IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

Dotzero <dotzero@gmail.com> Mon, 17 August 2020 12:48 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FC783A0BAB for <dmarc@ietfa.amsl.com>; Mon, 17 Aug 2020 05:48:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a-Z3vVb-VJJM for <dmarc@ietfa.amsl.com>; Mon, 17 Aug 2020 05:48:45 -0700 (PDT)
Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A8FC3A0BAA for <dmarc@ietf.org>; Mon, 17 Aug 2020 05:48:45 -0700 (PDT)
Received: by mail-qk1-x72b.google.com with SMTP id j187so14759497qke.11 for <dmarc@ietf.org>; Mon, 17 Aug 2020 05:48:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=5OtQtfd8MAfzJgWsSaR8YFfBz/wmKVJ91FclSW9H3tY=; b=XFlSrC5Se4yhHtQMYDLuoFKZ/6Gd0Wccu5KNqOYyTCS8flfvsLhJTJgDvdy8PdHRxD 4yEZE3jUsilr9gaNUtcDmqrwi2R/oxxxdfA03WDikO9HtBb6MfO89Y2eDyUnOvf/OMQe 9Rxx52gQws08aGjBDo1BEqKbQGUdX2hlVXREhBWrwetsvIHWtr/dij9KGz+lIQSewnt9 pFctpTeQHe1uROsypAZQ/z1xMbGl0W6XWHZCGPTXTafpeY927IGHVALy4MljQ/gcvu8V fC+dvlRl8bst2PnqY8bWfyA+QEKg2p7miJRJpduHWzdeo1HTtn4aVdkZjFNWPquwS9G/ bh6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=5OtQtfd8MAfzJgWsSaR8YFfBz/wmKVJ91FclSW9H3tY=; b=ZUO24Xmqtemo557TBAjeoJDB+NgDv+9K8s7i6JGqwxSgg/glk8oVlwQHneHKn13hqt IyHzS7FAblNAKTO3FkUB+hjkNOJzpGCQNiUxQt5vaGf1qBV/b9zP3VCAqMladB3LXPYe LXCO7Kx5A5HSpqH/kgzHmxs5tf2jLfxNqEHZ6TuldIdvg+atqeegRz4W6K7MA6c/Q0tK BDrcVARyMP2KH37AU16Zywj5rtYnP7scQV+iQ15B85yk5u9xnCLK+cyAX46Ye4QctAbF YENHPISQzJ7liH+3ddP6tvC4Mu9WOFjJR7zn3Sr9fXN3FPtqMs20/ancJQxOKEUI0ppc JX8g==
X-Gm-Message-State: AOAM530IsHd4m1oyXBbEKkxVRqfh7Mv0Idm9tRVJpgkuCdPeNgh99QAg GQJjwqrrs7Xp+WmsENsi8uA01vnv7P4PvdWBJbjcz7uj
X-Google-Smtp-Source: ABdhPJzAZtaFYJ2hB4i97+3ptG+kbMTzR+xXqr6XgnjZX3izAbgM6vxdvOZmh87xMieR1W7H8zJxP5Rpe0PuNnrveoQ=
X-Received: by 2002:a37:9f0a:: with SMTP id i10mr13194814qke.368.1597668522452; Mon, 17 Aug 2020 05:48:42 -0700 (PDT)
MIME-Version: 1.0
References: <CAJ4XoYcFbh8-nAxjxzzRgUahFfhcgcZQ2yMF2ewv_-DgUmhL=g@mail.gmail.com> <20200814164237.313071E971DB@ary.local> <CAJ4XoYeqj_5mpZu1PZP4rNfrWRyC5gC-2dfK7oX9xQHiR24QeA@mail.gmail.com> <085c6a5f-5451-ae8c-4873-133673ba1754@tana.it> <CAL0qLwaVUi9QtV4zcCwncuy4N3YPwsGZPzFfd1q19io79UG2VQ@mail.gmail.com> <c1844590-4b12-9763-21c5-6ac5b730321b@tana.it> <6358f3da-806b-f4eb-b9a0-8ee8ce4121d7@dcrocker.net> <4e549ca6-6047-6ff2-325c-fe8d7247e157@tana.it> <c972e0af-b589-1780-47b3-8cb2a2024ec2@dcrocker.net> <13a0ed72-2c5a-8ba6-84ab-b857e29403f1@tana.it>
In-Reply-To: <13a0ed72-2c5a-8ba6-84ab-b857e29403f1@tana.it>
From: Dotzero <dotzero@gmail.com>
Date: Mon, 17 Aug 2020 08:48:31 -0400
Message-ID: <CAJ4XoYe3jWWRbP7_Jfp_my7iwVVObr7+Vuj9v_D_AVPuW+Yzyg@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bfed1105ad123055"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/lPQ4ReEAJbJQWmHiS8H6QElfr44>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2020 12:48:47 -0000

