Re: [dmarc-ietf] Overall last-call comments on DMARC
Tero Kivinen <kivinen@iki.fi> Thu, 04 April 2024 22:01 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5B3AC151084 for <dmarc@ietfa.amsl.com>; Thu, 4 Apr 2024 15:01:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.16
X-Spam-Level:
X-Spam-Status: No, score=-4.16 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-2.064, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iki.fi
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NOCvWpJegIXi for <dmarc@ietfa.amsl.com>; Thu, 4 Apr 2024 15:01:13 -0700 (PDT)
Received: from lahtoruutu.iki.fi (lahtoruutu.iki.fi [IPv6:2a0b:5c81:1c1::37]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9C7AC14F6E3 for <dmarc@ietf.org>; Thu, 4 Apr 2024 15:01:12 -0700 (PDT)
Received: from fireball.acr.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kivinen@iki.fi) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 4V9bD432wtz49Q20; Fri, 5 Apr 2024 01:01:08 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1712268068; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wucXzylkkCfoUVvCjaEgIVryCHCpnXsByGFoTVEVu90=; b=ogt8h5ggkfDKzXbOKUFqzvKZX75apSYfnvJL9lmxiFLosAcFmREp8EjId84LVAYJm4Dfcw QWaOh7PeQI7ILTYlMn5ZpGkCv2mhUA9Btv32+j1jCYtUQHJym0tlhs5VRt3bHuIFTsNuyX vzQblrOQWSGtB3fYln+OAsn5+LEg0KauvAjvwAzvWLCK79dC130wqTCyqZ/VdY5og19fZf hxNMm5TfimHHmMHzbVwXy1bTMASap9My2Hpzf3j3Ng8Y2LKkLCwZG38N4EYKffLDcwTg/o i0G0ET3qhwKoQHO0UQllhyvitp2ojzvbnbCa3SyEnYCP39kbD9ARzBkFRhL8Pw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1712268068; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wucXzylkkCfoUVvCjaEgIVryCHCpnXsByGFoTVEVu90=; b=lyrbo1xTifX2v5aDzYKbAiAvvYI/+tn8Ay1D+6iXcJD3vouexKaUPX9VVLZIerAkRLmBsC +UVxK+Z4R5zlxKefnwYB/aiWKCo/snaMtGUe7HhLDv+ViKx4UbqvA0zNPZaPRfndjraVeo 8JrBDLoDUE+DX2nZy4yxmpzUMBCT1eA5x5jcOteK/hS2sx0vQ1Et7CRPCH4pppTmkPwRZT EKNrDzUbjm+0mzQbYIwgCLjyWGE7QZ2EsgxOaCoVkpFaRjk3NUVNdUAmY/DSucYSuBfmwd 4jFh4+n2o07BflktlA7JedyrUnMhFFYbWotet6T/PL2eu3+spuJAFsf6hJs12w==
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen@iki.fi smtp.mailfrom=kivinen@iki.fi
ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1712268068; a=rsa-sha256; cv=none; b=LS41ubEhOalOii91ByctWgJCncB1QH0PrAbMJxcwKRlcDcRfzffXBLmd4sSDxj2eN1oqu1 wHE+r35ho9jI9q1HnsEYeDAOTid8V3bqkVfUy+ys3eaEAmrkizJaYl1jupfKNXBqtQ3G5v 6U7DZ5iZfz1hroHLJUUCVxPlMp7Jlgpyq/2E622jAdk6oiMlLAosV6bGkEVdMVrNvvOrZb 1ke4FS3Ahe4Rad47/cUP5R3ARWtfHJdJg1v6zRamk/r9O+YQ+D7x5oTIXZ7WNbj7qHKIxz 9qBlEJ5Lpa1IPnPwjRV7JaFUjdYq8pF6b8VLVwtT4g8Pe73RBXfy5BB8/AGWKA==
Received: by fireball.acr.fi (Postfix, from userid 15204) id 3C8A625C131D; Fri, 5 Apr 2024 01:01:07 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Message-ID: <26127.8994.938000.853554@fireball.acr.fi>
Date: Fri, 05 Apr 2024 01:01:06 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: dmarc@ietf.org
In-Reply-To: <CAL0qLwZzfnDA=7bwCu26S1SJPEE3hBq929674hH6naKXWuyh5g@mail.gmail.com>
References: <CFEA2796-9213-4847-836B-81E8770973F5@bluepopcorn.net> <5208da1b-ecfb-4d41-8506-a734a27ab3a0@tana.it> <CAL0qLwbnSe77Wdt+M8bi2pBmZFCZjDUQc6je9bjCzP5TQ0N6XA@mail.gmail.com> <49859572-18a4-483b-bb99-62c1c231896e@tana.it> <CAL0qLwZc6idmMra11pVx2bbtk2Em9-vy6+962M7jDWOMnP+UHQ@mail.gmail.com> <1ee6df39-a622-4060-83db-bcc9a7a835d4@tana.it> <CAL0qLwYX_D7S_-Vn9RwwRzwyNO=8=3UVqbP8rz3SCWG4dvGZig@mail.gmail.com> <f5f55a39-127d-4a84-a66b-950379ecb013@tana.it> <CAL0qLwZzfnDA=7bwCu26S1SJPEE3hBq929674hH6naKXWuyh5g@mail.gmail.com>
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 14 min
X-Total-Time: 14 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/pRvRE6LvwERTVd4CBg-UHjMsQRA>
Subject: Re: [dmarc-ietf] Overall last-call comments on DMARC
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 22:01:18 -0000
