IETF Logo Mail Archive

Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal

Alessandro Vesely <vesely@tana.it> Fri, 30 June 2023 08:10 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19B44C14F738 for <dmarc@ietfa.amsl.com>; Fri, 30 Jun 2023 01:10:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.099
X-Spam-Level:
X-Spam-Status: No, score=-7.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=tana.it header.b="mLVnRdbB"; dkim=pass (1152-bit key) header.d=tana.it header.b="CEUZKrho"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cne30XFyE7z7 for <dmarc@ietfa.amsl.com>; Fri, 30 Jun 2023 01:10:39 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [94.198.96.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 431C1C151089 for <dmarc@ietf.org>; Fri, 30 Jun 2023 01:10:36 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=tana.it; s=epsilon; t=1688112635; bh=7IaOjcR8R9U/o1zG0Gm2Xxlak+UGTPM1tv15ChbQEKI=; h=Author:Date:Subject:To:Cc:References:From:In-Reply-To; b=mLVnRdbBoQ5UAX+Itey8DI81M8j6Z4blq1meh/rmtqRVS3nBDJki/7BvvILr1UnRh wHwCbzw/QnkIlg3rP/nAg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1688112635; bh=7IaOjcR8R9U/o1zG0Gm2Xxlak+UGTPM1tv15ChbQEKI=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=CEUZKrhoCxWGiZbjZhxOukfqXOE0ec6dUHUoS3fQTPio2odTCfpOKFUBg1/PJbVCu 3xq9UfZFFWrIXP4KbGex76HMkQL8Yv2cImyrLNaCKUySvdYLmVORpt0/pshfmuWIWr DhR5bWbazVwKJK7J1vdxHLGF84U5tviVO537mG8muUglvw8MMUZKfR12JHmY7
Original-Subject: Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal
Author: Alessandro Vesely <vesely@tana.it>
Original-Cc: dmarc@ietf.org
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC076.00000000649E8DFA.00002801; Fri, 30 Jun 2023 10:10:34 +0200
Message-ID: <953b5d00-3a4d-95e3-5cd7-8313613ee6f0@tana.it>
Date: Fri, 30 Jun 2023 10:10:34 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0
Content-Language: en-US, it-IT
To: Tero Kivinen <kivinen@iki.fi>
Cc: dmarc@ietf.org
References: <20230623021810.E5F8DF9B3B94@ary.qy> <6495D504.4090809@isdg.net> <839aa10b-f7fa-c7a2-76db-6441189afca2@dusatko.org> <CALaySJ+gcVvpzJcrpUbOkOvjUFAhzw=pZovpZC7BhW_x7VW7nA@mail.gmail.com> <b78cb14a-d641-fabd-a67c-f099b8fae3f9@tana.it> <CAH48Zfwm4YZ1Px4NG-Vo8n-S1Gj7vps=JrYw0-zyHx4N8qWhkw@mail.gmail.com> <89205d6b-4d5b-326e-c0d6-a6001997ab9c@tana.it> <25758.14578.231174.628994@fireball.acr.fi>
Authentication-Results: tana.it; auth=pass (details omitted)
From: Alessandro Vesely <vesely@tana.it>
In-Reply-To: <25758.14578.231174.628994@fireball.acr.fi>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/pQrhDlX2d2VQj9_HVz9a-oGL9GQ>
Subject: Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jun 2023 08:10:46 -0000

On Fri 30/Jun/2023 04:07:46 +0200 Tero Kivinen wrote:
> Alessandro Vesely writes:
>> [...]
>
>> ESPs can provide include files for those who wish otherwise.
>
> I know that some companies in finland has included the iki.fi 
> IP-addresses ranges to their SPF records, because they had several 
> complains from people of SPF failures when they were sending emails to 
> iki.fi addresses. We even added _spf.iki.fi DNS record for them to use 
> for their include when it was requested, but I do not consider that 
> good practice for solving issues of the SPF.


Agreed.  Before -all, tana.it's SPF record sports a directive like so:

?exists:%{ir}.list.dnswl.org

Neither this is a good practice, as receivers should consult a whitelist of 
their choice without having to obey an explicit request.  And dnswl.org count 
the queries they receive from each host.

IMHO, forwarding agreements should be set up at the very moment when the 
senders fixes the target address in a dot-forward recipe.


Best
Ale
--

v2.23.0 | Report a Bug | By Email