On Sun, Aug 16, 2020 at 2:03 PM Alessandro Vesely <vesely@tana.it> wrote:

>
> >> That conflicts with the coarse-grained authentication strategy,
> >> established at the FTC Email Authentication Summit in November
> >> 2004, as Doug^W Michael recalled. >
>
> There was no such strategy established regardless of what one person
remembers.

>
>
>
> > 2. There was nothing 'established' at that event.  There were
> > interesting discussions, but that's all.
>

Agreed.

>
>
> I wasn't there.  Can't it be considered the historic event that marked
> domain-level authentication as the promising strategy to counter email
> abuse?
>

Nope. It was one of many things presented/disccussed.

>
> https://mailarchive.ietf.org/arch/msg/dmarc/-pX7yWlSk39ShOjAzWMxhxlKh1E
>
>
> >> Your gmail address needs to be authenticated by gmail.
> >
> > Good grief, no.  There is no system rule to that effect.  DMARC
> > created that, but no policy before it was in place, never mind accepted.
>

Just to reiterate, DMARC, SPF and DKIM operate at the domain level
granularity, not at the individual email address level granularity.

>
>
> DMARC took that strategy to the extremes.  A number of users and
> operators seem to have accepted it.  Why cannot we accept it too?
>

DMARC does one thing and one thing only, and that is to mitigate direct
domain abuse. It was not intended to stop phishing, spam or anything but
direct domain abuse. The issues with uses such as mailing lists were
identified and noted.

>
>
> >> Sending From: bbiw.net, SPF-authenticated as dcrocker.net, and
> >> whitelisted as yet another domain (songbird.com) can hardly be
> >> verified.  There is no "pretending", since it's you, but it is not
> >> formally distinguishable from spoof, is it?
> >
> > Whether valid and invalid uses can be distinguished does not alter the
> > fact that valid uses are valid.
>
>
> The problem is to find the technical means that allow receivers and
> recipients to verify such validity.
>
>
> >>> This continuing practice of characterizing valid use as if it were
> >>> spoofing or pretending has been a major impediment to constructive
> >>> discussion in the industry.
> >>
> >> A system that is able to recognize all your domains and affiliations
> >> in order to authenticate messages does cost several orders of
> >> magnitude more than a simple "mechanical" verifier.  That way,
> >> requiring too much flexibility is a push toward oligopoly.
> >
> > I have no idea what you are referring it.
>
>
> Gmail has a visual perspective that allows them to know each and every
> email domain worldwide, and employs a number of people who help
> continuously upgrading domain reputation.  In order to enjoy such
> technology, medium-small domains can get a G Suite account.  That's
> oligopoly.  If the technology were simpler and clearer, running one's
> own mail server could be a valid alternative.
>

Setting aside DMARC, running email servers has always had a bit of
complexity that is beyond the ability of the average person. I'm not sure
what your point here is.

Michael Hammer

v2.23.0 | Report a Bug | By Email