IETF Logo Mail Archive

Re: [dmarc-ietf] Proposing an extension to DMARC to optionally require SPF and DKIM

Scott Kitterman <sklist@kitterman.com> Tue, 02 April 2013 01:15 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6849711E811A for <dmarc@ietfa.amsl.com>; Mon, 1 Apr 2013 18:15:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LFpvcaNtaKp7 for <dmarc@ietfa.amsl.com>; Mon, 1 Apr 2013 18:15:21 -0700 (PDT)
Received: from mailout02.controlledmail.com (mailout02.controlledmail.com [72.81.252.18]) by ietfa.amsl.com (Postfix) with ESMTP id BFBCC11E8116 for <dmarc@ietf.org>; Mon, 1 Apr 2013 18:15:21 -0700 (PDT)
Received: from mailout02.controlledmail.com (localhost [127.0.0.1]) by mailout02.controlledmail.com (Postfix) with ESMTP id 47F0220E40D5; Mon, 1 Apr 2013 21:15:21 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2007-00; t=1364865321; bh=NHkAJauqB02YvyA6WPGPou07Pqt4ISpvCJpzNz8kvzU=; h=From:To:Subject:Date:In-Reply-To:References:From; b=RW1rSh43Y9+uD6nIb44KbuWur3nPsdupYh9hfTBapnMi3T0U+f5UZS0qmMXZIBnpK G5Rfruq9Nn8lk95uPELWlTNLK5kEGO0ktv1PP0xXpx48U10O3zR2o+Zlou0OQch0eB GlryBM0Xj4ksuvf8i7GvMG3VL3fR1MhRce5PJdFM=
Received: from scott-latitude-e6320.localnet (static-72-81-252-21.bltmmd.fios.verizon.net [72.81.252.21]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout02.controlledmail.com (Postfix) with ESMTPSA id 20D7A20E4090; Mon, 1 Apr 2013 21:14:50 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Mon, 01 Apr 2013 21:14:50 -0400
Message-ID: <3539257.rshtJ9z1rl@scott-latitude-e6320>
User-Agent: KMail/4.9.5 (Linux/3.5.0-26-generic; KDE/4.9.5; i686; ; )
In-Reply-To: <A8438ED880C643F1A05F78C36B0E16B3@fgsr.local>
References: <77426B543150464AA3F30DF1A91365DE52EA0E87@ESV4-MBX01.linkedin.biz> <A8438ED880C643F1A05F78C36B0E16B3@fgsr.local>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
X-AV-Checked: ClamAV using ClamSMTP
Subject: Re: [dmarc-ietf] Proposing an extension to DMARC to optionally require SPF and DKIM
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2013 01:15:22 -0000

On Tuesday, April 02, 2013 02:53:30 AM J. Gomez wrote:
> Hmm, are you missing the part where several independent clients send to the
> Internet through the same cloud-based email gateway, and therefore "-all"
> in SPF still allows for spoofing if any of those clients is trojanized, and
> DMARC in its current form does nothing to solve this problem?

There's no way a internet facing protocol can fix local validation failures.  
This is not news.

http://tools.ietf.org/html/rfc4408#section-10.4

https://tools.ietf.org/html/rfc4871#page-53

If you're telling your customer's they can trust you not to let your other 
customers spoof them, then you actually have to do that.  No one else can do 
it for you.

Scott K

v2.23.0 | Report a Bug | By Email