Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What To Say About Too-Permissive/Third-Party SPF and Where To Say It?
John R Levine <johnl@taugh.com> Mon, 18 March 2024 06:38 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56FD1C14F6BD for <dmarc@ietfa.amsl.com>; Sun, 17 Mar 2024 23:38:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.408
X-Spam-Level:
X-Spam-Status: No, score=-4.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="ZTre55WD"; dkim=pass (2048-bit key) header.d=taugh.com header.b="deAwW3RB"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zVBzjLRut2Cb for <dmarc@ietfa.amsl.com>; Sun, 17 Mar 2024 23:38:23 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0D1CC14CE5D for <dmarc@ietf.org>; Sun, 17 Mar 2024 23:38:06 -0700 (PDT)
Received: (qmail 52217 invoked from network); 18 Mar 2024 06:38:04 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=cbf165f7e14c.k2403; bh=0dNVevERDmT8qL0gCHb/nv0gMHQBQxCnAOVrZrOeguc=; b=ZTre55WDKALbnK3UuKcYQBD11j0G157gmWcgVcacL5guXcBh9U+8Z1wMJjRUyJK6rcgh0dc/yq81lKLdgsjlbPdxtZyHtOkEcOMoJFTgC5u9zFSyCXJh1XRAJaRFs3fz0qwdCpKbNPWl9m4zdWGi5VKiT1g8a+Y9hSUuE0Bl1xJrASS9F0yR0tWJmCttibPcQfFBcjLTIlxWL1+YJle0yoDx/khj9qQkT7g5vmz1Yk9l5E1Sc2eVJYS8hdjyyI7BAccitbIgX5DYbWlHTEFp5KniuW7XxY1XBujGiLMBkiNjd4AbX5PK3TSQsC+rVRp609ezosytTcnuZCf5BnuiMg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=cbf165f7e14c.k2403; bh=0dNVevERDmT8qL0gCHb/nv0gMHQBQxCnAOVrZrOeguc=; b=deAwW3RBY2EO8pEThCPbkA6j3Up1yusQJZx3Kg3+uJ/b4UBQ5Vnx6UUGIFOXlS+9ccr9nSGNd943pufCKr32mb7gKC2okUC96QwcTW875BFJW/kwerZDl75Yrh5+pt11ZXy8JPafFQYAIglP44XM5BQGlFWq3v9bAdJrhlZbNtK8Ldnn27nl1YwfSOuWe0+tT1pp8VWF2SGOHM3+c3cRxbOBMK4gc1tpIsnG3VBczT4ckcD1ApzH98zV7JZjMGCw1EUbe92/TndCUe2j8SavSFSV7KmM+wzVxhbbSwiKD4DvSG/2cu92e4i8BLR6D7i65UY1pWiK99YdeoPxA5cigA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 18 Mar 2024 06:38:03 -0000
Received: by ary.qy (Postfix, from userid 501) id 6645C85966D1; Mon, 18 Mar 2024 02:38:03 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id 3C00E85966B3; Mon, 18 Mar 2024 02:38:03 -0400 (EDT)
Date: Mon, 18 Mar 2024 02:38:03 -0400
Message-ID: <810a3322-4ba3-ac67-5c7b-0118028aeb34@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Dotzero <dotzero@gmail.com>
Cc: dmarc@ietf.org, Scott Kitterman <sklist@kitterman.com>
X-X-Sender: johnl@ary.qy
In-Reply-To: <CAJ4XoYcoJFqYoAt_jq6jfsSjqtjaifiUzaqY-zkg7R3o5Bio0A@mail.gmail.com>
References: <2068150.yCtiIVWOOC@zini-1880> <20240318013630.455118593233@ary.qy> <CAJ4XoYcoJFqYoAt_jq6jfsSjqtjaifiUzaqY-zkg7R3o5Bio0A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/h_ytb51KHHkQTyCMfGMs9NPXmQo>
Subject: Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What To Say About Too-Permissive/Third-Party SPF and Where To Say It?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2024 06:38:28 -0000
On Sun, 17 Mar 2024, Dotzero wrote: >> Whenever mail is sent, there is a risk that an overly permissive source >> may send mail which will receive a DMARC pass result that was not, in >> fact, authorized by the Domain Owner. These false positives may lead >> to issues when systems interpret DMARC pass results to indicate >> a message is in some way authentic. They also allow such unauthorized >> senders to evade the Domain Owner's requested message handling for >> authentication failures. > I have a problem with this 2nd paragraph and believe it is factually > incorrect. The Domain Owner has in fact authorized the message(s) as a > result of an overly permissive approach. I would suggest that in fact any > resulting DMARC pass is technically NOT a false positive because it is > authorized by the overly permissive approach.. Seems to me we it depends on what you think "authorized" means. My sense is I told you it's OK to send the message, yours seme to be that any host on an IP in the SPF record or anyone who steals your DKIM key is authorized by definition. Is there some other wording that can make the difference clear? Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly
- [dmarc-ietf] DMARCbis WGLC - Issue 135 - What To … Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Alessandro Vesely
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Alessandro Vesely
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Douglas Foster
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… John Levine
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… John Levine
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Dotzero
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Murray S. Kucherawy
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Benny Pedersen
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… John R Levine
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Dotzero
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Alessandro Vesely
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… John R Levine
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… John R Levine
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Alessandro Vesely
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC - Issue 135 - What… Alessandro Vesely