IETF Logo Mail Archive

Re: [dmarc-ietf] THIS IS ABUSE (it might be)

John R Levine <johnl@taugh.com> Thu, 13 April 2023 00:19 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A48D7C151711 for <dmarc@ietfa.amsl.com>; Wed, 12 Apr 2023 17:19:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="eXBEsibe"; dkim=pass (2048-bit key) header.d=taugh.com header.b="tcb3GcCP"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nw2UyzItAnQ4 for <dmarc@ietfa.amsl.com>; Wed, 12 Apr 2023 17:19:39 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A26FC14CE33 for <dmarc@ietf.org>; Wed, 12 Apr 2023 17:19:39 -0700 (PDT)
Received: (qmail 80360 invoked from network); 13 Apr 2023 00:19:36 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=139e6.64374a98.k2304; bh=eOiRE9+75pKtnA9Aq5JbZSBTOt6JkqZn95VnVulMxPg=; b=eXBEsibeHrOvnegYL5J3M/0x2ifVje+CeNapDp87nV8ym3t71eKOB8W5/YGzN/sM1zhcBwDdTs39A9JAqsTIpGeTtZ8R2y66dGNkIencHMJ3bDifw7maApAEKQE9a3OL6yqtnfBN/qfQIEL3Xo41S8Dswa8GtTR3s87uqNeEcXNLzAeRCkbklmHhvWWoFx2aky4LX7BNPJKsVuP8jWXomG0ls4EwRa2ndTOm0np9P3R117i8RTS6kZBs6XdrKzQMPD1NhsUBcxHDL8+vAGpr7nD13v8UDB8qrzrMbtZqtfyrPyItGi7eCc30qsO4vajl+y2SHYYkQE1NXY9hUJ46ew==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=139e6.64374a98.k2304; bh=eOiRE9+75pKtnA9Aq5JbZSBTOt6JkqZn95VnVulMxPg=; b=tcb3GcCPn93jtSSvfNIgrXJBNA2cRMJvPpwKF2Xr4A33wwyNmuwgkrKgfjtsHw3HNUQTgKMm10fWWFnyREK/aWPA4XioQijMIRBcAoeOARN0F3+zTYNmLN07ynSRseUIhwQRshnRcI5hGushSJ1jJRDiChNaluNuZKmLy7giOivx80rCI0dKN4/48mtVz5AvSGkdxAGqUFZMZ55pggL8Uen2lOmj3yQcP1OZevSUpuwJvloGgmICPgK3p4XpzOEkWOLXsYTLnkqaGxCmjz7+ynVWrj5FFYjYU6Nx7BKYP2PHI2woiwc5gRYhoJzPXU++AID5wUE6BU+82N+j/bUFcA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 13 Apr 2023 00:19:36 -0000
Received: by ary.qy (Postfix, from userid 501) id 711B1BF12432; Wed, 12 Apr 2023 20:19:34 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id BFFB4BF12414; Wed, 12 Apr 2023 20:19:34 -0400 (EDT)
Date: Wed, 12 Apr 2023 20:19:34 -0400
Message-ID: <d70636a8-8cf0-5649-a22a-36b413072c23@taugh.com>
From: John R Levine <johnl@taugh.com>
To: "Eric D. Williams" <eric@infobro.com>
Cc: dmarc@ietf.org
X-X-Sender: johnl@ary.qy
In-Reply-To: <CAKMzGW6f+Um05GHqCh9439ha2eVTTATUOQxWjes=bQrJ0-H8ag@mail.gmail.com>
References: <20230408135930.B1F69BC829D7@ary.qy> <74f52cb3-e5fe-a78f-97c5-7b0cd53f1216@tana.it> <dc83751e-0a52-c9e2-fa9b-082ceea8c7f5@taugh.com> <CAKMzGW6f+Um05GHqCh9439ha2eVTTATUOQxWjes=bQrJ0-H8ag@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/svDDalBzDrqMRiwvh-TUQJ3aMAY>
Subject: Re: [dmarc-ietf] THIS IS ABUSE (it might be)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Apr 2023 00:19:44 -0000

On Wed, 12 Apr 2023, Eric D. Williams wrote:
>>>> No, it's a DMARC problem. DKIM didn't cause any problems for mailing
>> lists ...

> mailing lists the real answer is ARC not DMARC, that's what I'm saying. It's
> a failure with DKIM signature invalidation as a result of relaying via
> mailing lists.

My mailing lists put their own DKIM signature on the outgoing mail, and 
the DKIN spec says to ignore signatures that don't validate, so as far as 
DKIM is concerned, that mail is fully authenticated.  As RFC 6376 says:

       INFORMATIVE RATIONALE: The signing identity specified by a DKIM
       signature is not required to match an address in any particular
       header field because of the broad methods of interpretation by
       recipient mail systems, including MUAs.

It's only DMARC that adds a new and in this case unfortunate rule that 
requires a DKIM signature that matches the domain in the From header.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email