IETF Logo Mail Archive

Re: [dmarc-ietf] Signaling MLMs

Hector Santos <hsantos@isdg.net> Fri, 14 April 2023 20:44 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFDABC15171B for <dmarc@ietfa.amsl.com>; Fri, 14 Apr 2023 13:44:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b="AuAvS7Jw"; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b="owo75Xjv"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BFghIlFq0Nyy for <dmarc@ietfa.amsl.com>; Fri, 14 Apr 2023 13:44:04 -0700 (PDT)
Received: from mail.winserver.com (mail.winserver.com [3.137.120.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78DB4C14F721 for <dmarc@ietf.org>; Fri, 14 Apr 2023 13:44:04 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha256; c=simple/relaxed; l=7817; t=1681505037; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:From:Message-Id:Subject: Date:To:Organization:List-ID; bh=k6suliLfGSSZVkeE7fvs+29MyFqnuRG G778CzC4CKyI=; b=AuAvS7JwvjQpX1UcfW/EcRdHw8OnPoC57yUIDGWoTrwKKhY oJQ+Xqcjw4QDRjLMMjAdd4lg6IDBtZHzNwEHwZMinTQljNxq8BUaFaHzUNJsJlSE ypgL5/5grDHwpt+ONYnYtExWzk3AFA++zZ2ZakWet3flQEO/qjPZfwVoGNdo=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.13) for dmarc@ietf.org; Fri, 14 Apr 2023 16:43:57 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([3.132.92.116]) by winserver.com (Wildcat! SMTP v8.0.454.13) with ESMTP id 1897834238.1.2340; Fri, 14 Apr 2023 16:43:56 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=7817; t=1681505035; h=Received:Received:From: Message-Id:Subject:Date:To:Organization:List-ID; bh=k6suliLfGSSZ VkeE7fvs+29MyFqnuRGG778CzC4CKyI=; b=owo75XjvJ9tJWHB4qrPu3spv9pPl pcksNxbHIG3WY0QlQNURAjef9w3a54tAqbvRCHiOfkPRendZ9dqHALFJlTx1930D LwmJLrSJ0iizAJgBFCKLJ3RIspO8PvHEsxIUqMHnILVlAMFfbTNxRzS/QNfrXAPr GDlMBwv8ZAO2Gnc=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.12) for dmarc@ietf.org; Fri, 14 Apr 2023 16:43:55 -0400
Received: from smtpclient.apple ([99.122.210.89]) by beta.winserver.com (Wildcat! SMTP v8.0.454.12) with ESMTP id 2343870832.1.3572; Fri, 14 Apr 2023 16:43:54 -0400
From: Hector Santos <hsantos@isdg.net>
Message-Id: <168596BD-B688-4AF6-87E8-B25F9D2BD663@isdg.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F5F7E436-E1C6-4DB6-A6E9-A8DA6D9DD50D"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\))
Date: Fri, 14 Apr 2023 16:43:43 -0400
In-Reply-To: <CAL0qLwa=cA7426zgNJQFDBBqOKA6KXyBGAE4TOy=C+c9+JUY3A@mail.gmail.com>
Cc: Alessandro Vesely <vesely@tana.it>, dmarc@ietf.org
To: "Murray S. Kucherawy" <superuser@gmail.com>
References: <CAL0qLwZc2X7tyP+_8vvL3Yb7uJk6td3XGbsXUB68BNUEMhV4yQ@mail.gmail.com> <8d970e6b-8fa7-da85-5c47-d485abbc43be@crash.com> <CAL0qLwZJjBq0T8kODJifTT10ttJJE2Bof5kJZACRTwyauzwQ6A@mail.gmail.com> <CAJ4XoYcHeFe0kS9QHz4fP5TbOMOiW8mJaiNYx+Yk8keZYW-yDQ@mail.gmail.com> <b6a2b444-de02-9833-fe7b-fc9ad542f900@tana.it> <CAL0qLwYwcXTBzqd=3sKwtZJUsEYO5kfv9V-CZtVHz2TQ78v=0g@mail.gmail.com> <909C826B-2745-4BE8-AD16-920E6DE86D1C@kitterman.com> <329db752-fdeb-7633-ede1-06e435db1c0e@tana.it> <CAL0qLwa=cA7426zgNJQFDBBqOKA6KXyBGAE4TOy=C+c9+JUY3A@mail.gmail.com>
X-Mailer: Apple Mail (2.3731.400.51.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/wLNYTmDlwmkDzbvpQ6LDS-o_ySs>
Subject: Re: [dmarc-ietf] Signaling MLMs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2023 20:44:08 -0000


> On Apr 14, 2023, at 3:20 PM, Murray S. Kucherawy <superuser@gmail.com> wrote:
> 
> On Fri, Apr 14, 2023 at 10:20 AM Alessandro Vesely <vesely@tana.it <mailto:vesely@tana.it>> wrote:
>> On Fri 14/Apr/2023 15:47:12 +0200 Scott Kitterman wrote:
>> > On April 14, 2023 1:29:58 PM UTC, "Murray S. Kucherawy" <superuser@gmail.com <mailto:superuser@gmail.com>> wrote:
>> >> On Fri, Apr 14, 2023 at 4:31 AM Alessandro Vesely <vesely@tana.it <mailto:vesely@tana.it>> wrote:
>> >>
>> >>> Heck, MLMs should start rejecting messages sent from domains that publish a 
>> >>> blocking policy *when they fail authentication on entry*!!
>> >>
>> >> That's not enough to avoid the damage we're talking about.
>> 
>> Agreed.  Yet, it is a sane half-way between crazy rejecting always and 
>> completely ignoring ABUSE.
> 
> Both DKIM (certainly) and SPF (I'm pretty sure) advocate against rejection of messages merely because they fail authentication on ingress. 

And respectfully, SPF always had a strong reject, hard fail policy concept since it's LMAP R&D upbringing — immediate rejection, 55z rejection code.

Why Not?  It was optimized.  It served a purpose to address spoofs. Partial, Neutral and Unknown results were possible. That was suppose to be feed to a heuristics, highly subjective Reputation Engine. After exactly 20 years of data, SPF rejection rate is 6.3% of the incoming rejection reasons. https://winserver.com/public/spamstats.wct

>> I agree there are better solutions, but they're not yet developed.  As ugly as 
>> it may be, From: munging is the emerged solution.  It is a _fact_.  Now repeat 
>> again that the IETF standardized facts, not theories...
> 
> Let's put the challenge back on you: Where's your evidence that From munging is the emerged consensus solution that this working group should standardize?  Where is this _fact_?  If we advance that as a Proposed Standard, the community will quite reasonably ask why we think this is true, and we're going to need to be able to answer them.  If working group consensus agrees, then away we go.

As much as I am an original mail engineering purest (anyone here ever work with Fidonet?) and therefore consider it to be a fundamental taboo to destroy originating copyrighted authorship of anything, the MLS/MLM needs to evolve to handle the various 1::many broadcasting distributions under a new security umbrella.    

Because the current DMARCbis umbrella ist not providing 100% coverage, for the MLS./MLM, it needs to do one of two things;  restrict subscription/submissions or strip the security and rewrite the copyrighting authorship, perpetuating a potential harm including legal.

The latter is not preferred.  The former would be normal part of a protocol complete algorithm. You would do the former always.  It’s the easiest.  No need to modify the MLS.  Just the MLM low code provisional scripts.

—
HLS

v2.23.0 | Report a Bug | By Email