Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields
Dotzero <dotzero@gmail.com> Sat, 06 June 2020 21:28 UTC
Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D38793A0D0B for <dmarc@ietfa.amsl.com>; Sat, 6 Jun 2020 14:28:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UWVmMfiYD69N for <dmarc@ietfa.amsl.com>; Sat, 6 Jun 2020 14:28:44 -0700 (PDT)
Received: from mail-wr1-x441.google.com (mail-wr1-x441.google.com [IPv6:2a00:1450:4864:20::441]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EB623A0D0A for <dmarc@ietf.org>; Sat, 6 Jun 2020 14:28:44 -0700 (PDT)
Received: by mail-wr1-x441.google.com with SMTP id t18so13406616wru.6 for <dmarc@ietf.org>; Sat, 06 Jun 2020 14:28:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+w2aAAcm5qNHCbxFNchLPbhJq+BPXw0X9siOxUQtasc=; b=STCFqP3mSHB0ZfURwc094p5A/TXEpzS1Zg0sVuQTE4cuX7our5TXF0prwzSzNwAO2u ajrZzp3oYrdHsoWnqnXMed4km0egfBDIg1LruhKFzHYeZhRiZiGjqu/APcemxy0WA8Va Qfrg3oZZZKJwxCRf8/cGjRc7387G+BIG+/y2cXZeRrdOOzzW18Rg+xgwRPipNHWuzPuu 3bh06PcQm4bUH9yOeneiojg/ambuu4ddSi+rhQ4Ass62O9e9WyAymqPJiv6Yd3rM2lE+ u5Tt9+5ml2bY8RjNIBEi1HFh7XIQabMh3YhrK+1SxtSol7AEPBNT0tUJWK3zSn46Ft6I 77xQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+w2aAAcm5qNHCbxFNchLPbhJq+BPXw0X9siOxUQtasc=; b=Jmjq6adc2tsblkgpLdi7nRyuQBKkj9TJZBWF7kogyx9U9Ra33qkIaeX9EUo2A/VP9G /aYF36p0eJAFbLguIjVLjJMXYqUHUr7KafGwrLJZtznPP6KXpVArNcM5odhHr2KS2Uy7 JPE5H1xwYNn7DTh97uFWbqx94ZsksBrEF3oD2riAYogYmi0WYS5dUOr6FFfz2J6xBMLg jHIEJbqTyD9d67Iy8R7ws4UeR1f47CCj0QFEqrYqs9HpTW2w13tzipO3DGoIMtOB93zJ IY45ca7eYvYGk320eprtobokFpOXMVfFLr+uIpcV7AgxsP74c8GuMzgrDxcxroBkHxAd fahg==
X-Gm-Message-State: AOAM5336mANf3ya+2pMGHIxz/cF/SlMCvrtahriSlVYY70p+4jGKvYBi v+4s/awEDvHHXS+ebshKBbq4ytz91axUQBNtkw1H5zyskdQ=
X-Google-Smtp-Source: ABdhPJxjbU8Ygx5XJLKCX0GkOogJ1mNX5dsbksl7Zz3Tu8egXyFWjRDX8Lm7qH2MUKVnFZSThTmzArOkrHAB2yn6CSI=
X-Received: by 2002:adf:dccc:: with SMTP id x12mr15535396wrm.72.1591478921298; Sat, 06 Jun 2020 14:28:41 -0700 (PDT)
MIME-Version: 1.0
References: <DM5PR0601MB367115AD49513EAF3953716CF68B0@DM5PR0601MB3671.namprd06.prod.outlook.com> <CAJ4XoYcDhiap3fMfCjUbjERDK+DH=Au+43Ycu_YR4dPRQmNKaA@mail.gmail.com> <114ec030-dbc9-bf7d-a453-e5cf3dd3f642@bluepopcorn.net> <CAJ4XoYdt-8D65ajLLDGoNBqUB7+juWvWSdaO+PJPZpBbE6eeZg@mail.gmail.com> <faeccaf0-359e-74bb-2683-6a2b9ad50364@bluepopcorn.net>
In-Reply-To: <faeccaf0-359e-74bb-2683-6a2b9ad50364@bluepopcorn.net>
From: Dotzero <dotzero@gmail.com>
Date: Sat, 06 Jun 2020 17:28:21 -0400
Message-ID: <CAJ4XoYdjuc4zU7xR8U7zR-qLrtgT1sjZXGeZ3vWmT5Vu4R1vHw@mail.gmail.com>
To: Jim Fenton <fenton@bluepopcorn.net>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c584e205a7710f8f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ks7cvW_vcFZJtTivosSbqWvUQps>
Subject: Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jun 2020 21:28:46 -0000
On Fri, Jun 5, 2020 at 5:26 PM Jim Fenton <fenton@bluepopcorn.net> wrote: > On 6/4/20 10:39 PM, Dotzero wrote: > > > The goal of DMARC was (and is) to mitigate direct domain abuse. Nothing > more and nothing less. It helps receiving systems identify a (correctly) > participating domain's mail. That is why a DMARC policy is often described > as a sending domain's request and local policy is so important (and can > override that request). > > I'm not clear on what kind of direct domain abuse you're referring to. If > we accept that domain names are either not visible or are ignored by the > recipient, the domain name doesn't matter much as long as the attacker can > get their message delivered, and DMARC doesn't apply because they're using > their domain. > > > The type of direct domain abuse where someone attempts to send a message using <fenton@bluepopcorn.net> in the From email address field. As I wrote earlier, the combination of SPF/DKIM/DMARC is a tool that accomplishes a narrow goal. It is not a silver bullet that solves all forms of abuse. It can be used to mitigate a specific type of abuse. > For attackers that deploy DMARC it simply means that they are self > identifying their malicious messages as theirs. > > No, DKIM and SPF do that. DMARC doesn't have anything to do with > identifying messages. > > > As with SPF and DKIM, some abusers were quick to implement DMARC in addition to SPF and/or DKIM on the theory that it makes their email appear more legitimate to receivers. Just one more nail in the coffin. > For Sending domains, SPF/DKIM/DMARC is only one set of tools in protecting > their brand from abuse. It protects end users from abuse. In fact, in many > cases the individuals most susceptible to falling prey to such abuse may > not even be customers of that sending domain. No, that greeting card you > received isn't legit (Nobody loves you). No, that retailer isn't giving you > a $200 gift card. This is why other tools like takedowns are so important > and why the removal of registrant information from domain registrations has > enabled abusers. > > So maybe the core question here is, does the identity in the domain name > matter or not? It does to me personally because I look at it (whenever I > can -- my iPhone doesn't make it easy to display) and I pay attention to > it. But I know I'm not a typical user, and I also see increasing evidence > of mail client software that doesn't show anything but the Friendly Name. > So is there a "brand" associated with the email domain name any more? > There is. Don't get hun up on what is displayed to the end user. Think about the reporting aspect. In my previous incarnation we were able to initiate takedowns and/or blocking by 3rd parties much more quickly based on DMARC reports than simply waiting for end user complaints to customer service or abuse@. > If the domain name doesn't matter, the binding to the From/Signer address > doesn't either. > > -Jim > It does matter for the specific abuse scenario. Those particular abusive mail streams never get to the end user recipient. I'm basing this on my experience on a corpus of billions of emails sent for what had been previously highly abused domains/brands. For other types of abuse we implemented other types of mitigation approaches. Collectively those approaches reduced abuse by over 95%. The goal was to reduce ROI for the bad guys to the point that they would look for greener pastures. You are implying/assuming that DMARC solves the problem of a wider scope of abusive email types than it does. The Display Name (Mail From) is a particularly thorny problem to solve in that it is not tied to anything in that it is a free form field into which anything can be entered. Michael Hammer
- [dmarc-ietf] DMARC alignment conflicts with RFC 5… Jesse Thompson
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Brandon Long
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Pete Resnick
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Pete Resnick
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Murray S. Kucherawy
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Kurt Andersen (b)
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Hector Santos
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Douglas E. Foster
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] About user notification in the M… Douglas E. Foster
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] About user notification in the M… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] About user notification in the M… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Murray S. Kucherawy
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] About user notification in the M… Douglas E. Foster
- Re: [dmarc-ietf] About user notification in the M… Murray S. Kucherawy
- Re: [dmarc-ietf] About user notification in the M… Дилян Палаузов
- Re: [dmarc-ietf] About user notification in the M… John Levine
- Re: [dmarc-ietf] About user notification in the M… Stan Kalisch