Re: [dmarc-ietf] Issue submission - Mailing list security and potential solutions using DMARC
Joseph Brennan <brennan@columbia.edu> Tue, 15 September 2020 13:34 UTC
Return-Path: <jb51@columbia.edu>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07E313A0F95 for <dmarc@ietfa.amsl.com>; Tue, 15 Sep 2020 06:34:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.119
X-Spam-Level:
X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=columbia.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id su6rBH8ud6rP for <dmarc@ietfa.amsl.com>; Tue, 15 Sep 2020 06:34:26 -0700 (PDT)
Received: from mx0b-00364e01.pphosted.com (mx0b-00364e01.pphosted.com [148.163.139.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 689D03A0F93 for <dmarc@ietf.org>; Tue, 15 Sep 2020 06:34:26 -0700 (PDT)
Received: from pps.filterd (m0167076.ppops.net [127.0.0.1]) by mx0b-00364e01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08FDGHSq002508 for <dmarc@ietf.org>; Tue, 15 Sep 2020 09:34:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=mime-version : references : in-reply-to : from : date : message-id : subject : to : content-type; s=pps01; bh=29vLuTUWTUpgMkF2CeOy6ezg8rqVXK+WCtklXzC7pBQ=; b=hAq6jUB88FmVgyXaebyxKOB0e8BUp5/chwWzVoIFYzPSixmUuMOLevjT3KYpSC/kAoiZ jzobdiAkjkznM/ckui5fKnwNwivEQFUtQP9czexZAgxPWZ4mTlv9COvnTksZqzZQeSmU /DniZiiJ5hsw1sknjEPK1ZOEYePSjjFkSF65SGtDHiVoAMbZigK0qsa+qCniqVIsd928 lLuD+SdN/3qH8KBONcCetk1tYpzp8amCPsR7m8M4z6ULmS3RvBzx7Vu9PF/liY/pFSZI LPZp3JXFtqS5keHPhbKgsu+vIgEpIk+ohVtPZcUskRZGflNmoprXoRHl8AKJEJ1jNIOC eg==
Received: from sendprodmail11.cc.columbia.edu (sendprodmail11.cc.columbia.edu [128.59.72.19]) by mx0b-00364e01.pphosted.com with ESMTP id 33gqetj1et-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <dmarc@ietf.org>; Tue, 15 Sep 2020 09:34:25 -0400
Received: from mail-io1-f70.google.com (mail-io1-f70.google.com [209.85.166.70]) by sendprodmail11.cc.columbia.edu (8.14.4/8.14.4) with ESMTP id 08FDYN0E030930 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <dmarc@ietf.org>; Tue, 15 Sep 2020 09:34:24 -0400
Received: by mail-io1-f70.google.com with SMTP id b16so2189766iod.17 for <dmarc@ietf.org>; Tue, 15 Sep 2020 06:34:23 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=29vLuTUWTUpgMkF2CeOy6ezg8rqVXK+WCtklXzC7pBQ=; b=NDhyQOmdpmLwAHLc7xziiB3b9Mj8gxL/3v9buFdl/9FoQo1MLqkiQNWVu9RKL3xTIS +IyLb2jZ5+VHlJWdn6d0T5rD0r8RizSyGqYMvPXVx4IWA1JQApDq5rqjzyxhRVP95CWV CXh3HuzBn3g0Om19NsvVg/7c6jy38IHDwWbM+lrtg5/dEtBS42uNDQ03NdwYalt5BdcY UznZ+Bfb/hrZwnV1y9QyAAtfTOShnsbJ/fjIa/GbxOTahPURy4ER7OAvDJwc8Ssy5cQp zKwQVq6m/q8/AZ4Lri/IPD8WfCLRLEuYekRKH7EoLIejH4mvYai9Wj/DzzmHLVgFjBHg jC6w==
X-Gm-Message-State: AOAM532CKywTSgAK1Yzq4HlF0IJUJWhstw0xV8QuQGPjCK3JwLn7aCJc BQTRjKKLZiqrBXB/JvuUWuX3UgF2CBtPKrGAnVPGi/AG7F6qzXJF+9AtJiNLCN8OpgX/djZZ1gT 2yCD6gwr96kA/usHyHwY0RfM+1fczBA==
X-Received: by 2002:a6b:610d:: with SMTP id v13mr15089089iob.189.1600176863206; Tue, 15 Sep 2020 06:34:23 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzoUuy9Z3B7iKwxfHo6B5h8al8KXi1THpw7EMw/5C8cpX7tB6cKs3jgcrZwIN12N1dLMCBeAjk0zWZ3cEE2m9Y=
X-Received: by 2002:a6b:610d:: with SMTP id v13mr15089074iob.189.1600176862856; Tue, 15 Sep 2020 06:34:22 -0700 (PDT)
MIME-Version: 1.0
References: <CAL0qLwZEDNT+LZDMrzecSuTD794jn0CoXRA5FG=rk6QJXO5Hyg@mail.gmail.com> <20200913025842.1BBDD208C94C@ary.qy>
In-Reply-To: <20200913025842.1BBDD208C94C@ary.qy>
From: Joseph Brennan <brennan@columbia.edu>
Date: Tue, 15 Sep 2020 09:34:11 -0400
Message-ID: <CAMSGcLDKRMbJ_30jZdKE_6hkKaktwBxU6_E=E=bnK2_CKMNEXw@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: text/plain; charset="UTF-8"
X-CU-OB: Yes
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-15_08:2020-09-15, 2020-09-15 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/qtLgXxjPAZAqbb5YZxLmjsDX9og>
Subject: Re: [dmarc-ietf] Issue submission - Mailing list security and potential solutions using DMARC
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2020 13:34:28 -0000
It must be unusual for an authentication protocol to specify in the RFC how to work around its own authentication mechanism. "Domain administrators must not apply dmarc authentication to domains from which end users send mail that may be re-sent via lists or automatic forwarding." -- done. Then dmarc will be simple and reliable, and bank statements and similar messages are protected as intended. Building in a standard workaround significantly weakens the whole concept, doesn't it? -- Joseph Brennan Lead, Email and Systems Applications Columbia University Information Technology
- [dmarc-ietf] Issue submission - Mailing list secu… Douglas E. Foster
- Re: [dmarc-ietf] Issue submission - Mailing list … Alessandro Vesely
- Re: [dmarc-ietf] Issue submission - Mailing list … Dotzero
- Re: [dmarc-ietf] Issue submission - Mailing list … Douglas E. Foster
- Re: [dmarc-ietf] Issue submission - Mailing list … Murray S. Kucherawy
- Re: [dmarc-ietf] Issue submission - Mailing list … Murray S. Kucherawy
- Re: [dmarc-ietf] Issue submission - Mailing list … John Levine
- Re: [dmarc-ietf] Issue submission - Mailing list … Joseph Brennan
- Re: [dmarc-ietf] Issue submission - Mailing list … John Levine
- Re: [dmarc-ietf] Issue submission - Mailing list … Joseph Brennan
- Re: [dmarc-ietf] Issue submission - Mailing list … Alessandro Vesely
- Re: [dmarc-ietf] Issue submission - Mailing list … Dotzero
- Re: [dmarc-ietf] Issue submission - Mailing list … Joseph Brennan
- Re: [dmarc-ietf] Issue submission - Mailing list … Doug Foster
- Re: [dmarc-ietf] Issue submission - Mailing list … Alessandro Vesely