IETF Logo Mail Archive

Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows

Scott Kitterman <sklist@kitterman.com> Wed, 26 April 2023 02:07 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAD96C14CF12 for <dmarc@ietfa.amsl.com>; Tue, 25 Apr 2023 19:07:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="C/FYt/JT"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="VeNb4dg7"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jOvc7q85OCLn for <dmarc@ietfa.amsl.com>; Tue, 25 Apr 2023 19:07:15 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96580C152574 for <dmarc@ietf.org>; Tue, 25 Apr 2023 19:06:56 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id E8F38F80239; Tue, 25 Apr 2023 22:06:44 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1682474790; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=iUDTP6CT841QrvL563fHZxt1vj9+eCuxkdO06BGLPrs=; b=C/FYt/JT6RIWavcLl7FbHB1NdN/4XVnPbUTqHj2QOuy6CqLTAFx46B8PVzoIj+7FZ3FQJ hxbry7J5ggqhteXBQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1682474789; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=iUDTP6CT841QrvL563fHZxt1vj9+eCuxkdO06BGLPrs=; b=VeNb4dg7Z7ry9hgcK7v0T32ShSNlizr35rdUmi4cFj7gRYgjwsCdf1oHg2z7aYKhGClLY InHOMpdbaGocXIu3Hc6QQDk2YoZwG2YCvByYZ4nmuzvKFIClQ4SYtjWZDfL8b8H2RS2NA2B 3Ehfu1X2j7yi316tGHB/HgCU34ix8jpqATS6Ud8/bZTLMTgLBBsf72IVWQ3bt5Lj5KTILil LSViO/Ks9+Gpdd8m/lbp36yDfILpawuWqbQySr45A9bJCC2fzlX3TxDovGD2PrcFNp0TNLe OuRfhDYE9W2GH+zd5TlLwgg6+iwOt6vRg97f3+YYIkijxvs0VkWMifqOqbJw==
Received: from [127.0.0.1] (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id CFB97F8014A; Tue, 25 Apr 2023 22:06:29 -0400 (EDT)
Date: Wed, 26 Apr 2023 02:06:25 +0000
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
In-Reply-To: <644882A2.5050202@isdg.net>
References: <20230426010600.BDEC4C4E1FC2@ary.qy> <644882A2.5050202@isdg.net>
Message-ID: <C1711146-683A-4E1B-9476-41AE5AF70825@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/xs9uYrVLIcwLL_SRWXy8vp2Ro3Y>
Subject: Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2023 02:07:19 -0000


On April 26, 2023 1:47:14 AM UTC, Hector Santos <hsantos=40isdg.net@dmarc.ietf.org> wrote:
>On 4/25/2023 9:06 PM, John Levine wrote:
>> It appears that Scott Kitterman  <sklist@kitterman.com> said:
>>> My recollection is that a general formulation that I proposed had at least
>>> some traction out of both groups:
>>> 
>>>> [some appropriate description] domains MUST NOT publish restrictive DMARC
>>>> policies due to interoperability issues
>> This seems like a reasonable approach. As a purely practical point, I
>> cannot imagine this document getting through the IESG without some
>> clear guidance about DMARC's interop issues.
>
>+1
>
>> PS: If anyone was going to suggest we just tell people how to change
>> their mailing lists to work around DMARC, don't go there.
>
>I don't follow.
>
>A "no change" recommendation caused problems.  The current fix is:
>
>1) "Rewrite From" to tear down restrictive DMARC security,
>2) Prevent Subscription/Submission of restrictive DMARC domains.
>
>#1 is undesirable. Empirical practice on a different internet has shown when following #2, for an existing list with members with restrictive domains, they will essentially become Read-Only List members because any submission/reply by them will be blocked.
>

Hector,

I think we all understand that there are things mailing lists can do to mitigate the interoperability impacts of DMARC.  I don't think it's germane to the current question.  Please, let's stay focused.

Scott K

v2.23.0 | Report a Bug | By Email