IETF Logo Mail Archive

Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows

Jesse Thompson <zjt@fastmail.com> Fri, 28 April 2023 02:27 UTC

Return-Path: <zjt@fastmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 276D7C151B1C for <dmarc@ietfa.amsl.com>; Thu, 27 Apr 2023 19:27:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.com header.b="dkhAd3jZ"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="RzJ8bNZZ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hwG7RvOG7bkK for <dmarc@ietfa.amsl.com>; Thu, 27 Apr 2023 19:27:22 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7219DC151982 for <dmarc@ietf.org>; Thu, 27 Apr 2023 19:27:22 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 6DF6F3200937 for <dmarc@ietf.org>; Thu, 27 Apr 2023 22:27:21 -0400 (EDT)
Received: from imap42 ([10.202.2.92]) by compute1.internal (MEProxy); Thu, 27 Apr 2023 22:27:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm3; t=1682648841; x=1682735241; bh=dX qGmdKZF4PCqRBvOh4XxAu9fU7J56q22SuRGLcTHtc=; b=dkhAd3jZS1nEpIJscf 2tplQk9O8guHyExotZd/8EAacHpOb+7p4r/mJjEpFujwI3k7biVMur4m2nUAe3dl S/2hQhLU93UziOg6v68Sq6BOfsp10Rcx8A6Mhwe9w7Fg27QUFgoA69GbVC1HpsJp 4buiAcofHXmBjaztqOq06eWQRJb+H1+VZ5qTWxAhJklcAHYsB+/x1BNhJXkqt2C7 GjWqFx89CuYYFYRuLnsFak+inP7bSCsrAMY5FZPOXBiun3ciJKlK7evyLvIEn+eb gizubL3I3MwLXqRak9fugr6UHE3UlSUuRMA3mqqu/SPw4PZd1T+o5viyS6/CSPoq cfnQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1682648841; x=1682735241; bh=dXqGmdKZF4PCq RBvOh4XxAu9fU7J56q22SuRGLcTHtc=; b=RzJ8bNZZpcKgnBswHV/mLyi9+1V8j cn2sc9hWL3fAxWxkt23S2284GjY5nMzMG/lIpmYjEA9SoR6tF0Bo4PfOeF5AJNQ4 V2J5hHN0x19+gYzeea/iYgwL0O+tSFXpOZIQwcbKM3kq28IU7TL2jOvvLw+O1O64 DvOE+CM+vAtzjqqPX3bCTX63azbj5iZpqG6UsqurzfAD129u05GpEezxLD2qfN89 c6hbJz5c7IO0duiaFjRL7rP8yi1D+UOtJy5e0wOGantOwWrV2Z0y/RsIzf8wQGIO 4uesFsEm1DodLQ59hBIWBUqyI46MxaQiTzAgBtOISB+fBiaG9z5GAFK6A==
X-ME-Sender: <xms:CC9LZCdMBFt5CPRQYkQzI-QVf48rwtSrlrw0AO-G4mFXOdEpUOqDVA> <xme:CC9LZMOSKesctvJh6cPPA6FWSw9qmq-6MuKP3WQLVWs20CpUVHzJLRQOT_kydnyBu QJoYELEtHy9uNRI76U>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfedujedgieduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsegrtd erreerredtnecuhfhrohhmpedflfgvshhsvgcuvfhhohhmphhsohhnfdcuoeiijhhtsehf rghsthhmrghilhdrtghomheqnecuggftrfgrthhtvghrnhepveeufeekiefhkeeuffehke efleffuedtgfekleeilefhvdfgteeukeefffeuhfdtnecuffhomhgrihhnpegvgigrmhhp lhgvrdhorhhgpdhlihhsthhmrghilhdqvgigrghmphhlvgdrohhrghenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpeiijhhtsehfrghsthhmrghi lhdrtghomh
X-ME-Proxy: <xmx:CC9LZDgHs9fTxlDN5AoWP4HmntkSVUHufUXkkvoKXOUcz5FuamZ4QA> <xmx:CC9LZP_OOSyNneMdqMTe_HHz5qXJfPf89z7vaL85yp0EYYSZ5iEu0g> <xmx:CC9LZOsA7vVvQqfyPPMxMMoicIzArvvVcxxOWxz2M5J-3j-7vQUYNw> <xmx:CS9LZM50zS0MC8qpV8gomNRFxJ59f68dNMZkgQ_NCR3DOKNWScvL3g>
Feedback-ID: i1a614672:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id D4784BC007C; Thu, 27 Apr 2023 22:27:20 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-374-g72c94f7a42-fm-20230417.001-g72c94f7a
Mime-Version: 1.0
Message-Id: <8fdcf7ce-f154-4a2a-80b8-12a6e53f4aa7@app.fastmail.com>
In-Reply-To: <MN2PR11MB43511D3478D3682AABD35969F76A9@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <20230426160609.8532BC586620@ary.qy> <B08C7AD1-B14B-43FC-BE85-DFBD5282A8DB@bluepopcorn.net> <BF125E76-EAEF-468B-93F2-3318736F932F@kitterman.com> <MN2PR11MB43511D3478D3682AABD35969F76A9@MN2PR11MB4351.namprd11.prod.outlook.com>
Date: Thu, 27 Apr 2023 21:25:57 -0500
From: Jesse Thompson <zjt@fastmail.com>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="0691ad4fa68d41a8aef2fc906d3a5f5f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/qDAvBZ6ZhnjklT_VqSq_3mQitBQ>
Subject: Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Apr 2023 02:27:27 -0000

On Thu, Apr 27, 2023, at 9:30 AM, Brotman, Alex wrote:
> Attempt to make it a tad more concise (I think), altering some of the language:
> 
> ---------------------
> There can be inherent damage to the ability to use certain SMTP-based systems in conjunction with a policy of quarantine or reject.  These could include, though are not limited to, mailing lists, forwarding services, and other types of indirect mail flows.  Especially in situations where the sending domain is SPF-only, or the intermediary is known to alter messages.  If the users of the domain may utilize these types of systems, the domain administrator MUST NOT deploy a policy of quarantine or reject without serious considerations to the impact to interoperability.  These considerations will be informed by careful analysis of DMARC aggregate reports prior to deploying such a policy.  Some third-party systems may be willing to create a workaround for these situations, though it cannot be guaranteed.  Domain owners MAY choose to create a sub-domain (listmail.example.org) or cousin domain (listmail-example.org) which uses a different policy for users wishing to utilize those services.
> ---------------------

I like this, and it gives room for best common practices to evolve that don't necessarily conflict.

s/
    Especially in situations where the sending domain is SPF-only, or the intermediary is known to alter messages.  If the users of the domain may utilize these types of systems, the domain administrator MUST NOT deploy
/
    For situations where the sending domain is not DKIM signing all of its traffic in an aligned fashion or there is legitimate use of an intermediary known to alter messages, the domain administrator MUST NOT deploy
/x

Jesse

v2.23.0 | Report a Bug | By Email