IETF Logo Mail Archive

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

"Murray S. Kucherawy" <superuser@gmail.com> Thu, 30 March 2023 00:52 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 632FEC151540 for <dmarc@ietfa.amsl.com>; Wed, 29 Mar 2023 17:52:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RPj9Y3CZXkP5 for <dmarc@ietfa.amsl.com>; Wed, 29 Mar 2023 17:52:02 -0700 (PDT)
Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6242C151539 for <dmarc@ietf.org>; Wed, 29 Mar 2023 17:52:02 -0700 (PDT)
Received: by mail-ed1-x535.google.com with SMTP id t10so70108745edd.12 for <dmarc@ietf.org>; Wed, 29 Mar 2023 17:52:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1680137520; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=idVL14pxHbq/EavuNkFFZoygiVBGR+wZYZYIgs3H+X8=; b=bUhz1tyDe7wfl2+rpbgKB8/x9r8mkukD9JpBL1mrZrlO5cOOdA8RzMi/OZODNsDFQ4 QA2WDGjn8Opj1TUdwdh//eOGLI65s7pdqEWwc0bspw4ZFkLR6zxwjJ2RlQLX375Hh+Nf t4bSNVA0L6teMepqe3KYUPy0z9Y/ZTCxr5F7exIMy12DdsBMxy1vbmvOzgypOEuTS3rX yVDJOJ15RCN2A56yxhDc2XbMr8Di3ZektE86uFC/chHDSMvYCecNIniCyyPR7hIvBeeC JwBXqhmEgkAdN/ONlF/5tezbljPREsEtL3egUK4Nc2yzKfNwzVypdOQ5Hs2bW5WDebN2 zv4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680137520; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=idVL14pxHbq/EavuNkFFZoygiVBGR+wZYZYIgs3H+X8=; b=HiHf7J0sbAocfx8cmJiHp4j8qNJVgvZN3sI5wtVyDtqsEibQpfX5cnJi3bgnShIXcX sD5Q8IoWOxeRxoqAofe8mWALUTViPhV6C3YZOecrksAlVcfrIvu1n/ZtDOgJTQRvbpCm E/wZvX+2Tt92bv39Nz70vnEqJBNMdM5dprKFslAzmp0HvpZDnz9SaCJVzOVwUc2O367s xf5dnduSBp48CH/NIfecXKZ45n2w7aeySJUdOcU1jsGCGmT1kwueSiEu/tk20tyJnFT7 yfbbsN6If7aF9GMrlHAS+Y0OXG5Y7AnF1LoraPR9LqYPZidcG/bab7f746H3T0PEn/ry 1oPQ==
X-Gm-Message-State: AAQBX9f5+K6OLwH/+CTmhsq2vQmJhXy5f39N1lldH7gy5+o7Xj9l5XuX ovT9hZ9FBYa6JKcv2vfp4jKonIL4LOjknYvmcYBTQp/DSajzPA==
X-Google-Smtp-Source: AKy350b3lEPkMmXy80vSgKQMNT3r3sBW0UOY1IfegK0cTSsI8Se1HtznzW7daZsgQQmikPq5vUYF/LbeBGSHjvbuz9U=
X-Received: by 2002:a17:907:6d18:b0:932:39bf:d36e with SMTP id sa24-20020a1709076d1800b0093239bfd36emr11466164ejc.11.1680137520525; Wed, 29 Mar 2023 17:52:00 -0700 (PDT)
MIME-Version: 1.0
References: <CALaySJ+NBg9vzqa0_t-sBf7EKXQ3A=DTyy-Vc7M-ZK9-vfJxmw@mail.gmail.com> <6319292.vCqnBZbX7o@localhost> <CAHej_8nd1xyAgwASLJbuJHyXEAfHbjqxNH1XtJxKFyfyOneyug@mail.gmail.com> <13145172.pEV04Z3DvM@localhost> <CAHej_8msLJQ0vbZ2jzitjxrQ1wdim5bHJkiD-QrU5F0EJvQp0g@mail.gmail.com> <FCFEB95E-63F9-46C3-A5F4-FA6B02FA8EB5@episteme.net> <CAHej_8=GbmzyXaeEkyLkv6uKc0-owuMC6UspPNq9irT7nF8b7w@mail.gmail.com> <CALaySJLmRyyBLE7ZKy88XUS_hXr9M2uwc8jOCYBrBPeC+pCdCg@mail.gmail.com> <MN2PR11MB43519A6CD95E5C80AA1EC2CFF7899@MN2PR11MB4351.namprd11.prod.outlook.com> <13603D87-4FDE-4768-9712-E6DB0818C802@kitterman.com> <CAH48ZfztW4OFm+ZMV=et7+uczj49dfbYT7i0w4LgU7pswuiEnw@mail.gmail.com>
In-Reply-To: <CAH48ZfztW4OFm+ZMV=et7+uczj49dfbYT7i0w4LgU7pswuiEnw@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Thu, 30 Mar 2023 09:51:48 +0900
Message-ID: <CAL0qLwayTG_M1-fSTXiaVM5TS1Vo7X+Ehov2Bov9vCak7gn=yg@mail.gmail.com>
To: Douglas Foster <dougfoster.emailstandards@gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000015b55305f81380a0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/gIzVVlR8fdcLfYjkhq6Lw6rQeqk>
Subject: Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2023 00:52:03 -0000

On Thu, Mar 30, 2023 at 7:30 AM Douglas Foster <
dougfoster.emailstandards@gmail.com> wrote:

> There is no interoperability problem.
>

How are you defining interoperability?

"p=reject" when used on domains that send non-transactional messages
disrupts interoperability of the email ecosystem in ways that are well
documented.  This collateral damage is not trivial.

There's no interoperability problem at the DMARC layer, sure.  But there's
a bigger story we need to consider.

An evaluator  has an unlimited right to block any incoming message for any
> reason.
>
Specifically, an evaluator has the right to block any message which he
> determines to be insufficiently authenticated.
>

An operator has every right to block DNS queries of types they don't like
or don't recognize.  The choice to do so by some firewalls was the source
of the problems behind the introduction of the SPF resource record.  That's
a pretty broad kind of disruption that I would claim also shouldn't have
been ignored or dismissed.  (See RFC 6686, Appendix A, for this story.)


> If a sender wants a message to be accepted, he carries the burden of
> earning the evaluator's trust.   He has no right to have his message
> delivered.
>
> [...]
>
> If an evaluator blocks a message that a user considers acceptable, that is
> a management issue between the user and the administrator.  It happens all
> the time, and it is resolved through normal support processes.
>

I don't think anyone's arguing that.  But does the receiver in your
scenario also have a right to impact the experiences of users not under
their control?  If we're going to argue that the receiver's rights are the
only thing that matter, we'd better be able to explain why the collateral
damage is justifiable.

-MSK, participating

v2.23.0 | Report a Bug | By Email