Murray S. Kucherawy writes: > Some sort of contract or agreement between sender and receiver > seems to me to be unavoidable if we want to leverage ARC without > having a global domain reputation system. We don't have a > precise method to do that. We need to experiment and > standardize something to that extent, which I hope this WG can > do after publishing -bis. > > I know what "contract" means abstractly, but what does this actually > look like to someone that's looking for specific guidance? The text > you have here, by itself, is vague and I don't think many operators > will know what to do with it. For example Fastmail [1] includes per user account configuration that lists "Forwarding hosts", which affect how they do spam filtering and whether they trust ARC or not (they do have global trusted ARC list also). The M3AAWG forwarding whitepaper will propose that all mailbox providers should include similar setting, i.e., allow users to configure which hosts to trust for ARC. It was already pointed out that forwarding does not happen out of blue, there is always the user setting it up, i.e., joining the mailing list, providing the email address for alumni forwarding etc. When user does that it would also be easy for him to go to the account settings of whatever mailbox provider he uses and add that ARC host there. The mailbox provider could even detect that user is getting emails that are been forwarded and which have ARC headers, and they could even ask similar question they do now when you move mails away from spam folder, i.e., "Not spam", "This email has valid ARC signature for alumni.university.edu, have you configured this organization for forwarding emails to you, and if so do you trust this organization for doing mail authentication checks on behalf of us". What ARC really offers is that if there is ARC header from organization you trust, you can check the ARC-Authentication-Results and use them in addition to your own checks. If for example that header says SPF was pass, and you trust that domain, then you can trust that it properly did SPF checks and you can consider using ARC SPF pass as SPF pass for the email, even when it is now failing. I do not think there will ever be global trusted ARC signers list, as I do for example want to trust certain organizations / countries, and there is no point of me trusting for example microsoft.com ARC signatures, as there should not be forwarders in microsoft that should be forwarding emails to me. If there is ARC header signed by microsoft that header does not have any value for me, but will have some value for some other people. Simiarly I will trust iki.fi (non profit email forwarding service in Finland that will forward all emails I receive to my actual mailbox), but there is no point of you personally to trust iki.fi ARC signatures. Mailbox provides might want to trust iki.fi as one of our 30000 members might be using your services, thus adding iki.fi to trusted forwarders makes thins easier for iki.fi members. [1] https://www.fastmail.help/hc/en-us/articles/360060591413-Spam-filtering#forwarding -- kivinen@iki.fi
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- [dmarc-ietf] Overall last-call comments on DMARC Jim Fenton
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Standards Track? Yes or No. Douglas Foster
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… John R. Levine
- Re: [dmarc-ietf] Standards Track? Yes or No. Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… Douglas Foster
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Douglas Foster
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Dotzero
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Jim Fenton
- Re: [dmarc-ietf] Overall last-call comments on DM… Douglas Foster
- Re: [dmarc-ietf] Overall last-call comments on DM… Tero Kivinen
- Re: [dmarc-ietf] There is no pony, Overall last-c… John R. Levine
- Re: [dmarc-ietf] There is no pony, Overall last-c… Jim Fenton
- Re: [dmarc-ietf] There is no pony, Overall last-c… John R. Levine
- Re: [dmarc-ietf] There is no pony, Overall last-c… Hector Santos
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… Neil Anuskiewicz