Re: [dmarc-ietf] Fwd: Priming the Pump for Discussion - Ratchets
Douglas Foster <dougfoster.emailstandards@gmail.com> Wed, 21 July 2021 11:03 UTC
Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D921F3A10D7 for <dmarc@ietfa.amsl.com>; Wed, 21 Jul 2021 04:03:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 36f41GaZO7ek for <dmarc@ietfa.amsl.com>; Wed, 21 Jul 2021 04:03:35 -0700 (PDT)
Received: from mail-oi1-x22b.google.com (mail-oi1-x22b.google.com [IPv6:2607:f8b0:4864:20::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5A7B3A10D6 for <dmarc@ietf.org>; Wed, 21 Jul 2021 04:03:29 -0700 (PDT)
Received: by mail-oi1-x22b.google.com with SMTP id t6so2508688oic.0 for <dmarc@ietf.org>; Wed, 21 Jul 2021 04:03:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZvPy9LABIg82zesNDjRbHtDKaU+/eWvd3e5MyY+pdVE=; b=dwN0Xxp0rJH/EOLkm9G9LfMGKFSogdWQfEY949LSIbKG2K9npEK/8xar0qmWzZmDjB Ug/oHNhM5lsIVDJKIxgMphe3w53a+mrgXfgSJSjqJo6SxGcihgyHGsuaGoiOwgHUHt9B f9E7TXb8tyEUDAoQY4NsOhxlaSm62P9B8Y1GCAw5CDpFJDQISaeJkkHBiUltA6kvI2qc dc4S0hSlsvo+ekfH5sK9nZSdl1l8CU10YR6ytbb4coK/vgUHqYgPgXo8O/FgdQkamNAb ngOJAusx5iu1Hj2eWOFhjysJzHT05TyfzXaYeGsYaCluxdzF3c5XuFRDB31+4ojIU8oY JsrQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZvPy9LABIg82zesNDjRbHtDKaU+/eWvd3e5MyY+pdVE=; b=d07DXhVzgTqPTh/hV6Fm9E6qxvjXnsO/uNKCVClOUFr8O3zwG9rF2H201pylQpJVvB dLvUkvaXj4Q4bRQ5CML72INkKWQChRv1LYGIl08SKX/t5tUUEgrMETI+7M4HV7uCsvKH L74WtKU96SQQ26NhhOQsgTrd38rfZfkD6g/lqc+DzqLY7vUPr9p420nkyO8WDxIlfK44 AdYTdA48dZ0En7vomzdCb5zCGZX8vtPtKBoZc9kfeG53rvtQWPWfXPzFa59m9X1NgKxx l9d7wj0VbaggpzoaFihxHGbvUsv1Yo7VadgxJjip5XMawH783uxQBa8bTOWsKMrXhKMv Wg3g==
X-Gm-Message-State: AOAM531PYaKSng/exOAepqpSoajKf16p2iRJhKf6h2I9XyoGOTnmDcBn j4jEFlR1LGipOzIJGkWdTGvW3MzAZdfWeiOfDts=
X-Google-Smtp-Source: ABdhPJzNlLIWTS4CXgGwLifHJxRrjgUDbXhbJDC7ZVVcr+jM+TuQuuAiPdHd1EjPvhZvdMkLeNJWTfVvmDyg/PvwVR4=
X-Received: by 2002:aca:af14:: with SMTP id y20mr2158217oie.73.1626865406878; Wed, 21 Jul 2021 04:03:26 -0700 (PDT)
MIME-Version: 1.0
References: <CAHej_8=yvgXP2WgHayhGU2Hg2E0RcNgZBFjfw1cM-qKWkTG-+w@mail.gmail.com> <d80b0a14-0f4d-8266-8d42-8d9a6b02413d@tana.it> <CAH48ZfyLvECR_nwLmw6R6RnE4EZa8g_i7MJaF32d2qk4RBCKRA@mail.gmail.com> <1E1F7937-AFEC-4F5A-8A5A-229A99C94E8B@bluepopcorn.net> <CAH48ZfyTm1PSANTUmnqOy3aeiW4JHGbTsQ-m9xtSW9zFaCUZQA@mail.gmail.com> <CAH48ZfzEWaFPUG4Gfc2ckpyUEq-8L9kEZZv+LwqJcW88=0y6=w@mail.gmail.com> <CALaySJJ2ZFML2neecfgAhvfk_1EuMNGw6DwchLmmWWpbDJC+Zw@mail.gmail.com>
In-Reply-To: <CALaySJJ2ZFML2neecfgAhvfk_1EuMNGw6DwchLmmWWpbDJC+Zw@mail.gmail.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Wed, 21 Jul 2021 07:03:16 -0400
Message-ID: <CAH48ZfxELhp+fHujdZzDADGz4MNoWsJLB7cU1d1cW065Xu8YBQ@mail.gmail.com>
To: Barry Leiba <barryleiba@computer.org>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000aca69d05c7a01e59"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/tu0r-Tm9mskc9u8oA77u51-QqMk>
Subject: Re: [dmarc-ietf] Fwd: Priming the Pump for Discussion - Ratchets
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jul 2021 11:03:37 -0000
Barry's comment: I don't agree with the characterization of the second group. I would say that we are partitioning messages into these two groups: - Those for which we can confirm that they originated in the domain they say they did. - Those for which we can not confirm that. When we use P=REJECT, we assert that anything which cannot be confirmed is unacceptable. That makes for two pretty disjoint groups. If Authentication is only to be used to validate a whitelisting decision, then a one-sided test would be sufficient. In practice, the primary use for DMARCv1 is to block messages, and much of our discussion has been around the unwanted disposition that this places on mailing lists. DKIM treats an invalid signature as non-existent. It also treats a DKIM signature as fully optional. DMARCv1 changes the rules to gather more usable information from the message. DMARCv1 with P=REJECT says that a message which lacks authentication is unacceptable, and since any message might be forwarded, it has effectively made DKIM non-optional.. So we have already modified the interpretation of DKIM. I have observed that IF the domain owner indicates that all messages originate with DKIM signatures, then the presence of a signature is no longer optional at the evaluation point. As I have said previously, this provides a valid basis for partitioning messages between verified, ambiguous, and repudiated. If you accept the premise that mailing list messages should not always be repudiated, then nothing we have done up to this point has provided a reliable way to repudiate. I am saying that this is a problem that we can fix. Upward Compatibility Yes, I have gone radical, and I am no longer willing to be limited by the design limitations of DMARCv1. While DMARCv1 was apparently a great success for PayPal, I perceive it as a failure when implemented generally: · DMARCv1 has a significant problem with mailing lists, and the mailing list interest has been well represented in this group. Until my proposal, the mailing list problem remained poorly addressed, even with ARC. · DMARCv1 has poor implementation support. I remember someone presenting a statistic to this group that only 6% of DMARC policies are enforceable (p=reject or quarantine). If this is even close to correct, after 10 years of DMARCv1, it suggests a significant failure to capture the affection of domain owners. · DMARCv1 has poor product support. Many lower-end email filtering products do not implement DMARC at all, which is not terribly surprising. But several high-end solutions implement DMARC enforcement within their filter for incoming mail, while implementing DMARC violations within their secure webmail product for outbound mail. In-between these extremes are some products that implement DMARC without adequate exception methods, so the first false positive will require the feature to be disabled. I am no longer prepared to put window dressing on DMARCv1. We need DMARCbis to have a better design.
- [dmarc-ietf] Priming the Pump for Discussion - Ra… Todd Herr
- Re: [dmarc-ietf] Priming the Pump for Discussion … Dilyan Palauzov
- Re: [dmarc-ietf] Priming the Pump for Discussion … Alessandro Vesely
- Re: [dmarc-ietf] Priming the Pump for Discussion … John Levine
- Re: [dmarc-ietf] Priming the Pump for Discussion … Douglas Foster
- Re: [dmarc-ietf] Priming the Pump for Discussion … Douglas Foster
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Douglas Foster
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Todd Herr
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Douglas Foster
- Re: [dmarc-ietf] Priming the Pump for Discussion … Steven M Jones
- Re: [dmarc-ietf] Priming the Pump for Discussion … John Levine
- Re: [dmarc-ietf] Priming the Pump for Discussion … Douglas Foster
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Alessandro Vesely
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Todd Herr
- Re: [dmarc-ietf] Priming the Pump for Discussion … Jim Fenton
- Re: [dmarc-ietf] Priming the Pump for Discussion … Jim Fenton
- [dmarc-ietf] Fwd: Priming the Pump for Discussion… Douglas Foster
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Alessandro Vesely
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Douglas Foster
- Re: [dmarc-ietf] Fwd: Priming the Pump for Discus… Barry Leiba
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Barry Leiba
- Re: [dmarc-ietf] Fwd: Priming the Pump for Discus… Dave Crocker
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dave Crocker
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dotzero
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Benny Pedersen
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Barry Leiba
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dotzero
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 John Levine
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Barry Leiba
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dave Crocker
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 John Levine
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dave Crocker
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 tjw ietf
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 John Levine
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Laura Atkins
- Re: [dmarc-ietf] Fwd: Priming the Pump for Discus… Douglas Foster
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Steve Siirila
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 John Levine
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dave Crocker
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Alessandro Vesely
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Laura Atkins
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Laura Atkins
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Alessandro Vesely
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Matthäus Wander
- Re: [dmarc-ietf] Fwd: Priming the Pump for Discus… Barry Leiba
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Alessandro Vesely
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 John Levine
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Дилян Палаузов
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Alessandro Vesely
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… John R Levine
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Alessandro Vesely
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Benny Pedersen
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Alessandro Vesely
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Douglas Foster
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Alessandro Vesely
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… John Levine