Re: [dmarc-ietf] Signaling forwarders, not just MLMs
Todd Herr <todd.herr@valimail.com> Thu, 13 April 2023 16:04 UTC
Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04B90C14F693 for <dmarc@ietfa.amsl.com>; Thu, 13 Apr 2023 09:04:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vr3e1kc91eL7 for <dmarc@ietfa.amsl.com>; Thu, 13 Apr 2023 09:04:22 -0700 (PDT)
Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20781C14CEFA for <dmarc@ietf.org>; Thu, 13 Apr 2023 09:04:22 -0700 (PDT)
Received: by mail-pl1-x62b.google.com with SMTP id q2so20342412pll.7 for <dmarc@ietf.org>; Thu, 13 Apr 2023 09:04:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; t=1681401861; x=1683993861; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=AiKGhjNUF6rvjRZ4PQP1uHl7Ck0MpGDfjwH/3lzFrJA=; b=HP/4oQ/NjJRYSSILivVXq13eVDNmYD96ltnt0DAzia9/J3VkdOe/BG3r8OIF0nvjis Qjfla5py5Z/wWBUn/mwmgF+wMjvMy2MQWl1pLUl+mvByIIiCKphUlwzgcGVl3RDRvZZL rwg2rjgezRXUsm6SZTum7Hso9Tj5wPWzWwLeHV+2HcfnOqLSamAbOd4V9YRHa0u8a0CY KJ+JRUn6VsH6EAxs8zBF+kUyOwfRR+UHcGSPs7kSjBEeAvUiXWeF93QkBlVZcScPnb4I xZglORqiwL44R/tnnlaIXIkiWG4mDfZQV5uSH49+ut74hbuahJrjsbgHlZFbJjlaQoID Mmiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681401861; x=1683993861; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=AiKGhjNUF6rvjRZ4PQP1uHl7Ck0MpGDfjwH/3lzFrJA=; b=OKfRCJYfS2LoJ1Wdb2/726xtjiBYq7ITsCjswpde4e32inRtspZsBTBZUCtlsiGoxK FwTtWBflp1WqH5feXKFymNOvrWAPMgZ0svXTb/9F8J1MBNxbWLi4MAeRVwtPsc7CsuHI Sv571CW/Y1qroaRxyw6aqIJ5dekxVrSKJkig2iIUnQUg47IP4Zy8VxdPj1uFgxHK1Moo +/58ACKHA0l2//Ek1b6O7dIOzImauoc1XqHIctN8fUuRj2oFLL3Cc8IMdfmVCTuLpDF4 a7YcFhouIxQs3UUKR2VWYFZUBVCv3265d6MaPqv+X/9XStssCrdcIoLhrhNpwMoVBKKw 9dXw==
X-Gm-Message-State: AAQBX9dLQjwIFNsakRyz3nz4WxMHxykP9oOkOArED+xkxmmKknlpJL1d YvPaxaODhJjW03alwXrPlVqYbYoW8u6v0BwKR210QQ==
X-Google-Smtp-Source: AKy350bB7lI6LYGcAw7JESzbUZzK1uS2lG3Fx863GDtxI9e4CZL+LPRCyTRIn9+4aXTdYUf6cO+NeWiCB+Y5IhZ4axI=
X-Received: by 2002:a17:902:e551:b0:1a2:3b6:8319 with SMTP id n17-20020a170902e55100b001a203b68319mr2899792plf.54.1681401860930; Thu, 13 Apr 2023 09:04:20 -0700 (PDT)
MIME-Version: 1.0
References: <CAL0qLwYbbLLq-qLg_Wnp5aFw_2my4UTZz3U3LjwbCmpMNdudfA@mail.gmail.com> <20230413151342.B96D0BF17F1F@ary.qy> <CALaySJKM5Kct0u0ekuEBS=DVQTXG_CiewpzNwVyPiAaQ9zx3VA@mail.gmail.com>
In-Reply-To: <CALaySJKM5Kct0u0ekuEBS=DVQTXG_CiewpzNwVyPiAaQ9zx3VA@mail.gmail.com>
From: Todd Herr <todd.herr@valimail.com>
Date: Thu, 13 Apr 2023 12:04:04 -0400
Message-ID: <CAHej_8nyYrCXPo8aYOb+cVSf=2NQDOBmUgo-FD=ohPBZ=yFuHw@mail.gmail.com>
To: Barry Leiba <barryleiba@computer.org>
Cc: John Levine <johnl@taugh.com>, dmarc@ietf.org, superuser@gmail.com
Content-Type: multipart/alternative; boundary="000000000000a5587e05f939e026"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/gDupxV0A5QziTnaFL6Xk5XWtQAE>
Subject: Re: [dmarc-ietf] Signaling forwarders, not just MLMs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Apr 2023 16:04:26 -0000
On Thu, Apr 13, 2023 at 11:21 AM Barry Leiba <barryleiba@computer.org> wrote: > > Anyone who does forwarding is damaged by DMARC because there are a lot of > > people who do DMARC on the cheap with SPF only. > > This brings up another issue, I think: that there should also be > stronger advice that using DKIM is critical to DMARC reliability, and > using SPF only, without DKIM, is strongly NOT RECOMMENDED. > > I don't disagree. How do we make the following text stronger? 5.5.2. <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html#section-5.5.2>Configure Sending System for DKIM Signing Using an Aligned Domain <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html#name-configure-sending-system-fo> While it is possible to secure a DMARC pass verdict based on only one of SPF or DKIM, it is commonly accepted best practice to ensure that both authentication mechanisms are in place to guard against failure of just one of them. This is particularly important because SPF will always fail in situations where mail is sent to a forwarding address offered by a professional society, school or other institution, where the address simply relays the message to the recipient's current "real" address. Many recipients use such addresses and with SPF alone and not DKIM, messages sent to such users will always produce DMARC fail. <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html#section-5.5.2-2> The Domain Owner SHOULD choose a DKIM-Signing domain (i.e., the d= domain in the DKIM-Signature header) that aligns with the Author Domain. -- *Todd Herr * | Technical Director, Standards and Ecosystem *e:* todd.herr@valimail.com *m:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Todd Herr
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Steven M Jones
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling forwarders, not just M… John Levine
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Todd Herr
- Re: [dmarc-ietf] Signaling MLMs Barry Leiba
- Re: [dmarc-ietf] Signaling MLMs Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Mark Alley
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Dotzero
- Re: [dmarc-ietf] Signaling forwarders, not just M… John R Levine
- Re: [dmarc-ietf] Signaling forwarders, not just M… Todd Herr
- Re: [dmarc-ietf] Signaling forwarders, not just M… Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Dotzero
- Re: [dmarc-ietf] Signaling forwarders, not just M… Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Brotman, Alex
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling forwarders, not just M… John R Levine
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling MLMs John Levine
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling forwarders, not just M… Alessandro Vesely
- Re: [dmarc-ietf] Signaling forwarders, not just M… Alessandro Vesely
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Dotzero
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Jesse Thompson
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Laura Atkins
- Re: [dmarc-ietf] Signaling MLMs Jesse Thompson
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Give up on SPF alone Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs John Levine
- Re: [dmarc-ietf] list history, Signaling MLMs John Levine
- Re: [dmarc-ietf] list history, Signaling MLMs Jesse Thompson
- Re: [dmarc-ietf] list history, Signaling MLMs John R Levine
- Re: [dmarc-ietf] list history, Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] list history, Signaling MLMs Hector Santos
- Re: [dmarc-ietf] list history, Signaling MLMs Wei Chuang
- Re: [dmarc-ietf] Give up on SPF alone Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely