IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

Scott Kitterman <sklist@kitterman.com> Sat, 06 June 2020 21:23 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BCEA3A0CDD for <dmarc@ietfa.amsl.com>; Sat, 6 Jun 2020 14:23:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=OQ7blfd5; dkim=pass (2048-bit key) header.d=kitterman.com header.b=Hb3o8X0B
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R9qxwQ-Js9pv for <dmarc@ietfa.amsl.com>; Sat, 6 Jun 2020 14:23:21 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D99EA3A0CF2 for <dmarc@ietf.org>; Sat, 6 Jun 2020 14:23:21 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id D3CCBF80230 for <dmarc@ietf.org>; Sat, 6 Jun 2020 17:23:20 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1591478600; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=2WMhtvSxUVXUBJyZxYDj6iE4Kw04MAZN8AMHVK1NKLE=; b=OQ7blfd5DyBGpxmTFCkt4TLV0AxXUDuhlsU51fdFf+IPPt1Onb6ALjXTVng1nQHTlyfZ3 yFBH5FB9gjL1ycgDQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1591478600; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=2WMhtvSxUVXUBJyZxYDj6iE4Kw04MAZN8AMHVK1NKLE=; b=Hb3o8X0BFvhEjywKcwSytB+PateDc3pucBLS+JIwaXonflmVg8TCElfhqvpMheo3lA1xd /Ak40XnojM0DcsAazkSqI6jY0BWvVe6LenhIZaQphA0s5c54y/z8ylcPHHy1MFZO6yyZYHu 0XCYbfbHxx0wTM+0zrbLMwzW6e7Le3naXuCgkTC4Ooo4zJ3vM3B7soaVVjkdDC6WqBQIbVp Te8vWiKbwum8KI83EdI2TAETPKE6RhzTXNN4KTE9/B2wABiB7PQgpKVxc5qtnHKJEfdcMg9 i6VLiANvtRJfeu2R+QOmbzs/JWiLKa3VTuNXxNGJyWzxTt28Kk1H7dLiWcMA==
Received: from sk-desktop.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTP id A7E25F801DD for <dmarc@ietf.org>; Sat, 6 Jun 2020 17:23:20 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Sat, 06 Jun 2020 17:23:20 -0400
Message-ID: <11640715.3lbasgNmsr@sk-desktop>
In-Reply-To: <rbgv8n$2c3k$1@gal.iecc.com>
References: <DM5PR0601MB367115AD49513EAF3953716CF68B0@DM5PR0601MB3671.namprd06.prod.outlook.com> <F312F1CC-4CCC-4510-83E3-4010AECF7916@kitterman.com> <rbgv8n$2c3k$1@gal.iecc.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/hcaLtCq5dovg4Q9h99M_x6-6Lkc>
Subject: Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jun 2020 21:23:23 -0000

On Saturday, June 6, 2020 4:45:11 PM EDT John Levine wrote:
> In article <F312F1CC-4CCC-4510-83E3-4010AECF7916@kitterman.com>,
> 
> Scott Kitterman  <sklist@kitterman.com> wrote:
> >I think the market has spoken on the utility of DMARC.
> 
> There's no question that it was highly successful at Yahoo and AOL
> after they let crooks steal their address books at reducing the amount
> of spam their users received that forged addresses in those stolen
> address books.  Of course, if you are not Verizon Media, who cares?
> 
> I gather it is also quite effective against phishes that for some
> reason put the actual target's domain in the From: address, but
> at this point I don't know how common that is relative to phishes
> that put it in the From: comment, viz. Jim's question.

I'm not sure how important a question it is.

It used to be quite common.  If it's not anymore (I don't have access to a 
current data set big enough to really have an opinion), then I'd suggest that 
it's because abusers are, at least to some degree, deterred from doing so.

If things like DMARC, SPF, and DKIM do nothing more than get abusers to use 
different domains than they would otherwise, I think that's a win.  
Unfortunately it's quite difficult to measure the deterrent effect associated 
with these mechanisms.

I would expect that using different domains would make the filtering problem 
easier to solve, so even if the domain presented to end user doesn't matter (I 
think it does, but meh), pushing abusive mail to use other domains helps solve 
the filtering problem.

Scott K

v2.23.0 | Report a Bug | By Email