IETF Logo Mail Archive

Re: [dmarc-ietf] DMARCbis WGLC - Issue 144 Mention of ARC in DMARCbis

Emanuel Schorsch <emschorsch@google.com> Tue, 02 April 2024 08:11 UTC

Return-Path: <emschorsch@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51A5DC14F61D for <dmarc@ietfa.amsl.com>; Tue, 2 Apr 2024 01:11:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -22.597
X-Spam-Level:
X-Spam-Status: No, score=-22.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IHpYlGsubvZm for <dmarc@ietfa.amsl.com>; Tue, 2 Apr 2024 01:11:48 -0700 (PDT)
Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F401C14F5E2 for <dmarc@ietf.org>; Tue, 2 Apr 2024 01:11:48 -0700 (PDT)
Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-a4e0e3ef357so616715666b.2 for <dmarc@ietf.org>; Tue, 02 Apr 2024 01:11:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712045506; x=1712650306; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=WlYsoq4va86MVOFvHy59rRDSLspjKvF7PJvUhDjBJ+o=; b=rlGq3ozR4B68vUpAy0fvV4foNavqiJ+MPZQE9hu5yOS92nrBrPqV3BKAL7KAHaJSE5 Ps5Mm0+y1I2kuN0GbG+Ms7alLwvSCe4v5Uh7OawgJGwCMVCYsPxro8qAJlMpFh/bJ3rE zHxvXznEO03NrGincvh3ch/nPW4PX01RC76LLvnFOHGai1hwY56RCWsLzlkGxzG/Ic73 n4FvQcoyJ7yPK747AA/ENGSZ5VRUOmr0JgxZ8Oi3kmPRMdr2yHsUMebuRZ76zlCi609h l49z+5Th5SjZzTf3AKDQierTes7Mcfti7haV9IIJeBDRJROCcaEE8OWJtATUIDqNJup0 G2Dg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712045506; x=1712650306; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WlYsoq4va86MVOFvHy59rRDSLspjKvF7PJvUhDjBJ+o=; b=vBFwT4DY9yfGE7x/ej2bLN6jKyBHNvXDxV0KOgFjCvZ24WVsbJqdLyTTzTBYeEpflI yNSbgUbgr9IFssMzoGmP/xOff9vTPDk+29b2mVqHNZ4eW98EINj/7z9xaUStBVc8QlNk ztmd2p1qrvYhuLtRAO15GvjcKtlbg0q1zMBSn/34Xa7mPSCq5bzcNrA2w5D2mVjEwgvb 7qInl2YP+btifnhtE+ZUy0OV3vNciBS+6Okb+MeTpa+DJfToO8uWtTzbgeXo19z8glvQ Y+ndplyitSLiwXXVIB/TIFcKWiuYFZd8GJ/D5JPm6PDJmbWBcqwCNAZ4cBI3Clhr8K32 k5OQ==
X-Gm-Message-State: AOJu0Yy+EjgcfK6QAAh/4yfBnjs+M58qtGaSu3GpwpR9dssmzOC+HPoq u1834JpXl0xpa1OHbiRyfhuOwn1nCzKn/QIPjoiNGSCAn+Sr4tcZpg/vKsbB3DvkCALI5GVMu4C HghcaQ0EHnbNoM/1Stgy4JIDSuPlhMHM20kXmdAiiCCxbH6j1Jg==
X-Google-Smtp-Source: AGHT+IFTHRORxc5ASl7T/wsBaUhlcggyrKKHwKXAzYvleFAvJaYjgX2hnJX+IKJY8q0ty8QlxtTHRLF1/yKui6TICdk=
X-Received: by 2002:a17:906:c9d5:b0:a46:ede0:2370 with SMTP id hk21-20020a170906c9d500b00a46ede02370mr8240072ejb.57.1712045505748; Tue, 02 Apr 2024 01:11:45 -0700 (PDT)
MIME-Version: 1.0
References: <CAHej_8x7jGiMQmuJR8qnp5ET8i_Xqz1p4YSeM6RkeY3YiNfaxg@mail.gmail.com> <20240401230502.531CA86A7CC2@ary.qy> <CAL0qLwZakrXvDQPc851ggDuipbdv9+zApPYESkfYq12QB3_UAA@mail.gmail.com> <CAFcYR_WFXZv3z_RPavixYHMRy=kVxYrfUDiUjy18FbgYuXCk3w@mail.gmail.com>
In-Reply-To: <CAFcYR_WFXZv3z_RPavixYHMRy=kVxYrfUDiUjy18FbgYuXCk3w@mail.gmail.com>
From: Emanuel Schorsch <emschorsch@google.com>
Date: Tue, 02 Apr 2024 01:11:08 -0700
Message-ID: <CAFcYR_UZ=fXvsSh6-KnjgmBFgTYX_jNObu_um_1-w+RY2XiiNw@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000361249061518a8bf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/gXXVFAvvPq5uhrRQLj7-BVP4PYY>
Subject: Re: [dmarc-ietf] DMARCbis WGLC - Issue 144 Mention of ARC in DMARCbis
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2024 08:11:52 -0000

Just to add some specifics, since August of 2023 we've gone from seeing
~100 ARC sealers of meaningful volume to over 300 as of yesterday. It is
extremely important in our experience to have standard ways of identifying
indirect flows. ListId headers and ReceivedHeaders are the bare minimum for
MailingLists today, but those are both easily spoofable and ARC provides a
much safer approach to standardizing that indirect flow identification
problem.

On Tue, Apr 2, 2024 at 1:02 AM Emanuel Schorsch <emschorsch@google.com>
wrote:

> Just to chime in, Gmail is using ARC and it has already provided a large
> amount of value for the indirect flow problem. Especially, since other
> major providers and a number of forwarders are adding ARC headers that
> provide us useful visibility into the previous hops and allow us to make
> more intelligent decisions. I can share that a number of escalations for
> problems that arose out of indirect flows have been resolved by use of ARC
> headers.
>
> I would love to see more mailingLists add ARC headers. But as stands today
> it is already providing a reasonably large amount of value.
>
> On Mon, Apr 1, 2024 at 6:48 PM Murray S. Kucherawy <superuser@gmail.com>
> wrote:
>
>> On Mon, Apr 1, 2024 at 4:05 PM John Levine <johnl@taugh.com> wrote:
>>
>>> >"One possible mitigation to problem X is [ARC], which provides for a
>>> >mechanism to demonstrate 'chain-of-custody' of a message. However, use
>>> of
>>> >ARC is nascent, as is industry experience with it in connection with
>>> DMARC."
>>>
>>> Generally OK but nascent seems wrong for something that was published
>>> five
>>> years ago.  How about "ARC has found limited acceptance in the industy so
>>> it is unclear how much help it will provide in practice."
>>>
>>
>> Sure.  I used "nascent" because I don't feel like we have seen even basic
>> statements about how useful it's been in solving the indirect flows
>> problem, at scale or otherwise, so it's nascent in the same sense that it
>> is not well-established.
>>
>> -MSK, p11g
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>>
>

v2.23.0 | Report a Bug | By Email