Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
Jesse Thompson <jesse.thompson@wisc.edu> Fri, 31 July 2020 22:00 UTC
Return-Path: <jesse.thompson@wisc.edu>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D78E3A0C5D for <dmarc@ietfa.amsl.com>; Fri, 31 Jul 2020 15:00:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wisc.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rdi6mDvBqsIV for <dmarc@ietfa.amsl.com>; Fri, 31 Jul 2020 15:00:42 -0700 (PDT)
Received: from wmauth1.doit.wisc.edu (wmauth1.doit.wisc.edu [144.92.197.141]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75B703A0C5C for <dmarc@ietf.org>; Fri, 31 Jul 2020 15:00:41 -0700 (PDT)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2101.outbound.protection.outlook.com [104.47.70.101]) by smtpauth1.wiscmail.wisc.edu (Oracle Communications Messaging Server 8.0.2.4.20190812 64bit (built Aug 12 2019)) with ESMTPS id <0QEC0096IT54F520@smtpauth1.wiscmail.wisc.edu> for dmarc@ietf.org; Fri, 31 Jul 2020 17:00:41 -0500 (CDT)
X-Wisc-Env-From-B64: amVzc2UudGhvbXBzb25Ad2lzYy5lZHU=
X-Spam-PmxInfo: Server=avs-1, Version=6.4.7.2805085, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2020.7.31.215118, AntiVirus-Engine: 5.75.0, AntiVirus-Data: 2020.7.21.5750001, SenderIP=[104.47.70.101]
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A+oRHHASE47ywQ4eUnG1UewNc1YAWLyYlNPtarswnzhASJyjraVxBhLxcGyeF0GqpoJ7HWRDXHOqIf/13BtXkKXqmRGp30X06q1Ja0un2OvuvjwFdyvmCyZqvrgUsKlQ+BIlc/MXQtPXQgzt9Vh97I40R6CPQi11M/1rzW22qIuUP0JJpCYwxgNw+QJZgFsWKzw7Elh9APUmJtqdj2mJzx/EaWuBediTepOHrCBipgzYWsYISbWFpiLRYC5ud4nPc/gy/yTnsotEB3rEcx8UTEcRqS6Oc2FCAIH2e60dex8HyaoulZJ3sE/iTpLvJy15UAjXEVhWa5i/RaAUMdgREA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dBAt8aknoYpSpLRyH4LF4TIeKBQTL2BJwFOa5aoh7CA=; b=HwLWj2fTn1wMJHgy0/7j4Nll+NsBPJWang+6RT9A/6LL7c79uDjaxUg2XCTiKSRcQ/TGeDY6QycmmSgqzeEZVPrkWLQEe7eLfmhNJJ9dJErkTesWVKMNQMXPiazZlqcDBfexBNKcQc1ip81vqlQjKfsAZbM1/Qk6gvLelCQftzIV/UET0GrfH4DPWyY/81lv9cV8uSRCP3rjr1SBgu1BNILv7TJemQANAm1ytMhRoFrroGEyXVeFiOyE8oeBLne2EA5qvfTIp/fccvjj/iIjLT1oFIcBYi92pOjBF6NSpna03+dtxRST6E7+x9DjarbV9vfJMDUwzWeev1QoHlMjUw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=wisc.edu; dmarc=pass action=none header.from=wisc.edu; dkim=pass header.d=wisc.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wisc.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dBAt8aknoYpSpLRyH4LF4TIeKBQTL2BJwFOa5aoh7CA=; b=w7mBVX6XnXFv0d2yvNxjJA0QwXAjM40VDXIEhzrAWtxhgtyovTD091Oek+Mcu2lkkPI2jXBSzab00n9t95PndUUgfNgLuaOPfbGxdIztyET3Vrx48Dh6jW3KMZ7kxD6iqdxfiwnVsgzv18hDspmOjYX/1ms7PDQCXj3y6FQ8e0s=
Received: from DM5PR0601MB3671.namprd06.prod.outlook.com (2603:10b6:4:7b::16) by DM6PR06MB4810.namprd06.prod.outlook.com (2603:10b6:5:e::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.28; Fri, 31 Jul 2020 22:00:39 +0000
Received: from DM5PR0601MB3671.namprd06.prod.outlook.com ([fe80::a92c:9a15:1bb0:4bfa]) by DM5PR0601MB3671.namprd06.prod.outlook.com ([fe80::a92c:9a15:1bb0:4bfa%7]) with mapi id 15.20.3216.033; Fri, 31 Jul 2020 22:00:39 +0000
To: dmarc@ietf.org
