IETF Logo Mail Archive

Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal

Emanuel Schorsch <emschorsch@google.com> Fri, 23 June 2023 17:25 UTC

Return-Path: <emschorsch@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81BC7C13AE40 for <dmarc@ietfa.amsl.com>; Fri, 23 Jun 2023 10:25:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -22.599
X-Spam-Level:
X-Spam-Status: No, score=-22.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wl15pQUvzhen for <dmarc@ietfa.amsl.com>; Fri, 23 Jun 2023 10:25:55 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E561C13AE57 for <dmarc@ietf.org>; Fri, 23 Jun 2023 10:25:54 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id 38308e7fff4ca-2b475b54253so15155331fa.2 for <dmarc@ietf.org>; Fri, 23 Jun 2023 10:25:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1687541153; x=1690133153; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=xghM48GoP7gJFU7hVKwOAFKt3GhS5bvMtDe1Yrh0s70=; b=PPajXC9Jgjqf4q2QAnscW9mwHcqxKBTl5iiaaccbJtWBXkCQDhAWt3SHSBswcK/teJ FH2zBJBi+Wv7+7H8KuKRYdYsbKekxu71cqbU6M0g0pDp+7ILYvHidXmtKrCZrwdHFSKM NFle9U94u97vAFv5bfTrBcjJZs3V/Lr7PO5N9hm10/UJP776rEChcgX/SOMQtb8dfqQw idQkK0gp3AT5D7J8WAJgp47EaQctknsjXqNhSjNMAwEJkAfB4dhu6Lmb9uM4Ynia5YPQ tCQCuLVv6/3kSRgEqULYbM9BrDuksBs72rBrh7KYj/MEoOnWaEul5PsBrvpFXru3PMc7 vc5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687541153; x=1690133153; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xghM48GoP7gJFU7hVKwOAFKt3GhS5bvMtDe1Yrh0s70=; b=YTkHbaXmkPnuwTHhFQ9V3D+d98DuA9a7mecERaGVVWrH1WVgnBpTmOFOh18URwFv0t dHpv4DIQLkiJfmG5H2JxSPTSyiP7HhOD7wjx+CuS8Wit09qauvQNnT14SHbZ/LJ3Zhzx PtaUSqbGVoDAMi3Bex5hJPzKnghRKh69ui8u9jf3JFxyKYICxjoVD+LQYHOLBr8N9f+5 w31wdXUMMX9pI25xqQbpaFDKXiTxphemiMID6ar37Mx+BIM/zFu6mQVOVPXdF0zZF6l6 9j4D+3YfWwnDk9lGmxnjmGNNUmRGkZPSIRy0JH0iqpiJL7UFb7TgNXrIrY2BQxsDQPTF xKYg==
X-Gm-Message-State: AC+VfDzvavBREzBCBTPfT6icz3GX21qg2XCsz0uXCmCJA81fq5rwyAJO XfAVAwa7/rtxhiS+G7CXIXpz/YINJNjNvd+mXALq6g==
X-Google-Smtp-Source: ACHHUZ6k3WQ/OBdAo/swu5INVytb86nDKpo0hwJtNw4igs7wOptzagO25m+xK4Ury5y9ZRil8ydPWUplRUS5Xd5aA8g=
X-Received: by 2002:a2e:9c07:0:b0:2b4:6ca3:7747 with SMTP id s7-20020a2e9c07000000b002b46ca37747mr11820798lji.28.1687541152932; Fri, 23 Jun 2023 10:25:52 -0700 (PDT)
MIME-Version: 1.0
References: <CABZJ8kmg75qo70V-N65b6C4w+g7gX0ehv3CsqG-765BbBGcn=A@mail.gmail.com> <20230623021810.E5F8DF9B3B94@ary.qy> <CAFcYR_WY8MEag7sup_7DnmzRuZJ7zeyJT6TATL45wCKBrsF3UQ@mail.gmail.com> <bfbe77ad-8aba-d803-de06-d734a177066b@taugh.com>
In-Reply-To: <bfbe77ad-8aba-d803-de06-d734a177066b@taugh.com>
From: Emanuel Schorsch <emschorsch@google.com>
Date: Fri, 23 Jun 2023 10:25:15 -0700
Message-ID: <CAFcYR_U=qW0k5EC2_y+B1roXK91uzscT+vS5Y7jrNkG1bTxw5Q@mail.gmail.com>
To: John R Levine <johnl@taugh.com>
Cc: dmarc@ietf.org, emgu@google.com
Content-Type: multipart/alternative; boundary="000000000000f786fa05fecf4a71"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/xBdPUt0RgyYYkN45ibSniibEHV8>
Subject: Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jun 2023 17:25:59 -0000

>
> > confused users misusing that option. I would support allowing the
> following
> > options for the auth tag:
> >   "auth=dkim|spf (default value: same as current state), auth=dkim,
> auth=spf"
>
> The idea is that auth=dkim means you'd publish SPF records but hope people
> will ignore them, or vice versa for auth=dkim?  I still don't get it.
>

My understanding is that if `auth=dkim` then SPF would be ignored from the
perspective of DMARC. So  if a receiver sees DKIM is not DMARC aligned and
only SPF is DMARC aligned then it would still be treated as a DMARC fail.

It would be a way for senders to say "yes I checked that all my DKIM
signatures are working and aligned, I don't need you to look at SPF and
don't want to have the risk of SPF Upgrades. I will still keep an updated
SPF record, but if you see a message that's only SPF aligned then don't
consider that a DMARC pass."

v2.23.0 | Report a Bug | By Email