Re: [dmarc-ietf] Rethinking DMARC for PSDs

"John Levine" <johnl@taugh.com> Mon, 08 April 2019 00:50 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E428A12011A for <dmarc@ietfa.amsl.com>; Sun, 7 Apr 2019 17:50:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=UCgxCwIj; dkim=pass (1536-bit key) header.d=taugh.com header.b=VGV9MGRQ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8_aFJ95PXGPz for <dmarc@ietfa.amsl.com>; Sun, 7 Apr 2019 17:50:48 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E64CE120256 for <dmarc@ietf.org>; Sun, 7 Apr 2019 17:50:47 -0700 (PDT)
Received: (qmail 46159 invoked from network); 8 Apr 2019 00:50:46 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=b44d.5caa9ae6.k1904; bh=+yJkXc6hHWPYdsGqDIyPpfWac4WkTtGJ+RMqfVU17mk=; b=UCgxCwIjWmntrkLWzcr9D7lsIKhrl22IkeeCvXaP/hR7OOjjKwJtV9XFl64otfnF+3dWtV4C0StOhjBUs00U2qVA3PQ1ezPK4TAc4Qo9g4WmUsdU9Nl0/DFYUOeLkPm2qmyD+lCck90osSfZkC3Tn+pXDwGYn7QiK0H2SQ6AtNEONh/wzLIIGBmCvuAeblhiqM7Bl46DqQgffbJiIhl01rOkQA96qj7FvmsAvts0vwjQShOK5+gAER1Z2l8UGBs4
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=b44d.5caa9ae6.k1904; bh=+yJkXc6hHWPYdsGqDIyPpfWac4WkTtGJ+RMqfVU17mk=; b=VGV9MGRQj/iWlGTIMdIUubBNFk1TRNiDprDvrPwgk0XKSEzfuvjwE1J6rN4+QiLG4fGUnKSxhv+y79RcQHPOuqUjWUbpChPiRhhTjKJbauqnYdYnHfB4Pyl5negzORykTFbxvejIjcPYxn10Jyin08C2rqWFBVCg1kH7kaAKeMs5twfBBm9bRWe4Vd1ltaBrPbVYgthnTdo9NobahMGVkfoH46xE701hGZEJ/YUwf//CUdieqTkzM45wDLCQ2FEr
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 08 Apr 2019 00:50:45 -0000
Received: by ary.qy (Postfix, from userid 501) id 5EC462011B2BFE; Sun, 7 Apr 2019 20:50:44 -0400 (EDT)
Date: 7 Apr 2019 20:50:44 -0400
Message-Id: <20190408005045.5EC462011B2BFE@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
In-Reply-To: <c588c5eeec224162bffd080693c703e1@bayviewphysicians.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/hezvljESRMJIVYqNqulFRSCV1I0>
Subject: Re: [dmarc-ietf] Rethinking DMARC for PSDs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2019 00:50:50 -0000

In article <c588c5eeec224162bffd080693c703e1@bayviewphysicians.com> you write:
> The problem:
>  	Spammers use non-existent domains to achieve identity spoofing, such as 
>tax.example.gov.uk 
> This is primarily a reception problem, because many recipient mail filters 
>are not equipped to block this type of fraud. ..

Right, and we can stop right there.

A decent spam filter will treat a nonexistent From: domain or envelope
bounce address as extremely suspicious and send the message into spam
folder purgatory.  If someone's filters aren't doing that, it is
unlikely that they're paying much if any attention to DMARC, and no
amount of fiddling with DMARC will make any difference.

My mail server rejects anything with a non-existent bounce address at
SMTP time and I don't think it's ever rejected anything my users would
want.

The solution to this problem is for mail systems to fix their filters,
not to invent yet another mail-breaking hack that they won't use
anyway.

R's,
John