IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

Scott Kitterman <sklist@kitterman.com> Fri, 05 June 2020 22:37 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3519B3A0ED1 for <dmarc@ietfa.amsl.com>; Fri, 5 Jun 2020 15:37:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_FAIL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=gtm1wvXh; dkim=pass (2048-bit key) header.d=kitterman.com header.b=PCfIzQNd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zQfqxC3Yj1az for <dmarc@ietfa.amsl.com>; Fri, 5 Jun 2020 15:37:55 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4BBF3A0ECD for <dmarc@ietf.org>; Fri, 5 Jun 2020 15:37:55 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 12878F80295 for <dmarc@ietf.org>; Fri, 5 Jun 2020 18:37:53 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1591396672; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=OmHXP6vXazPoaHSP+XqS2Q1F5WNYiBVf5KhixzjDCTE=; b=gtm1wvXhQvOpUbHQgT36hoeQWhcOhg65xgSFRMaAYo2dtqr4yTDVHVOa6mgAo/5RvU+mA OkmvigvmzBIuuYdAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1591396672; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=OmHXP6vXazPoaHSP+XqS2Q1F5WNYiBVf5KhixzjDCTE=; b=PCfIzQNdVHhjwFiCENpmZ4eEF6ldgPEJWhEt2qQsXECEbX+MydE44qXkcfhxy7FUMDtUG a5lwIp7W2x1UtgzQrsYxig/zjwete2pIV+HkIq13ymUenXdcwHp/qE8lprWe0HWogPyFPC5 G/FUEoK4IlOh8+Aj4D56wnm3HVpvCpV4E4wDemEaRELgKvoDDyNxQm6YgQxGj3B80mxYv0J oD3CiR6nTiIfrtiPqJ/qg7ZwogToTT4JC4etif0Z5DsTJmHGp18DhmqJs2/odpifjpnQpt6 fVoWCPxcpw5//qmux/HAh9lwHL3KcfF6K3XVDtJ5PeMhbo/2xTvi4dreU8Dw==
Received: from sk-desktop.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTP id D55A1F801AC for <dmarc@ietf.org>; Fri, 5 Jun 2020 18:37:52 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Fri, 05 Jun 2020 18:37:52 -0400
Message-ID: <83781802.4yxyyzPtoS@sk-desktop>
In-Reply-To: <faeccaf0-359e-74bb-2683-6a2b9ad50364@bluepopcorn.net>
References: <DM5PR0601MB367115AD49513EAF3953716CF68B0@DM5PR0601MB3671.namprd06.prod.outlook.com> <CAJ4XoYdt-8D65ajLLDGoNBqUB7+juWvWSdaO+PJPZpBbE6eeZg@mail.gmail.com> <faeccaf0-359e-74bb-2683-6a2b9ad50364@bluepopcorn.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/nO8MBbY29sdGcGVXLRpCsbtdvhs>
Subject: Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jun 2020 22:37:57 -0000

On Friday, June 5, 2020 5:26:19 PM EDT Jim Fenton wrote:
> On 6/4/20 10:39 PM, Dotzero wrote:
> > The goal of DMARC was (and is) to mitigate direct domain abuse.
> > Nothing more and nothing less. It helps receiving systems identify a
> > (correctly) participating domain's mail. That is why a DMARC policy is
> > often described as a sending domain's request and local policy is so
> > important (and can override that request).
> 
> I'm not clear on what kind of direct domain abuse you're referring to.
> If we accept that domain names are either not visible or are ignored by
> the recipient, the domain name doesn't matter much as long as the
> attacker can get their message delivered, and DMARC doesn't apply
> because they're using their domain.
> 
> > For attackers that deploy DMARC it simply means that they are self
> > identifying their malicious messages as theirs.
> 
> No, DKIM and SPF do that. DMARC doesn't have anything to do with
> identifying messages.
> 
> > For Sending domains, SPF/DKIM/DMARC is only one set of tools in
> > protecting their brand from abuse. It protects end users from abuse.
> > In fact, in many cases the individuals most susceptible to falling
> > prey to such abuse may not even be customers of that sending domain.
> > No, that greeting card you received isn't legit (Nobody loves you).
> > No, that retailer isn't giving you a $200 gift card. This is why other
> > tools like takedowns are so important and why the removal of
> > registrant information from domain registrations has enabled abusers.
> 
> So maybe the core question here is, does the identity in the domain name
> matter or not? It does to me personally because I look at it (whenever I
> can -- my iPhone doesn't make it easy to display) and I pay attention to
> it. But I know I'm not a typical user, and I also see increasing
> evidence of mail client software that doesn't show anything but the
> Friendly Name. So is there a "brand" associated with the email domain
> name any more?
> 
> If the domain name doesn't matter, the binding to the From/Signer
> address doesn't either.

If the domain name didn't matter, no one would bother to use 'real' domains in 
abusive mail.  They demonstrably do, so while one might have differences of 
opinion about how important they are (every MUA I use displays them, so let's 
also not draw too hasty conclusions about them not being displayed) I don't 
think it's a supportable that they don't matter.

Scott K

v2.23.0 | Report a Bug | By Email