBL9JZh9Q7W5OxVrpGwVIIIsqYv9R+TR+ b2lQ6Skc8iUKdsnRwFf1Dae937yCXhNxLsKqe5TMDLdxFf/I6kLKCHbIWj5kUtwG4Fht SVpw==
X-Gm-Message-State: AOJu0YyHBnjl75vxFQmPtsOXvB5KMlKQsb3LwAFF2bfQ6LKsBU1HS9Ca okfVgMA2hHef3YogLGgwqXp5vSs2EDO+7Yje6iTCPCKPXiPZ2Mf81kzjrQdPEvk5icrux/sWQVt pErXgOXkXZtB9UYc355Coy8jKY0vSfX+I6vI=
X-Google-Smtp-Source: AGHT+IEMv0G8IFoJUFkSS7MTOarT+j2Vdhgg58p3PNf1lSxOaDtlo0oRRNaGV3uejRetI9R+8o7Qs5r6ntHFpPCWS+s=
X-Received: by 2002:a2e:b00c:0:b0:2d6:e295:e81f with SMTP id y12-20020a2eb00c000000b002d6e295e81fmr5659086ljk.35.1712512186651; Sun, 07 Apr 2024 10:49:46 -0700 (PDT)
MIME-Version: 1.0
References: <10772164.eV7dEhVGUO@zini-1880> <20240406204004.348F78701D5A@ary.qy>
In-Reply-To: <20240406204004.348F78701D5A@ary.qy>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Sun, 07 Apr 2024 13:49:36 -0400
Message-ID: <CAH48Zfy+2m+QasJaKD=ya0rRG+DwvgQeBJ7KbV2Z5tT-1oLqbA@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008f1c5d0615855051"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/g60Bmy7slry-rEAdtpOTPxiIPBo>
Subject: Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC and What To Say About SPF -all
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Apr 2024 17:49:53 -0000
We can complain about people treating SPF Fail as definitive, but DMARC perpetuates the very same myth, which is: “If Sender Authentication test X produces FAIL, then the message is malicious and should be blocked.” It does not matter whether "X" is SPF Fail, DKIM Fail, ADSP Fail, DMARC Fail, or DMARC Fail with Reject. The proposition is at best a probability statement. Anyone who treats it as absolute will make significant disposition mistakes. In DMARC Land, we call that the "Mailing List Problem", even though the problem is not limited to mailing lists. In an attempt to save the myth, we keep narrowing scope, which guides people to ignore a lot of malicious activity. Then to make things worse, we guide people to respond incorrectly when malicious activity is actually detected. We need to abandon the myth. Doug Foster On Sat, Apr 6, 2024 at 4:40 PM John Levine <johnl@taugh.com> wrote: > It appears that Scott Kitterman <sklist@kitterman.com> said: > >I hear you. Your operational issue is my system working as designed. > DMARC > >works on top of SPF, it doesn't change it. > > > >Anything like this belongs in an operational guidance document, not in > the > >protocol description. I have no problem describing the trade offs in an > >appropriate document, but I don't think this is it. > > I agree. "Don't do stupid stuff" goes in an A/S, not in the spec. > > I entirely believe people are confused about SPF, but they're confused > about everything. A few days ago on the generally clueful NANOG list > we had to explain to someone that rejecting mail if DKIM signatures > don't verify is not a good idea. > > R's, > John > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC and … Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … Seth Blank
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … Seth Blank
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … John Levine
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … Neil Anuskiewicz
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … Tero Kivinen
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … Neil Anuskiewicz
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … John R Levine
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … Neil Anuskiewicz
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … John R Levine
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … Neil Anuskiewicz
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … Douglas Foster
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … Neil Anuskiewicz
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 141 DMARC … Neil Anuskiewicz