Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields
Seth Blank <seth@valimail.com> Wed, 03 June 2020 00:13 UTC
Return-Path: <seth@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F5333A1147 for <dmarc@ietfa.amsl.com>; Tue, 2 Jun 2020 17:13:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B-ooeAcU1MXc for <dmarc@ietfa.amsl.com>; Tue, 2 Jun 2020 17:13:32 -0700 (PDT)
Received: from mail-wr1-x442.google.com (mail-wr1-x442.google.com [IPv6:2a00:1450:4864:20::442]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55A2D3A111B for <dmarc@ietf.org>; Tue, 2 Jun 2020 17:13:32 -0700 (PDT)
Received: by mail-wr1-x442.google.com with SMTP id x6so399094wrm.13 for <dmarc@ietf.org>; Tue, 02 Jun 2020 17:13:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=1hCDuhl2K5rTbm/xiu1Ooort4uqtob80E6Lu6z1t2Tk=; b=YJg4j9yFRwZ0CokFzxWCO6wfZo0w8h9aAWtmjagS0vLx0KeK5XO+pKD1ANNHe/t65q KkBzpR0eUGiqJUJDLniOSMln+1pyuXx/421MSC1YwlF58myxfWCG9aEXqP3MHjTvA5p0 LbfQs7NKpADkKACe7hrC+oXJUaurIyxkW9cuQqL4f8+E4EDgYqNfTDgNB83qUj7cexKO LslOFzHpp/B/lCahVJOA2GAjSALZlC0Sx3Uz9Ltp6lDr7Ev4sc6k20rRgQT0r7eECUxw DnSpSDSfDl9v9K6/tGTVF8Ku+J22ZEuZFGSueEfHz5McO/eiWj/ob+5YSiaX+jbtwaEr TgHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=1hCDuhl2K5rTbm/xiu1Ooort4uqtob80E6Lu6z1t2Tk=; b=Eiy+yhx5iSNPESVWZxdCzzqkEKXx/PUVf1ZJp/Gax3ngHRLZiZrrvBX6TuuuAdHy2F 2Uafc6P9eizI+dFakhOPpcabz/b1XmXztO39HMPssEfEwSiJzLEl+8PxBNOI0UVXfHnj OOqFaAOBkJ1HKyzoOplD2Z2rC5PZC2W8TyvT2OonREv4ctwOz9U6B+sVAFBi9q/Lm7Uq DcguTCMoPDtTReW0TdR8U9EpTDZ5AjULdQqUehpmI/hv8FJH1B39KvaHn5Bc/jKtwGT5 V3s/qt+Kq7cVlTByZi2A1XD7hk6l08fHba8g6Vh28JdLuPA9OJ9vy1wTPNoYC6OlAmHC J1pA==
X-Gm-Message-State: AOAM531c4ifvTC2nT0Yw9p061UXtja4Piq//lJrKUNTravz6GPoG4Ujm SnwhnCGbnH9YaefoOEsO5Z5sSGTK4/B/aAPAor1uLCts
X-Google-Smtp-Source: ABdhPJzNanDYxBGSwAJu9vVoiTuvXQowAtyf9GTaL+ZN7eBtoXPcw7AOIv42wMz2MGk94V+TqjlgwtvEzD/ELBUg8V8=
X-Received: by 2002:adf:f507:: with SMTP id q7mr27782885wro.353.1591143210469; Tue, 02 Jun 2020 17:13:30 -0700 (PDT)
MIME-Version: 1.0
References: <DM5PR0601MB367115AD49513EAF3953716CF68B0@DM5PR0601MB3671.namprd06.prod.outlook.com> <18441e8d-cf87-053e-4957-7b9d6ea9690c@gmail.com> <CABa8R6s7Lh_nihfH4Y8=JFCDFL6T_iEd+dBf7C=iW+5S3K4i3A@mail.gmail.com> <1093905c-7556-ab65-ae9f-6c97d1707878@gmail.com> <CAL0qLwYm=QnSLQ_n_+xq_vvEh47TJT+HXZKem5uKhtfRotKAbQ@mail.gmail.com> <c03d4ea4-20e1-12a6-9581-f51a81330ca5@gmail.com> <CAOZAAfO42WrYi6drByD=fdoU=1su-WO6nGH0OoEN1Txw2ONNvA@mail.gmail.com> <CAJ4XoYcyr-3Sdk+96AxJuKAjH124ziTLZV=1K__5ZF-ME3=G5Q@mail.gmail.com> <CAOZAAfMxVt8JsmXJcui-ejjvsjz3zdTegphA9jUJKQaVxEum-A@mail.gmail.com> <150bd1d9-dc9c-8183-308f-5e251caeac74@gmail.com>
In-Reply-To: <150bd1d9-dc9c-8183-308f-5e251caeac74@gmail.com>
From: Seth Blank <seth@valimail.com>
Date: Tue, 02 Jun 2020 17:13:19 -0700
Message-ID: <CAOZAAfNh=mEWxJt81wOMnttM2CcYW8DVzjzOnUqQ3x4jh3E5bQ@mail.gmail.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d8de8205a722e572"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/yllI_sxMQ535xEAltX9t760Eji4>
Subject: Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2020 00:13:34 -0000
On Tue, Jun 2, 2020 at 4:02 PM Dave Crocker <dcrocker@gmail.com> wrote: > On 6/2/2020 3:53 PM, Seth Blank wrote: > > The point I was trying to make is that consumers are susceptible to > > fraud, > > Of course they are. Unfortunately, that point is irrelevant, because it > isn't the question at hand. > Dave, this is exactly the point where I think we're on different pages. The From: domain matters because its contents affect user behavior. Unless I'm deeply misunderstanding your earlier posts (and I'm glad to be wrong here), you don't appear to believe this to be true. Alignment matters, because it ensures that the domain which is authenticated matches what the user sees in the inbox (because, rightly or wrongly, inboxes show the contents of the From: header field). When this match fails, a message can be rejected before it's ever in front of a user and capable of causing confusion or fraud. The point is NOT to change user behavior due to what is presented in the From:, it is to prevent manipulation of user behavior by only allowing From: domains to be displayed if they have been authenticated. Your argument seems to be that you don't believe that spoofing the From: domain leads to user impact, or am I completely misunderstanding you? Seth
- [dmarc-ietf] DMARC alignment conflicts with RFC 5… Jesse Thompson
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Brandon Long
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Pete Resnick
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Pete Resnick
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Murray S. Kucherawy
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Kurt Andersen (b)
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Seth Blank
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Hector Santos
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dotzero
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Alessandro Vesely
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Douglas E. Foster
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Jim Fenton
- Re: [dmarc-ietf] DMARC alignment conflicts with R… John Levine
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Stan Kalisch
- Re: [dmarc-ietf] About user notification in the M… Douglas E. Foster
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Scott Kitterman
- Re: [dmarc-ietf] About user notification in the M… Dave Crocker
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] About user notification in the M… Stan Kalisch
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Murray S. Kucherawy
- Re: [dmarc-ietf] DMARC alignment conflicts with R… Dave Crocker
- Re: [dmarc-ietf] About user notification in the M… Douglas E. Foster
- Re: [dmarc-ietf] About user notification in the M… Murray S. Kucherawy
- Re: [dmarc-ietf] About user notification in the M… Дилян Палаузов
- Re: [dmarc-ietf] About user notification in the M… John Levine
- Re: [dmarc-ietf] About user notification in the M… Stan Kalisch