Re: [dmarc-ietf] WGLC editorial review of draft-ietf-dmarc-dmarcbis-30
Seth Blank <seth@valimail.com> Sun, 31 March 2024 12:26 UTC
Return-Path: <seth@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 534B3C14F700 for <dmarc@ietfa.amsl.com>; Sun, 31 Mar 2024 05:26:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J5P0Bj-23DGk for <dmarc@ietfa.amsl.com>; Sun, 31 Mar 2024 05:26:07 -0700 (PDT)
Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83560C14F6F5 for <dmarc@ietf.org>; Sun, 31 Mar 2024 05:26:07 -0700 (PDT)
Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-1e252f2bf23so807975ad.2 for <dmarc@ietf.org>; Sun, 31 Mar 2024 05:26:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; t=1711887966; x=1712492766; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=61Yo9miWJIpt4z7lg5wFrHTDvH/zPQQ87W2Mft+2wnw=; b=clokXfEPMRH+f9sCqh1o/koFMXkyVrmPcaa0B73b//CcoWBjkLmQXAVhTr2k5eZ3PW DjAkMpxS6r6rk6OC9KoloulQfjttJfgjLA4MaA/g034q5/O3B2DhfD2DQ64MqvHcaFHm EvTdBeAEzmAST25BeimHIp/qmSlf51EBuWDkD7zDe5A1JAQ36a95sRdj5V8nlU7R0iQD 2oY2PE2yY29JR+4EU5ehFdywROV7FXbo8hoy3eU/5JiMAMVcEXHK6ecGr0k8ELCc8n3v CEE5KFEeHysTfmdl1FB6HFsXRMynV7T8uAznkpyUOzyjBqsv6kw71iRwwCu7VCNrnvVm SCww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711887966; x=1712492766; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=61Yo9miWJIpt4z7lg5wFrHTDvH/zPQQ87W2Mft+2wnw=; b=pS5Wui++nLSvsM8RCnLcNfo/8RjLcsI9QIWJSn3MTZF5tf2mUP6cjlCRhIE47mWV62 GCfzrrAbq0+VVHG0ZdJ6ykTe3s9n+SBVt+sLhU+DVBY0ZbGdpE7WyplIDq+MkTqJNwXD P0Cw8MIZ2mUUAFsLaaxCZxcuyJw112Kt/B8GhKTOJfDPXRhSqIZ7yNpoPhaQluda+j+5 Bf9eh5Z3cUq/DBBFvQouksL2SSBJ3YQGQeGtPiOcmzQat1HP60IpvyNTPJCPzVPAXPGD VbPVYlZ6Z/uLXgC0chB2Btxl3NT2/gtnYKCZ9aJdhoPwpTHXsZPNwtPC/We+3El3OK5f VkFg==
X-Forwarded-Encrypted: i=1; AJvYcCXVfhxctvXYLdEOODfam1Ys92gPDNdkB9BsVD+PPdviFbTiVOvb/a1ZBcb/9SKafwB2lAJH6IfD+EyspRJnmA==
X-Gm-Message-State: AOJu0YwBgW4axcMCkciLGDIC18qUxOmmW9aMPswe9hRlD3P04OIZSjJo DxadOkNXfJeR+7LAA7XgPrJ9ufRoK9Z1+9qf81jKyd8uAMUD+rUuqAS6ZhbjpRr7XKEHN3SYgv/ qX7BYtxqebnwcq+PtYaVSiCr3JWzpnYcM8N1ciJ2M4gu9/KtK
X-Google-Smtp-Source: AGHT+IH7bqbrAnutHsdOB7cbP9CtM9hKjNRHujlFWSV7fQuvuvOu7LvJZfok4lwDfy8xpblt3KtwWyjvlhS/skt2ZAg=
X-Received: by 2002:a17:903:290:b0:1e0:1eff:66f7 with SMTP id j16-20020a170903029000b001e01eff66f7mr7838656plr.47.1711887966395; Sun, 31 Mar 2024 05:26:06 -0700 (PDT)
MIME-Version: 1.0
References: <CAOZAAfPwJHKGyLjTkdGDqkMeK4RQX4Fj0rw-Upn0cLZ+cE74aA@mail.gmail.com> <2cdd13ec-9d7f-4732-91ea-9c8983d7a28c@tana.it> <CAH48ZfzaNR2A6zUWVeeoay+UHLHTzja9f5RGfAt5htXd21C0KQ@mail.gmail.com>
In-Reply-To: <CAH48ZfzaNR2A6zUWVeeoay+UHLHTzja9f5RGfAt5htXd21C0KQ@mail.gmail.com>
From: Seth Blank <seth@valimail.com>
Date: Sun, 31 Mar 2024 08:25:55 -0400
Message-ID: <CAOZAAfPAaZ5=yroK4hPRxFhBM5Q5hpzBLN_KMJL+2-vj+OiHnw@mail.gmail.com>
To: Douglas Foster <dougfoster.emailstandards@gmail.com>
Cc: Alessandro Vesely <vesely@tana.it>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000022036c0614f3fa10"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/vx217bFGN4oSUqfzy9Zjsolo1j0>
Subject: Re: [dmarc-ietf] WGLC editorial review of draft-ietf-dmarc-dmarcbis-30
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Mar 2024 12:26:11 -0000
What do you mean “stop authenticating?” — a soft fail is still a fail, not a lack of auth, and this has been published best practice for a decade S -mobile Seth Blank | Chief Technology Officer Email: seth@valimail.com This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system. On Sun, Mar 31, 2024 at 08:22 Douglas Foster < dougfoster.emailstandards@gmail.com> wrote: > On SPF, our document should say simply, > " a DMARC-compliant evaluator MUST NOT reject a message, based on SPF > result, prior to receiving the Data section and checking for aligned and > verifiable signatures." > > Of course, evaluators may still reject early base on known-bad server or > known-bad Mail From domain, but not based on SPF alone. > > I weary of the notion that the solution to all authentication problems is > to stop authenticating. > > DF > > > On Sun, Mar 31, 2024, 6:41 AM Alessandro Vesely <vesely@tana.it> wrote: > >> On Sat 30/Mar/2024 21:05:17 +0100 Seth Blank wrote: >> > This is a real operational problem, so I wanted to expand guidance. The >> note >> > about best practice may or may not be appropriate here, but I think it >> works. >> > There are multiple M3AAWG documents which cover this use case, and we >> can also >> > link them if valuable. >> > >> > [...] >> > >> > Since DMARC only relies on an SPF pass, all failures are treated >> equally. >> > Therefore, it is considered best practice when using SPF in a DMARC >> context >> > for domains that send email to end records with a soft fail ("~" / >> "~all"). >> >> The last phrase is overly strict. To /consider using/ soft fail ("~") or >> neutral ("?") should be enough. For example, I use an SPF record >> terminating >> like so: >> >> ?exists:%{ir}.list.dnswl.org -all >> >> It can be criticized for imposing DNS usage, but it works too. One could >> also >> use ~include:vast.whitelist.example before -all; it would work as well. >> >> Using ~all is akin to use p=none. Be armed but only load blanks. Its >> being >> best practice bears witness to the weakness of domain based >> authentication. >> Currently we are in the mid of a swamp, but if we hope to ever get out we >> can >> start by softening these kind of requirements. >> >> >> Best >> Ale >> -- >> >> >> >> >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc >> > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- [dmarc-ietf] WGLC editorial review of draft-ietf-… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… John Levine
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Douglas Foster
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Mark Alley
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… John Levine
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Seth Blank
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Murray S. Kucherawy
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Richard Clayton
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Tero Kivinen
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Brotman, Alex
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Dotzero
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Todd Herr
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Jim Fenton
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Brotman, Alex
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Todd Herr
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Murray S. Kucherawy
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… John Levine
- Re: [dmarc-ietf] ARC, was WGLC editorial review o… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Laura Atkins
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Dotzero
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Scott Kitterman
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Scott Kitterman
- Re: [dmarc-ietf] the long march, WGLC editorial r… John R. Levine
- Re: [dmarc-ietf] the long march, WGLC editorial r… Scott Kitterman
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Neil Anuskiewicz
- Re: [dmarc-ietf] the long march, WGLC editorial r… Murray S. Kucherawy
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Murray S. Kucherawy
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N (choose 6) Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Neil Anuskiewicz
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely