Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
Dave Crocker <dhc@dcrocker.net> Tue, 21 July 2020 15:52 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16A493A0B43; Tue, 21 Jul 2020 08:52:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v5H4OHbwITuo; Tue, 21 Jul 2020 08:52:02 -0700 (PDT)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 114993A0B3F; Tue, 21 Jul 2020 08:51:59 -0700 (PDT)
Received: from [192.168.1.67] (108-226-162-63.lightspeed.sntcca.sbcglobal.net [108.226.162.63]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1.1) with ESMTP id 06LFsVat013483 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 21 Jul 2020 08:54:32 -0700
To: Jesse Thompson <jesse.thompson=40wisc.edu@dmarc.ietf.org>, dmarc@ietf.org
References: <bf5b68c74a3c487ca8a07a0a27061e47@com> <87zh7ur069.fsf@orion.amorsen.dk> <3829fac4748a48d0b752403450843bd5@bayviewphysicians.com> <c9353a06-ab31-c397-449e-7d36afbf655d@wisc.edu>
Reply-To: dcrocker@bbiw.net
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Message-ID: <c2ad22cd-8b35-733f-bc4c-839e2c4b3e98@dcrocker.net>
Date: Tue, 21 Jul 2020 08:51:53 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <c9353a06-ab31-c397-449e-7d36afbf655d@wisc.edu>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/oHXYUI9mLiAra4qg1YjLHQmR2T4>
Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2020 15:52:03 -0000
On 7/21/2020 8:48 AM, Jesse Thompson wrote: > On 7/20/20 7:55 AM, Douglas E. Foster wrote: >> I am advocating for MLMs to stop spoofing and make their peace with DMARC. > Maybe the recommendation should be that MLMs (or any ESP, for that matter) should never send as a domain they do not directly own unless it's authorized to send aligned mail as that domain. (I say this as I have a distinguished PhD (not of CS) complaining to me that when he sends spoofed email from his Gmail account the messages go into spam because of DMARC. Why do these ESPs even allow it in the first place, putting the domain owner's decision to adopt DMARC as the boogieman?) This being a technical forum, we need to be careful and precise about terminology and history and, well, quite a bit more. The mail is not spoofed. Consider the definition of the word. Then consider that the MLM is authorized by the user with the address in the original From field. Also then consider that the existing MLM behavior has existed and been useful for roughly 45 years. The problem, here, is DMARC's imposing a change in email semantics. d/ -- -- Dave Crocker Brandenburg InternetWorking bbiw.net
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- [dmarc-ietf] Response to a claim in draft-crocker… Kurt Andersen (IETF)
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker on behalf of Kurt Andersen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] no from addresses nowhere, Respo… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Benny Lyne Amorsen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Benny Lyne Amorsen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Doug Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- [dmarc-ietf] DMARC marketing Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Joseph Brennan
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Benny Pedersen
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Benny Pedersen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] DMARC marketing Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker