Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

Seth Blank <seth@valimail.com> Wed, 03 June 2020 00:13 UTC

Return-Path: <seth@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F5333A1147 for <dmarc@ietfa.amsl.com>; Tue, 2 Jun 2020 17:13:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B-ooeAcU1MXc for <dmarc@ietfa.amsl.com>; Tue, 2 Jun 2020 17:13:32 -0700 (PDT)
Received: from mail-wr1-x442.google.com (mail-wr1-x442.google.com [IPv6:2a00:1450:4864:20::442]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55A2D3A111B for <dmarc@ietf.org>; Tue, 2 Jun 2020 17:13:32 -0700 (PDT)
Received: by mail-wr1-x442.google.com with SMTP id x6so399094wrm.13 for <dmarc@ietf.org>; Tue, 02 Jun 2020 17:13:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=1hCDuhl2K5rTbm/xiu1Ooort4uqtob80E6Lu6z1t2Tk=; b=YJg4j9yFRwZ0CokFzxWCO6wfZo0w8h9aAWtmjagS0vLx0KeK5XO+pKD1ANNHe/t65q KkBzpR0eUGiqJUJDLniOSMln+1pyuXx/421MSC1YwlF58myxfWCG9aEXqP3MHjTvA5p0 LbfQs7NKpADkKACe7hrC+oXJUaurIyxkW9cuQqL4f8+E4EDgYqNfTDgNB83qUj7cexKO LslOFzHpp/B/lCahVJOA2GAjSALZlC0Sx3Uz9Ltp6lDr7Ev4sc6k20rRgQT0r7eECUxw DnSpSDSfDl9v9K6/tGTVF8Ku+J22ZEuZFGSueEfHz5McO/eiWj/ob+5YSiaX+jbtwaEr TgHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=1hCDuhl2K5rTbm/xiu1Ooort4uqtob80E6Lu6z1t2Tk=; b=Eiy+yhx5iSNPESVWZxdCzzqkEKXx/PUVf1ZJp/Gax3ngHRLZiZrrvBX6TuuuAdHy2F 2Uafc6P9eizI+dFakhOPpcabz/b1XmXztO39HMPssEfEwSiJzLEl+8PxBNOI0UVXfHnj OOqFaAOBkJ1HKyzoOplD2Z2rC5PZC2W8TyvT2OonREv4ctwOz9U6B+sVAFBi9q/Lm7Uq DcguTCMoPDtTReW0TdR8U9EpTDZ5AjULdQqUehpmI/hv8FJH1B39KvaHn5Bc/jKtwGT5 V3s/qt+Kq7cVlTByZi2A1XD7hk6l08fHba8g6Vh28JdLuPA9OJ9vy1wTPNoYC6OlAmHC J1pA==
X-Gm-Message-State: AOAM531c4ifvTC2nT0Yw9p061UXtja4Piq//lJrKUNTravz6GPoG4Ujm SnwhnCGbnH9YaefoOEsO5Z5sSGTK4/B/aAPAor1uLCts
X-Google-Smtp-Source: ABdhPJzNanDYxBGSwAJu9vVoiTuvXQowAtyf9GTaL+ZN7eBtoXPcw7AOIv42wMz2MGk94V+TqjlgwtvEzD/ELBUg8V8=
X-Received: by 2002:adf:f507:: with SMTP id q7mr27782885wro.353.1591143210469; Tue, 02 Jun 2020 17:13:30 -0700 (PDT)
MIME-Version: 1.0
References: <DM5PR0601MB367115AD49513EAF3953716CF68B0@DM5PR0601MB3671.namprd06.prod.outlook.com> <18441e8d-cf87-053e-4957-7b9d6ea9690c@gmail.com> <CABa8R6s7Lh_nihfH4Y8=JFCDFL6T_iEd+dBf7C=iW+5S3K4i3A@mail.gmail.com> <1093905c-7556-ab65-ae9f-6c97d1707878@gmail.com> <CAL0qLwYm=QnSLQ_n_+xq_vvEh47TJT+HXZKem5uKhtfRotKAbQ@mail.gmail.com> <c03d4ea4-20e1-12a6-9581-f51a81330ca5@gmail.com> <CAOZAAfO42WrYi6drByD=fdoU=1su-WO6nGH0OoEN1Txw2ONNvA@mail.gmail.com> <CAJ4XoYcyr-3Sdk+96AxJuKAjH124ziTLZV=1K__5ZF-ME3=G5Q@mail.gmail.com> <CAOZAAfMxVt8JsmXJcui-ejjvsjz3zdTegphA9jUJKQaVxEum-A@mail.gmail.com> <150bd1d9-dc9c-8183-308f-5e251caeac74@gmail.com>
In-Reply-To: <150bd1d9-dc9c-8183-308f-5e251caeac74@gmail.com>
From: Seth Blank <seth@valimail.com>
Date: Tue, 02 Jun 2020 17:13:19 -0700
Message-ID: <CAOZAAfNh=mEWxJt81wOMnttM2CcYW8DVzjzOnUqQ3x4jh3E5bQ@mail.gmail.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d8de8205a722e572"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/yllI_sxMQ535xEAltX9t760Eji4>
Subject: Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2020 00:13:34 -0000

On Tue, Jun 2, 2020 at 4:02 PM Dave Crocker <dcrocker@gmail.com> wrote:

> On 6/2/2020 3:53 PM, Seth Blank wrote:
> > The point I was trying to make is that consumers are susceptible to
> > fraud,
>
> Of course they are.  Unfortunately, that point is irrelevant, because it
> isn't the question at hand.
>

Dave, this is exactly the point where I think we're on different pages. The
From: domain matters because its contents affect user behavior. Unless I'm
deeply misunderstanding your earlier posts (and I'm glad to be wrong here),
you don't appear to believe this to be true.

Alignment matters, because it ensures that the domain which is
authenticated matches what the user sees in the inbox (because, rightly or
wrongly, inboxes show the contents of the From: header field). When this
match fails, a message can be rejected before it's ever in front of a user
and capable of causing confusion or fraud.

The point is NOT to change user behavior due to what is presented in the
From:, it is to prevent manipulation of user behavior by only allowing
From: domains to be displayed if they have been authenticated.

Your argument seems to be that you don't believe that spoofing the From:
domain leads to user impact, or am I completely misunderstanding you?

Seth