IETF Logo Mail Archive

Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows

John Levine <johnl@taugh.com> Wed, 26 April 2023 16:06 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D692C1519A8 for <dmarc@ietfa.amsl.com>; Wed, 26 Apr 2023 09:06:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.847
X-Spam-Level:
X-Spam-Status: No, score=-6.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="kv5ef9cF"; dkim=pass (2048-bit key) header.d=taugh.com header.b="Z2mHyaGv"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id exA4mQLXqxCu for <dmarc@ietfa.amsl.com>; Wed, 26 Apr 2023 09:06:13 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 766ACC14F736 for <dmarc@ietf.org>; Wed, 26 Apr 2023 09:06:12 -0700 (PDT)
Received: (qmail 95874 invoked from network); 26 Apr 2023 16:06:10 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=1767f.64494bf2.k2304; bh=1w8+MRmPYcdfSIngrgxQeebmiYdSouHOpZWTtGmWWEA=; b=kv5ef9cFMUvR6RAkc1yipnQhpeVm9vxnqu1t63Xu0q6eLj5Jm8sJtMTCvFuQPA+ltSPBgW0NYrTuPsubrWlwYiORfAD9IosYDk+w7XZmP5xVfRc3AfKtGMpL7hPR3fuKWU0ScQQ3Er4e5LrCE8wbF0It0fXg0oXShv3EMxRWhKwFJKO2Qn1Z4oXXod5A1rYOGGRKfbcEgjwEKLslHnNOtgDOA782eD63OD5+wOm7K1BkkHSnX1Jsu8w2Z60ZGbvMCq6IN/h5fNms9VZxVNyFMboJgZGbd7egwv5LGX1uqET8bTsxonA3VEMkheHDiqHkvIXmOE49h++AsaemhPIh1g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=1767f.64494bf2.k2304; bh=1w8+MRmPYcdfSIngrgxQeebmiYdSouHOpZWTtGmWWEA=; b=Z2mHyaGvZFnIYYdsF+YaXLol89H2Rcg+jKKJI++C0FSS2AzGkwbDTcOuzXxMZewT34nYIGdgUuO3EFphFhAtMezKbbR35GKzre0CXsAEnw3HGMv8sEaqWbx7q2yUHYlboIz/i2/FmCXQQM4PnJ3wBctLH0PKnxNsX+6QpsjmH92Iwm1uTnljPXIu+cPycY3h7+kcL78Nf3WrZajl/+8Itnsdw5SROZkifAGyY1emE4FtVCqrejpbL4xVwUMPNmEcmsk3oawh1P3FNhfO0bcS4Ytft7ELODEoaxu6Xlnuc/zZBjfPFa9fe98aNZQri0S8eOA9SOeTncHous/yRhD0vA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 26 Apr 2023 16:06:10 -0000
Received: by ary.qy (Postfix, from userid 501) id 8532BC586620; Wed, 26 Apr 2023 12:06:09 -0400 (EDT)
Date: Wed, 26 Apr 2023 12:06:09 -0400
Message-Id: <20230426160609.8532BC586620@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: sklist@kitterman.com
In-Reply-To: <709F2F72-9D99-4A42-8C0E-4EBF2631D89E@kitterman.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ofDD3g1aeXOQF0X5HtRsRgYphY0>
Subject: Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2023 16:06:18 -0000

It appears that Scott Kitterman  <sklist@kitterman.com> said:
>>Domains owners who have users who individually request 3rd parties to emit mail as an address within the domain MUST NOT publish a
>restrictive DMARC policy if they wish to support their users' usage of any potential 3rd party. Examples of 3rd parties include
>mailing lists and email service providers. These 3rd parties are not always aware of, or willing to work around, DMARC. Domain owners
>implementing DMARC as a means for governance by restricting the unauthorized usage of the domain MUST be aware that not all of the
>3rd parties will make changes to work around DMARC, resulting in interoperability issues for their users' usage of the 3rd parties.
>Domain owners SHOULD provide an alternative address for these users within a cousin domain or subdomain that is not directly
>associated with the organization's brand-associated domain that is used for marketing and transactional email that needs the security
>benefits of DMARC. These users MUST use an address within a domain that does not have a restrictive DMARC policy.
>>
>>(Not a troll. Not directly aware of humming (sorry, it's on my bucket list). Hopefully, didn't touch the 3rd rail. Honestly, in good
>faith, representing the perspective of an extremely large domain owner, users within said policy-restricted domain, and as a 3rd
>party commonly used by these, and similar, users.)
> ...
>I can see what you're attempting here and I see the logic.  I think the normative part would need to be about 90% shorter.

I was going to say the same thing.

>I think it misses the impact on innocent bystanders.

It seems to me there are two somewhat different kinds of DMARC damange
that we might separate. One is what happens on discussion lists, where
messages get lost and in the process unrelated recipients get
unsubscribed. The other is simple forwarding and send-to-a-friend
which gets lost but is less likely to cause problems for the
recipients beyond not getting the mail they want.

R's,
John

v2.23.0 | Report a Bug | By Email