IETF Logo Mail Archive

Re: [dmarc-ietf] non-mailing list use case for differing header domains

Hector Santos <hsantos@isdg.net> Thu, 30 July 2020 12:50 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 262A23A10DB for <dmarc@ietfa.amsl.com>; Thu, 30 Jul 2020 05:50:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=MTfIbPzB; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=MKcSjVQf
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DXiiRRHqqZXB for <dmarc@ietfa.amsl.com>; Thu, 30 Jul 2020 05:50:24 -0700 (PDT)
Received: from mail.winserver.com (groups.winserver.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E2FB3A10CE for <dmarc@ietf.org>; Thu, 30 Jul 2020 05:50:23 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1390; t=1596113415; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=4gP1rSzy9LiQhLo9tU5HYua3Qyw=; b=MTfIbPzBDOeuicINQQN8GFwe2IYsv9eFcEy7dJ8uDa63WEqmMGZ1uu+WWQ77lY lI8sOvEifDKQ9LV+K0BtTL1K88uZ0jycCBD5UN7e038GBqq1EBpB/ePYaF9+4OWl 9BGdbgAbU+PhEmy26eshD1oPrIC8SmChjHd4UoVlDDRUU=
Received: by mail.winserver.com (Wildcat! SMTP Router v8.0.454.10) for dmarc@ietf.org; Thu, 30 Jul 2020 08:50:15 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([76.245.57.74]) by mail.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 2545705449.1.3984; Thu, 30 Jul 2020 08:50:14 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1390; t=1596113300; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=ssjRwqL LLoaG4nGfI38rReQe5Bxv4dfDSKb6t3jbtiQ=; b=MKcSjVQfPkgsWloD029ZLlo NblwRxSX0gnRrGB0VIKRJ0ySzgL6qVwTuOOo4ciHT5o0TxWdAvZNAGHlpqRTfL9u EL0bJTpE1RvRQztsbV/3aL1RySZxbRIeIbdis4TEMBR0hqyPpT+LWdYD1S8jkV6S prVt1IlMBE4ymJaY3uKU=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.10) for dmarc@ietf.org; Thu, 30 Jul 2020 08:48:20 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 2256475546.1.60492; Thu, 30 Jul 2020 08:48:19 -0400
Message-ID: <5F22C209.5040509@isdg.net>
Date: Thu, 30 Jul 2020 08:50:17 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dmarc@ietf.org
References: <BY5PR13MB29998094418C8A6C25902569D7730@BY5PR13MB2999.namprd13.prod.outlook.com> <c0361cb2-b25b-5d75-cb1f-f9c87e3ecccc@tana.it> <AE9A3A9F-27FC-4935-B8E6-AB0CE1A6D5E2@wordtothewise.com> <5F204CB3.7080404@isdg.net> <000001d66503$4d447e50$e7cd7af0$@bayviewphysicians.com> <5F21B338.8000700@isdg.net> <ecf7a4bd-5524-82d5-afec-1e0e256cce10@wizmail.org>
In-Reply-To: <ecf7a4bd-5524-82d5-afec-1e0e256cce10@wizmail.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/gTXQ9c9L2sEYHKUc_AQuRHFQBkc>
Subject: Re: [dmarc-ietf] non-mailing list use case for differing header domains
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2020 12:50:26 -0000

On 7/30/2020 6:39 AM, Jeremy Harris wrote:
> On 29/07/2020 18:34, Hector Santos wrote:
>> Look at my DMARC record for my isdg.net domain:
>>
>> v=DMARC1; p=reject; atps=y; rua=mailto:dmarc-rua@isdg.net;
>> ruf=mailto:dmarc-ruf@isdg.net;
>>
>> The atps=y [...]
>> So anyone out there can see that I authorized bayviewphysicians.com to
>> sign for isdg.net
>>
>> It is really [simple.]
>
> That works at a domain-controlled level.  But people sign up for,
> and write to, mailinglists on an individual level.  Mismatch.

Very true. The authoring domain will need to have a way to add ATPS 
records defining who has explicit authorizing to sign/resign on behalf 
of the authorizing domain.   This will immediately help resolve a 
number of the scenarios for Authorized Third Party Signatures.

The individual user mailing list issue continues because of the use of 
restrictive domains in a public arena where there are no controls. 
There are two ways to deal with this:

1) Domain Organization policy. Does it allow its domain users to 
freely use their corporate, company domains in a public professional 
environment?

2) The MLM supported of a DKIM+DMARC+ATPS will restrict domains that 
it can not resign.

The MLM needs to be updated to support restrictive DKIM Policy domains.

-- 
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos

v2.23.0 | Report a Bug | By Email