References: <cd9258e6-3917-2380-dd9b-66d74f3a64d3@gmail.com> <20200717210053.674D61D2C431@ary.qy> <CAL0qLwbkhG-qUyGqxaEjcFn2Lb7wPMhcPFEMA8eqptBJpePPxA@mail.gmail.com> <8efcf71c-f841-46a4-10b7-feb41a741405@gmail.com> <CAL0qLwbK7GQXkiS+H8GtsvHMzWr4o431Shc7Cc9MhqsTiHfzFw@mail.gmail.com> <bc7ed18c-8f1d-b41b-0a4b-3aa180a63563@gmail.com> <CAL0qLwYgs7py1aTQ87pykNT_0dpnrKz=+1DxMMSQMgbwz4XZDg@mail.gmail.com> <381c7792-5bd8-a1be-6b93-b7df015a2333@gmail.com> <d8bab034-7539-fbb4-faa0-daf6aa51e087@wisc.edu> <CAMSGcLAfhvsJhzB0Ukaer_ZCS276vZ5i=k08KAcWudJ0mLvLEw@mail.gmail.com>
From: Jesse Thompson <jesse.thompson@wisc.edu>
Message-id: <d07d0034-f9c2-5111-8c7e-4e8266dc2f05@wisc.edu>
Date: Fri, 31 Jul 2020 17:00:37 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Thunderbird/80.0a1
In-reply-to: <CAMSGcLAfhvsJhzB0Ukaer_ZCS276vZ5i=k08KAcWudJ0mLvLEw@mail.gmail.com>
Content-type: text/plain; charset="utf-8"
Content-language: en-US
Content-transfer-encoding: 7bit
X-ClientProxiedBy: CH2PR18CA0042.namprd18.prod.outlook.com (2603:10b6:610:55::22) To DM5PR0601MB3671.namprd06.prod.outlook.com (2603:10b6:4:7b::16)
MIME-version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [146.151.213.183] (146.151.213.183) by CH2PR18CA0042.namprd18.prod.outlook.com (2603:10b6:610:55::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.17 via Frontend Transport; Fri, 31 Jul 2020 22:00:39 +0000
X-Originating-IP: [146.151.213.183]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 65003788-0002-4af4-78db-08d8359d297f
X-MS-TrafficTypeDiagnostic: DM6PR06MB4810:
X-Microsoft-Antispam-PRVS: <DM6PR06MB4810A9998E0AEDABAB28A70FF64E0@DM6PR06MB4810.namprd06.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8882;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: cZ3ytxjekmYOS8REUfcWRn3807+SOUMoTFtk/PFPxyhAyHboC/BjpTT9NGoKge0K7B//BfF76GUR6GHk6AIbWvtml8rrNHz5GxaiIsFwiaZ4GJOuLgXMt6ZJ/4XeS2cJzly7fy9oeuJDARSrMvMVrRqOUWq1H4uayxHn6seXOOLOLqxJs1VxOfJzsJY08CF1V/b5XbI4IduIUMSxQTZo0b4a5GlTa0TvQEJFkEBAtnI70IPiQgK9jjkoooGaQtZrCfV2vodBGKW9PJAc4XjQbNm/xxZUjDHwRwogC5HYq3oa8abb+5vP93C9HPbsuiItuscpsvl7i+5gxj6r/1kJL6ev2G4YmjEggP9MTwZSzjZwZjiatWXGcpfRCOo1pFVDUQRL+Dd/8KmF1SISDEPpadSG6hxVwqKyumVIGvDd2xc=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR0601MB3671.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(376002)(39860400002)(346002)(366004)(396003)(136003)(16526019)(186003)(6486002)(2906002)(31696002)(15650500001)(31686004)(83380400001)(44832011)(8936002)(956004)(86362001)(2616005)(75432002)(478600001)(53546011)(26005)(316002)(6706004)(66946007)(66476007)(66556008)(5660300002)(6916009)(16576012)(786003)(8676002)(36756003)(3940600001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 6UUysPbdEQfr5ddCYkfyyBAz9dDliG9+812Du6PZQrSpdfFIfyf0f8Cyh3Blm8cu4fCzEEsg3T0mp/Dea8UkIjuwevIqIUxEXw9rio8I1aGZC9UzePhHs+nm48Md9XTMp2ddU8Tl3AHHZaX7v5+ZxQJOMwTLCvfCVI15eO9t/Aq0qD4gHQn2pmY67GmeBKZXpcAP7Cl+SNB8YRK/yGaVHuSaD+cQsn2lmkB0kDWigPE6QuIJokzO1af4bqz/hqOYRgwDOAqLigZEIg660HjHsTSYLNqZugJWKAIMF+3iAAY2qoPKMs/lRc1vHlKa+vXz4dDyOSm7AlVevvdVmGqBTpwbhCQ5/sUWO0/BC2iAotKMD7OIvyvLpEXmF2wnmaKQCyAft3ZWurz13SdO2u9wT9Lk0pdEGDdTyrqVIJ9UoKF51lmxkr2J/K2koxYyUTUroMxddm0uWUy0M5OnWQSym4mTPzcihJBjMcYJRTTQiGsH4GIddpwZH+LkybiQprkP
X-OriginatorOrg: wisc.edu
X-MS-Exchange-CrossTenant-Network-Message-Id: 65003788-0002-4af4-78db-08d8359d297f
X-MS-Exchange-CrossTenant-AuthSource: DM5PR0601MB3671.namprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Jul 2020 22:00:39.7331 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 2ca68321-0eda-4908-88b2-424a8cb4b0f9
