IETF Logo Mail Archive

Re: [dmarc-ietf] Revisiting the Race Condition in draft-crocker-dmarc-sender-01

Joseph Brennan <brennan@columbia.edu> Thu, 20 August 2020 00:07 UTC

Return-Path: <jb51@columbia.edu>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 811A23A0FAC for <dmarc@ietfa.amsl.com>; Wed, 19 Aug 2020 17:07:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.54
X-Spam-Level:
X-Spam-Status: No, score=-0.54 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=columbia.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YcUP8ZMjhdG6 for <dmarc@ietfa.amsl.com>; Wed, 19 Aug 2020 17:07:02 -0700 (PDT)
Received: from mx0b-00364e01.pphosted.com (mx0b-00364e01.pphosted.com [148.163.139.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E51C3A0FA5 for <dmarc@ietf.org>; Wed, 19 Aug 2020 17:07:02 -0700 (PDT)
Received: from pps.filterd (m0167073.ppops.net [127.0.0.1]) by mx0b-00364e01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 07K071Gc021978 for <dmarc@ietf.org>; Wed, 19 Aug 2020 20:07:01 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=mime-version : references : in-reply-to : from : date : message-id : subject : to : content-type; s=pps01; bh=vUxJLpt3cA7TBrNZLv2g+YlpwDHsKtgPlvn1cLbWKzc=; b=c/+5l/j6IbZLTF/E/1fUXTI6kNaHFB1rwQGmnZCpLGgrzwsMqb81L4rR2TRUxJz2l3SU x5NcGVIoYwiAhPf08r0qxw7JYXIstK6QG99Ud2BjMjKHSDiMeu7NmO3ywRG/DI+Nq8jM wsPTSKlH2IiuX806R+MWONVaHhIY/2qFn/nBTPsVp+dhsOEb3ZOydV1wJm3cvXrTpJZ1 eVsZTmkWvF3gPYPVRbaCE3dHEvUkPtc6+YqPhHst16gL6bQQw6Z8XeEzcSOcWIMrLYD9 oNsfqNeg1epWcxBYEkvKGOCRYRplzPjekt+e0OWx3TTr7MZ6lhqcc4KQWOJNJAfpQl7r TQ==
Received: from sendprodmail10.cc.columbia.edu (sendprodmail10.cc.columbia.edu [128.59.72.18]) by mx0b-00364e01.pphosted.com with ESMTP id 3304nv4uyk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <dmarc@ietf.org>; Wed, 19 Aug 2020 20:07:01 -0400
Received: from mail-io1-f69.google.com (mail-io1-f69.google.com [209.85.166.69]) by sendprodmail10.cc.columbia.edu (8.14.4/8.14.4) with ESMTP id 07K070uB048773 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <dmarc@ietf.org>; Wed, 19 Aug 2020 20:07:00 -0400
Received: by mail-io1-f69.google.com with SMTP id z25so124302ioh.21 for <dmarc@ietf.org>; Wed, 19 Aug 2020 17:07:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=vUxJLpt3cA7TBrNZLv2g+YlpwDHsKtgPlvn1cLbWKzc=; b=hStbKK2C/iwXKVpc0u3SiNg2QGXVZi1/dAkB+vEZbfbi7lWKwRLFFpur7BCCmRifGG tlCNVlOksm2p1xIR26dk9guT+xYN6+g0bHzBmkHmRnTuRD6HZN3YZtiqUd1aVignTI6a gAGa3y9Y9KDigJx4qnr7PGir6lc5Vux5WXVakUx1nZ8/uKGU9gj0k18fiyXIVQcFChFh MbmmHLB5IeYZQRmQWxyoso5kc7scNS0hDilSnZQtuln+7RCt0/8sTSWAgk/Z+I0r/58l XGCZa03Mw/u5wSGWts4DEu0MlwjZirNSKT0PvMGxKX8rI26DBwCifsoZd9u/EHw5bA+d 0c0Q==
X-Gm-Message-State: AOAM530LLXd+yKuuL6S2n2QX7ISGODyVKyD0dEqQgkYp1pCUuO2d15P4 R1UZDhSosbTi7BrPEHyt8uHiMJJ+oaR6wd7z7J3N27OzZOJ2llWMeNG8RUKadTXsNSMyv+D8f0y kFH9mluritahXWodiunIz9yjdxlsocw==
X-Received: by 2002:a05:6638:22d0:: with SMTP id j16mr811726jat.97.1597882019606; Wed, 19 Aug 2020 17:06:59 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwKbeGm8Nss0G21DHgg/wTv1Omp42T8M0hlhKroKHUoPrz+N38tHt2hlMHX//uAxsUlzKunw+EUW8Uq+u2MKjI=
X-Received: by 2002:a05:6638:22d0:: with SMTP id j16mr811700jat.97.1597882019217; Wed, 19 Aug 2020 17:06:59 -0700 (PDT)
MIME-Version: 1.0
References: <CAJ4XoYcue16VU6otKOzQBFy_59nD8DGcDQb8H=Z0MsX-XLah8w@mail.gmail.com> <20200819004724.16EE11EED520@ary.local> <CAJ4XoYfFKe1yKK5OBx91qJOxZNHSNptu7kHS_bKnyGo_wGLB_w@mail.gmail.com> <8e939d83-3cc8-3989-4e48-7e79e7e86973@taugh.com> <CAJ4XoYfFWbGky+A7GXZeTAth_5JQz1y8QQXsGW-bQ=86CUTt5A@mail.gmail.com> <73cb2f8c-5f9-8fa2-6b13-3ec9318f2c5@taugh.com> <CAJ4XoYd71Ybn=15=y7Ydg3cSMzpkaAr45ynUshTqGEFzq3KLaQ@mail.gmail.com> <CAL0qLwb3bqstz=feSx0h-fR_U03hcixbEmfYeAmqYTQYimcW4w@mail.gmail.com> <baa8487b-ffb8-ce78-cf59-f6d63651d855@taugh.com> <CABuGu1r0gV3W4u35VHVaPREWXdZv90mV=XznFx4hD5XSsWD34g@mail.gmail.com>
In-Reply-To: <CABuGu1r0gV3W4u35VHVaPREWXdZv90mV=XznFx4hD5XSsWD34g@mail.gmail.com>
From: Joseph Brennan <brennan@columbia.edu>
Date: Wed, 19 Aug 2020 20:06:48 -0400
Message-ID: <CAMSGcLDUY8WytRVw5sqc-py5NoLunfvYLWyWFdvc_e+ecJhYnA@mail.gmail.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000026298b05ad43e6d7"
X-CU-OB: Yes
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-08-19_13:2020-08-19, 2020-08-19 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/oi4L6fCJabxs4sRt7yYKCvSkpC8>
Subject: Re: [dmarc-ietf] Revisiting the Race Condition in draft-crocker-dmarc-sender-01
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Aug 2020 00:07:04 -0000

I've been running email servers for 25 years. My number 1 priority is that
legitimate mail gets through. Stopping the bad stuff is very important but
not number 1. Does DMARC causes legitimate mail to fail? Yes, so to me it's
a fail.

I can understand the transactional mail case, as I stated in
previous messages. The burden is on the businesses implementing DMARC
protection to inform customers to give their real end-point email addresses
and not any vanity forwarding services. Any two sides can agree between
them on some optional additional security measure. It's a good thing.

For general end-user mail? It's a bad thing. It will cause email to fail,
and it will cause people not drinking the DMARC kool-aid to implement crazy
non-standard things with From headers to make email work the way it
should work without crazy workarounds. I see no reason that the DMARC
standard should not spell out explicitly the use case that it is intended
to meet, and recommend against using it for other use cases.

I realize that this was said ten years ago (or whatever it was) when
yahoo/aol began abusing DMARC. But see how that went. The problem was not
really DMARC at all, it was abuse of DMARC.


-- 
Joseph Brennan
Lead, Email and Systems Applications
Columbia University Information Technology

v2.23.0 | Report a Bug | By Email