IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

Brandon Long <blong@google.com> Tue, 18 August 2020 23:22 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6DE93A0F30 for <dmarc@ietfa.amsl.com>; Tue, 18 Aug 2020 16:22:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CQGRBesUH6tW for <dmarc@ietfa.amsl.com>; Tue, 18 Aug 2020 16:22:03 -0700 (PDT)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1446E3A0F33 for <dmarc@ietf.org>; Tue, 18 Aug 2020 16:22:03 -0700 (PDT)
Received: by mail-io1-xd31.google.com with SMTP id g13so8641713ioo.9 for <dmarc@ietf.org>; Tue, 18 Aug 2020 16:22:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dc+GaS7FYNNiZ4HYK2SjbgAYzyWh7u9rVlur9Z9eNUM=; b=FDi5cM8YzgEXFXpHdM8+5LsZv0ltNycJlPxN8XorztITLHZJJn3/gdvufN9AVY70c0 pzgRhBw8eV6++BQxOft1afvZgo32VD9qytva9FkG53LUMF8bWIUw4oc06C3t0LnftZgm 3Z+MnZKfMZtAaxN2GmEBnNUebO4IzDOkmnPaiwEW2a/dIzMm/HqjLbNVi06O/iyYKDut SNCBaDzhXKQUWm0bCcAOo0vAqfYytHyTKBZDTJWuW4PQEXjqD5N/aS7dqi2CypjwQn37 CJtlwbk1jUcjio0eFPAlWG8pvlnXDH8txD1oOVuUmkoHnjjasr8WPFoKquNnv83GPWZj JozQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dc+GaS7FYNNiZ4HYK2SjbgAYzyWh7u9rVlur9Z9eNUM=; b=fHDILvU2ZiC7IEJFhHhjsvr/t1HDJxjS/ShSaqHCuYCGtqMqa8+rka7CRcWG0iA+5u 5lpk0RGj3RW7T8Ss7mkeuBX4TXR8zG46m22xQpNVQ5q5AIHYr9dVIjABtIcpYQnh8m+W gdJ+i1K4o4oOFyCHAJqqNsF+lz+fGj1lNOpqJSyCVyltNEiqlq77QUhUoEdI8CvztfHg rxH7yu1ROz62ZVgd+plp+gJQ1OA1Burh8T9L4bF43tNA1rkLPQw3ghZ5QtZtZRynE25T VSKVn/XvrQnxa2FHuY3uZBu+BPJDOAfvRO+wOCuX6YRPlTpq87IzT463olzqrh2SyH33 D82Q==
X-Gm-Message-State: AOAM5328Lig2oV8AAodFDFNDNH1ugGFtCYbyMIAW0fE2JqzJrYqqTeIV fabM/E6TZVdKlPoIzZclfwHUhGvXFl7n4lz79SQ00bBsHA==
X-Google-Smtp-Source: ABdhPJwQyl8K+VjC2WF2rnA/nSRKGboOTlSPHp/w3L5HdEVIKGrHnA7WhMbWq78+2ldqKRZD515jmb6M9uFPDygYmDM=
X-Received: by 2002:a02:7786:: with SMTP id g128mr20637097jac.45.1597792922011; Tue, 18 Aug 2020 16:22:02 -0700 (PDT)
MIME-Version: 1.0
References: <CAJ4XoYcFbh8-nAxjxzzRgUahFfhcgcZQ2yMF2ewv_-DgUmhL=g@mail.gmail.com> <20200814164237.313071E971DB@ary.local> <CAJ4XoYeqj_5mpZu1PZP4rNfrWRyC5gC-2dfK7oX9xQHiR24QeA@mail.gmail.com> <085c6a5f-5451-ae8c-4873-133673ba1754@tana.it> <CAL0qLwaVUi9QtV4zcCwncuy4N3YPwsGZPzFfd1q19io79UG2VQ@mail.gmail.com> <c1844590-4b12-9763-21c5-6ac5b730321b@tana.it> <6358f3da-806b-f4eb-b9a0-8ee8ce4121d7@dcrocker.net> <4e549ca6-6047-6ff2-325c-fe8d7247e157@tana.it> <c972e0af-b589-1780-47b3-8cb2a2024ec2@dcrocker.net> <13a0ed72-2c5a-8ba6-84ab-b857e29403f1@tana.it> <b5935bde-e8-78ef-ed17-90a1d730aa9d@taugh.com> <8CCCBF0C-8651-4298-BB29-457381655D1D@wordtothewise.com> <beba49bc-e599-4f5b-72ad-2328938af9da@tana.it> <7FC8E909-1A13-4682-B3D8-EAD76F2B02BB@wordtothewise.com>
In-Reply-To: <7FC8E909-1A13-4682-B3D8-EAD76F2B02BB@wordtothewise.com>
From: Brandon Long <blong@google.com>
Date: Tue, 18 Aug 2020 16:21:47 -0700
Message-ID: <CABa8R6vT6co97_z0S7oRZC_r8n4vWT=q=YN4S+zX9xfSr18FTw@mail.gmail.com>
To: Laura Atkins <laura@wordtothewise.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008b072305ad2f2732"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/wQsriNTB9s2WtZ6oKM9AsHVkwFQ>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2020 23:22:05 -0000

On Mon, Aug 17, 2020 at 5:22 AM Laura Atkins <laura@wordtothewise.com>
wrote:

>
>
> On 17 Aug 2020, at 12:25, Alessandro Vesely <vesely@tana.it> wrote:
>
> On Mon 17/Aug/2020 11:46:55 +0200 Laura Atkins wrote:
>
>
> The forum page is off the FTC website, but the document links are
> still accessible:
>
>
>
> A copy is here:
>
> https://web.archive.org/web/20120603201012/https://www.ftc.gov/bcp/workshops/e-authentication/
>
> A sentence says:
>
>    The Report, however, identified domain-level authentication as a
>    promising technological development that would enable Internet
>    Service Providers (‘‘ISPs’’) and other domain holders to better
>    filter spam, and that would provide law enforcement with a potent
>    tool for locating and identifying spammers.
>
>
> And, 17 years on, we know that domain level authentication doesn’t
> actually help filter spam nor does it provide law enforcement with a potent
> tool for locating and identifying spammers. It was promising, it didn’t
> live up to the promise.
>

I don't understand this.  Virtually every spam rule we write these days
depends on information attached to the domain level authentication of an
email message.

I mean, it's not some simple binary thing, but it also very clearly helps
us filter spam.

We know, now, that turning on domain level protection does not stop
> phishing attacks against that company. It stops direct spoofing of the
> domain, but the phishers simply use a completely different domain. Just
> this weekend I got a PayPal phish. PayPal who helped invent DMARC are still
> getting spoofed and phished. Sure, the phishers aren’t using the
> paypal.com domain, but that doesn’t seem to have any effect on their
> success at stealing money from people.
>

Do we have stats on that?

I know that we've increased our resources towards anti-phishing over the
years, so there's no apples to apples comparison here, and it would be hard
to tease out the specifics anyways... but we've certainly had success in
catching more of it.

Brandon

v2.23.0 | Report a Bug | By Email