IETF Logo Mail Archive

Re: [dmarc-ietf] Two basic Issues to address to help complete DMARCbis

Hector Santos <hsantos@isdg.net> Mon, 24 April 2023 13:41 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D4EFC152D8E for <dmarc@ietfa.amsl.com>; Mon, 24 Apr 2023 06:41:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SbAt84YQdwZN for <dmarc@ietfa.amsl.com>; Mon, 24 Apr 2023 06:41:33 -0700 (PDT)
Received: from mail.winserver.com (mail.winserver.com [3.137.120.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E9B1C152D8C for <dmarc@ietf.org>; Mon, 24 Apr 2023 06:41:33 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha256; c=simple/relaxed; l=2301; t=1682343691; atps=ietf.org; atpsh=sha1; h=Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=Rj0kgWzS8s3DlYDhlQMRU/fVViSpYNKXwOP/ilevdDU=; b=YOuO yvx5ulWxINiK7fI98F/KnYiiQb6Zsf6eqMdl/bGX1NzSULUEyTDDaPeamyZUXptH tBRVNOntEfrWZb2ugCts3P/1inEkYBain3+OPYDvrgTMAhb+WLPvkt2+3s3BZQl8 lXpPbA5wUk4x7B5Q6Oz5SaRUA6Xf4iPYQtqI9YA=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.13) for dmarc@ietf.org; Mon, 24 Apr 2023 09:41:31 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by winserver.com (Wildcat! SMTP v8.0.454.13) with ESMTP id 2736473363.1.8508; Mon, 24 Apr 2023 09:41:30 -0400
Message-ID: <6446870B.5080003@isdg.net>
Date: Mon, 24 Apr 2023 09:41:31 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dmarc@ietf.org
References: <0abf9711-ca1c-bfcf-afb2-15e16b9de149@tana.it> <20230420153727.DB568C106CE9@ary.qy> <CAJ4XoYeyoOYeXW1QN+yeMbxt4SF7Kn2Xi=FP7VmX4MhKiDi9hQ@mail.gmail.com> <C3D9E708-EDC7-43BC-AE5E-DF4FFAECCC2B@kitterman.com> <7e2ae4c0-6ebf-4539-55b9-e5d85765a024@tana.it> <185759A8-10CD-40F8-89C8-FE774B077F52@kitterman.com> <a31a3a91-1fe1-40b0-ae4c-0e76520e722c@tana.it> <644568C6.4000407@isdg.net> <bc4f7f74-2753-fa0b-b866-a0b45968345a@tana.it>
In-Reply-To: <bc4f7f74-2753-fa0b-b866-a0b45968345a@tana.it>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/s9TKiTO6jOmr0hkSahv0e009DYM>
Subject: Re: [dmarc-ietf] Two basic Issues to address to help complete DMARCbis
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Apr 2023 13:41:37 -0000

On 4/24/2023 7:22 AM, Alessandro Vesely wrote:
> On Sun 23/Apr/2023 19:20:06 +0200 Hector Santos wrote:
>> On 4/23/2023 6:10 AM, Alessandro Vesely wrote:
>>>
>>> Meanwhile, digressions about ATPS and similar schemes can help 
>>> casting some light on future evolution.  From: rewriting cannot be 
>>> the final solution; it is a temporary hack. Digressions don't slow 
>>> down the publication, as discussions about actual text quickly 
>>> prevail.  They are just a mean to help convergence toward a common 
>>> vision of the future.
>>
>> With each year, that "temporary hack" becomes the new normal and it 
>> will be harder to clean up. It is not the right way and I don't  
>> its too late to reverse.  However, it has been 17 years and 
>> DMARCbis is not finished without some clean up in this area.
>>
>> First, Section 4.4.3 should have text on using extended tag methods 
>> to provide 3rd party authorization methods.  Just add the RFC 6541 
>> abstract or version of it:
>
>
> Proposing to add text to DMARCbis about 3rd party auth is not a 
> digression.  We cannot solve the problem before publishing 
> DMARCbis.  The text to add to DMARCbis can mention that From: 
> rewriting will fade out, but cannot say how. (This is not a rule, 
> just a scheduling requirement.)

This suggestion is helpful, thanks.

I believe the time is now during this drafting.  I rather not punt. I 
don't wish to wait another 5-10 years to address this again.

DMARCbis should be the string board to finally solidity the potential 
DMARC add-on market to deal with the long time loopholes. The 
conceptual solutions are well known and there are both DNS and non-DNS 
proposals to explore.  It can reference the efforts and explain why 
ESPs may not be able to use it for outbound mail, but may be able to 
support it for verification of inbound mail.  It clearly scales for 
verification.  Why not help with inbound security even if they can't 
use it from themselves?   We are helping yahoo.com and others p=reject 
domains and I hope they are helping senders with their receivers.  
Even if the ESP has no policy or p=none, it can still do an 
verification ATPS check when the author and signer domains do not 
match.  How hard is that?

Any proposed text should cover these main points.

--
HLS

v2.23.0 | Report a Bug | By Email