IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC2 & SPF Dependency Removal

Jim Fenton <fenton@bluepopcorn.net> Mon, 12 June 2023 22:02 UTC

Return-Path: <fenton@bluepopcorn.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58050C15C52D for <dmarc@ietfa.amsl.com>; Mon, 12 Jun 2023 15:02:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vVA5TQX9f9B6 for <dmarc@ietfa.amsl.com>; Mon, 12 Jun 2023 15:02:03 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62807C1516EA for <dmarc@ietf.org>; Mon, 12 Jun 2023 15:02:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bluepopcorn.net; s=supersize; h=Content-Transfer-Encoding:Content-Type: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=SXF0A+3oxag6rLcRNDnh0oH3R3flwyn2Dwj47TjEP5w=; b=XfTTDv3evfaALlWo2pTWGn/kVu gaCz2g34ySUhYXb+0yXfvl5aqY0GHXW3mgK7VzonzFutlfeyHKnw/fnwM3D43sR5asBTMgXw0gyFG 7qNYQn4lKKIQKf6RfBrOUagWdFOI3hjNIobp/Anxj1gxKmM+ccnmhY1QUwwlqBFAgdVU=;
Received: from [64.71.6.2] (helo=[10.100.9.254]) by v2.bluepopcorn.net with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <fenton@bluepopcorn.net>) id 1q8pbu-0006yd-0q; Mon, 12 Jun 2023 15:02:02 -0700
From: Jim Fenton <fenton@bluepopcorn.net>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: dmarc@ietf.org
Date: Mon, 12 Jun 2023 15:02:01 -0700
X-Mailer: MailMate (1.14r5852)
Message-ID: <B851CF90-0266-41E9-A4F5-FE282146F443@bluepopcorn.net>
In-Reply-To: <CAL0qLwZGnecMW7ov=BFiXALfUY5m3_mGcQakgmjMbfttxSEWtQ@mail.gmail.com>
References: <30BB83B2-B454-41B8-992B-8E2569802D9C@1und1.de> <CAL0qLwbx6Y=kmB5pQZx8gNqD=rLBYz1vLOX6ngL=wUHHUm0Hjw@mail.gmail.com> <CAOZAAfMtsjcp+aCrwQ2QRc+SHsw3rhwMuTBugRYe44NeiMeKyg@mail.gmail.com> <CALaySJKrXJJXz3pgp85BPswoirhPJtD=uuefVfc9sX1fGkj-iA@mail.gmail.com> <7f854d28-d3b5-fd00-4613-b8baa1217bd7@tana.it> <CALaySJLeJ0xproB6Eg-37sSrNS7XrewUmdKZYVPsVeWddJ90MQ@mail.gmail.com> <CAL0qLwaFNYr0kYPn9ssGQGrSjmTgZnx2u0cxW4UT7M6zSr-sGA@mail.gmail.com> <f0db9dca-5547-7233-8ae6-08b762a92c67@tana.it> <CAL0qLwZGnecMW7ov=BFiXALfUY5m3_mGcQakgmjMbfttxSEWtQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/gMVZUg9k6ZfCkccWy58Y74fVc40>
Subject: Re: [dmarc-ietf] DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2023 22:02:07 -0000

On 9 Jun 2023, at 22:35, Murray S. Kucherawy wrote:

>
> You were previously talking about inserting ">" before a line starting
> "From ", which is typically done on delivery when writing to an
> mbox-formatted mailbox file, because in that format, "From " at the front
> of a line has a specific meaning (i.e., "this is a new message").  If that
> insertion is happening in transport, then a local mailbox convention is
> leaking out into the transport environment, which means something is
> misconfigured, and all bets are off.
>
> In any case, it is not a transport conversion anticipated by the section
> you're quoting, so I've no idea why a DKIM signer might opt to handle it
> specially.

I’m not as definite that this is a misconfiguration, but might be a historical artifact. When we were editing RFC 4871, I remember discussing with Eric Allman the problem with “from” at the beginning of a line. At the time, we recognized that some messages would fail to verify because the message would be modified in transit to add the >. IIRC this was particularly a problem because message signing was done in a milter that operated on the incoming leg of the message path (through sendmail, for example), when ideally you would want signing to be done on the way out of the MTA.

Your description of why the > was added is probably correct, but I think there are circumstances where the > leaks out that aren’t just due to misconfiguration. I have two messages in my bloated inbox that apparently have had > added (many of you may have the “Communications of the ACM, May 2023” message from April 24). They pass dkim verification, probably because they were signed after modification.

-Jim

v2.23.0 | Report a Bug | By Email