IETF Logo Mail Archive

Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows

Scott Kitterman <sklist@kitterman.com> Wed, 26 April 2023 11:22 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9560EC14F74E for <dmarc@ietfa.amsl.com>; Wed, 26 Apr 2023 04:22:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="f+2zhoPU"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="emHFOb/t"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O6ZyKFHYpoN1 for <dmarc@ietfa.amsl.com>; Wed, 26 Apr 2023 04:22:03 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C627C14F736 for <dmarc@ietf.org>; Wed, 26 Apr 2023 04:22:03 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id 0E4A8F802E7; Wed, 26 Apr 2023 07:21:53 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1682508099; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=g7VkR6akKl6bR98+xDy3zF+EhT+SNYPkJ1b8qHTl2S4=; b=f+2zhoPUBYkCe1cMc0GgU4KAFMq9BAYNSrXOW+kiIRQF12Y/EDZBCuOmPFiiCPbEn/gIy lVIsgHAGY82jW43CA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1682508099; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=g7VkR6akKl6bR98+xDy3zF+EhT+SNYPkJ1b8qHTl2S4=; b=emHFOb/tiHED0ldDtwHP65JVyN+ncYBDgwRDqCLBBoH0bGjGeO/K2bBG7dsR19Ukvkiws Pd/ItOU63fCMsAA/m/21uUAqtNumgzRkt6IiOqYq7JjkH0kgKjZDps4S1YsU9IcI7GkBdcU t83DclyXr8xVjvbMOKAgtXmtDSKQJbcNQN0qfsiQD+W7AvR0iSm2dp2xaHob3vz5yiCrPzA x/tCqm3oyUR4hXEgLpMhvSIrIZiibys6f/HhEMR9qv9O4EV+ED89w3qw1OeYbsVMQBbbtbk 66TMbXopsxqYzHZioV0/NeSC+vewdcewaRKaZaBlLES+QA5aktKdrCjjaY0g==
Received: from [127.0.0.1] (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id CAC0DF80234; Wed, 26 Apr 2023 07:21:38 -0400 (EDT)
Date: Wed, 26 Apr 2023 11:21:33 +0000
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
In-Reply-To: <9aaeadee-c29a-efe8-2c43-ed6fc1b3ed0d@tana.it>
References: <CALaySJ+NBg9vzqa0_t-sBf7EKXQ3A=DTyy-Vc7M-ZK9-vfJxmw@mail.gmail.com> <29216533.CRhL9lMF2B@localhost> <9aaeadee-c29a-efe8-2c43-ed6fc1b3ed0d@tana.it>
Message-ID: <D29CB79C-AAEB-4999-92C7-D19389916D98@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/mHmqeCA-TC-GP1QcUJNdPpqT5f0>
Subject: Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2023 11:22:07 -0000


On April 26, 2023 8:08:39 AM UTC, Alessandro Vesely <vesely@tana.it> wrote:
>On Tue 25/Apr/2023 20:27:18 +0200 Scott Kitterman wrote:
>> My recollection is that a general formulation that I proposed had at least
>> some traction out of both groups:
>> 
>>> [some appropriate description] domains MUST NOT publish restrictive DMARC
>>> policies due to interoperability issues
>> 
>> Leaving aside (for now) the question of what goes into [some appropriate
>> description] and with the assumption that there will be some non-normative
>> discussion to amplify whatever that is and probably give some indication about
>> what domains might do to not be one of those domains, is there anyone who just
>> can't live with that formulation of the situation?
>
>
>Me, for one.  Because more than 98% of domains are going to fall into the description, however we word it, that statement makes the whole I-D nonsensical.  Cannot we just tell the problem without MUSTard?
>
>In any case, using the complement of [some appropriate description] is certainly easier.  For example:
>
>    Forcing authentication into Internet mail by publishing restrictive DMARC
>    policies breaks some well established patterns of usage.  Publishing such
>    policies is thus RECOMMENDED only for domains [in this other appropriate
>    description].
>
Thanks.

I understand your objection to be that the proposed description of the interoperability problems would apply to too many domains, regardless of the modifier we might use.  Is that correct?

I don't understand the technical issue associated with that objection.  I get that you feel the construction is too negative, but I don't have a sense you think it's inaccurate.  Focusing on the technical aspects of this, would you please help me understand what you think is technically incorrect about it?

Scott K

v2.23.0 | Report a Bug | By Email