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: a/6VF7iDs+V37HsFGRW4P7ESwZVxgLPhcZXLGvu5l0WHjE5SX16zxV/5vMk644a6A6BVoPLPXwrIysVrt/QNMQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR06MB4810
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/xTFNb72VsvwfYdq1Dhfw6z8s2Og>
Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2020 22:00:46 -0000
On 7/23/20 8:07 AM, Joseph Brennan wrote: >> I think that we just have to agree that From-munging by MLMs is a permanent reality. It needs to be documented more prominently (and promoted as part of the DMARC marketing) so that implementations are more consistent, so that un-munging tactics and/or MUA behavior can be consistently implemented. >> > I'd be happier for the proposed standard to say that DMARC policy > "SHOULD NOT" be compromised by rewriting From lines-- and see how that > goes over. My reasoning is that blessing the practice makes it easier > for bad actors to craft spoofed mail and get it accepted. The opposite > of the purpose of DMARC, isn't it? (sorry, I forgot to reply earlier) I realize that your worry is valid if anyone attempted to un-munge the messages and then use the un-munged state somehow to validate authenticity. I assume that un-munging would only be attempted locally if the message passes DMARC and is trusted by local policy. (Similarly, as I've suggested in other contexts, it would be nice if the Receiver could preemptively communicate this trust to the Intermediary so that the munging didn't need to occur in the first place and ARC could come to fuition, but I digress.) As others have said, munged messages sent via a MLM aren't much different than someone posting to a web form and it then distributing the post to a set of email recipients. That web form isn't expecting to be able to use the author's domain, and the pattern it uses in the Friendly From is somewhat arbitrary and could be co-opted by spammers. I don't think that bad actors crafting is a huge worry since I think that in both scenarios it would just fall back on the reputation of the domain (and other factors). (just spit balling... it's getting late on a Friday...) Perhaps an interesting local policy enforcement (to get at your concern) would be to require that messages with certain Friendly From patterns to be DMARC aligned (regardless of policy) since I could assume that any MLM (that I care about) that's DMARC aware enough to munge would also have aligned SPF and/or DKIM results. Jesse
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- [dmarc-ietf] Response to a claim in draft-crocker… Kurt Andersen (IETF)
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker on behalf of Kurt Andersen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] no from addresses nowhere, Respo… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Benny Lyne Amorsen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Benny Lyne Amorsen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Doug Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- [dmarc-ietf] DMARC marketing Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Joseph Brennan
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Benny Pedersen
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Benny Pedersen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] DMARC marketing Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker