Re: [dmarc-ietf] ARC vs reject

John Levine <johnl@taugh.com> Sat, 05 December 2020 22:02 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 176B33A0DDF for <dmarc@ietfa.amsl.com>; Sat, 5 Dec 2020 14:02:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.851
X-Spam-Level:
X-Spam-Status: No, score=-1.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=rLd980Ho; dkim=pass (2048-bit key) header.d=taugh.com header.b=m6YFWYUd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1jo-n56d_Dtg for <dmarc@ietfa.amsl.com>; Sat, 5 Dec 2020 14:02:38 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E47663A0DDB for <dmarc@ietf.org>; Sat, 5 Dec 2020 14:02:37 -0800 (PST)
Received: (qmail 86268 invoked from network); 5 Dec 2020 22:02:33 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=150fa.5fcc0379.k2012; bh=XJGRQIZi/6Sv1eYpxND6tzyjno4BK3Zs+l53sfinxWs=; b=rLd980HoTLDIo6lZDTeJJYXuu/R0oOB7D+exM5bzhNIC/KKF4YPe5CKolH3zJsyZglYhd7MTjEN+CUuTpElOmtLI38eSAwNlC1khkfJQRM5z0C3OTwM9FDrLDKAaBqrWk7sTuOhI6fggGFoS1H6SGKZvRV4ayPO6SpUmN/SSqkZyn8mNO7cHN7wyTNeqHWSrG9BwO4t6CGZGQoLywY/kF/FmKnoBr/qWrKT55YEeQ2SQvGXODLKiKz8Sq8JBe0yCPs4Sz+NFqY7f0W1jO6g+s7zrSksOyHCmfq7pi1Jc8qJrSuGy0Tau+TisY7C9ggi3L2q9rtLDnxnwU0JIaP67mg==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=150fa.5fcc0379.k2012; bh=XJGRQIZi/6Sv1eYpxND6tzyjno4BK3Zs+l53sfinxWs=; b=m6YFWYUdhB2YpzPzqf0JcOQc6zIhQK9sazNQbzuWLCUha82jaWpuhgA9hDOlpDlsnJsgr1/qT24/lwKNt7NudRF5nvPaxvFH7YEyUsEsuuRVNQ5YQ5dG21qNXPoPlEcm14G0sofUjU11xL9+Hhd1Mh8dQEYfG03NWwvnxkFPNd0iBhsET5+E0zJdWyb4ujUWpIGfw89U5XA5+CGzmLnGfkoIstzq4d+WykNv2SDiNkuhVu97vE8rxrRhJqlXgnTw5w1Tqz+v1B8AYffF444SmMsKGtu4jVuK2oDl7vQ9EAPsFrr5VodWip4wxYmoC5Ba1zKiNG8ZEh+U9fOEahtX4A==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 05 Dec 2020 22:02:33 -0000
Received: by ary.qy (Postfix, from userid 501) id 18DCA2904B56; Sat, 5 Dec 2020 17:02:32 -0500 (EST)
Date: 5 Dec 2020 17:02:32 -0500
Message-Id: <20201205220233.18DCA2904B56@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: mike@mtcc.com
In-Reply-To: <c7187eca-89d2-77a7-4bd9-183eb65b7a43@mtcc.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/u6hbqb9slkqjYrdpm5XFVkE2MSE>
Subject: Re: [dmarc-ietf] ARC vs reject
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Dec 2020 22:02:40 -0000

In article <c7187eca-89d2-77a7-4bd9-183eb65b7a43@mtcc.com> you write:
>> our job to try to guess whether the bank's users are following some
>> internal policy we can't see.
>
>There is no guarantee of that. If my bank says reject that mail, I want 
>my provider to reject that mail, period. No amount of ARC shenanigans 
>should change that policy.

OK, ARC doesn't do that. This does not mean that ARC is broken, only
that you appear to have different policy priorities than other people.
As you know, DMARC has never obliged recipients to follow senders'
policies so this is nothing new.

My system does a lot of forwards of SPF-only p=reject mail to
addresses that belong to individuals, e.g. clerk@mytown.ny.us to the
town clerk's gmail account. No matter how loudly someone might shout
that I should never ever forward that mail, I will ignore them,
because their policy is in this case silly. We have seen that senders
often publish policies that have silly effects and I see no reason to
pay them more attention than they deserve.

R's,
John