IETF Logo Mail Archive

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

John Levine <johnl@taugh.com> Sun, 09 April 2023 14:07 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32761C1516E0 for <dmarc@ietfa.amsl.com>; Sun, 9 Apr 2023 07:07:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.148
X-Spam-Level:
X-Spam-Status: No, score=-4.148 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="QITOuu96"; dkim=pass (2048-bit key) header.d=taugh.com header.b="rO5+q18+"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id abYveeLw0amz for <dmarc@ietfa.amsl.com>; Sun, 9 Apr 2023 07:07:31 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67CF7C15155C for <dmarc@ietf.org>; Sun, 9 Apr 2023 07:07:31 -0700 (PDT)
Received: (qmail 29294 invoked from network); 9 Apr 2023 14:07:30 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=7269.6432c6a2.k2304; bh=n6hmgGWYzEvrvI4+kCrlZu0uZJEGQsMx1i1qEj/e+wY=; b=QITOuu9632X6r37afZLYljGUc2fl9QHF/hhu92gazRRvQvMGRmR+5I2O0KiIt+uKrVUuO5KxfGC9tJA1qAk1dS69iKqE8yyK9Qn1xds18mez+urwGGKnNRLHtBr8Kp63r46q/0x+NKGDVKCUfC8R2/GpgMaYTyhgFJGTAQHDwJYmRhuO5pb71/dtkHVDm6yvYqnbfHP0SZTxSAYoBp5OYhJk+77oALBFaGgsuVQkAePMmtAPIEKchssx+iFcMt1fW0ayKMWozkwpVAtQas+tsonR1FRVgpvapY4Q0TjAN2T4OmVXVKB90S/q4HCcsj7K0Fmfg4/iSh5N/xsLnfe33Q==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=7269.6432c6a2.k2304; bh=n6hmgGWYzEvrvI4+kCrlZu0uZJEGQsMx1i1qEj/e+wY=; b=rO5+q18+Levny6t2jkfB6HYrtoo1JmYhb9xfR/WJNqkt9XQm5MOv9u8WlSj8v5WRsjCSF5gSGYTEfLgE3894vspTwdEo21FGv7/53OmLXowlhvATl+Fts9JJ6jRcUNZHWESEiI6rXAbzKeJSq1TfyhjIkCtrybPWXb9DwyarFfUIkOPUg1ROGlBIaIdsvxwlwidJYgkE88nOXoqBf03Kx8doE0XW9FVHpEmowS1aSrnRqHKzDNSZSjrbvL5w6vM2yD9EZaRPC0WXvW6MkW4NoHG1rTxbE2pWt3nKS/aWcJlZDYjY1fTCtm6rkKQnUP4XfzXLWK457OxrapeiHgxg+w==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 09 Apr 2023 14:07:29 -0000
Received: by ary.qy (Postfix, from userid 501) id 30283BE112B3; Sun, 9 Apr 2023 09:55:29 -0400 (EDT)
Date: Sun, 09 Apr 2023 09:55:29 -0400
Message-Id: <20230409140729.30283BE112B3@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: mail@wander.science
In-Reply-To: <637bb40a-7dd6-dc43-32b4-de9d1c7a06b9@wander.science>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/qMVcJ1Ax3N4VSQIZ_tTCtafowzY>
Subject: Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Apr 2023 14:07:36 -0000

It appears that Matthäus Wander <mail@wander.science> said:
>Earlier in the discussion, the term high-value domain has been used 
>(along with transactional email domain) in opposition to domain for 
>general-purpose email. ...

"High value" isn't a useful metric here. yahoo.com is a very valuable
domain, but they still shouldn't be using a reject policy. The useful
distinction is mail from people rather than mail from machines,
whether the latter is transactions or bulk.

Keep in mind that DMARC policies cause damage to transactional mail,
too. If a sender only validates with SPF (still common because it's
cheap) and a recipient uses a forwarding address, transactional mail
will get lost. A while back I talked to some people who worked at
Paypal who told me of course they were aware of that, but for their
purposes and given what a phish target they are, they felt the
benefits were worth it. 

When someone sets a DMARC policy for mail from people, it's hard to
think of a time when they asked at wll whether that was what the
people wanted. Or if they did, they asked something like "do you want
your mail to be more secure?" which misses the point.

R's,
John

PS: I can make anyone's mail 100% secure by unplugging your mail
server but I'm pretty sure that's not what you want.

v2.23.0 | Report a Bug | By Email