IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

John Levine <johnl@taugh.com> Fri, 14 August 2020 02:08 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85A523A0C04 for <dmarc@ietfa.amsl.com>; Thu, 13 Aug 2020 19:08:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=G2dIYSev; dkim=pass (2048-bit key) header.d=taugh.com header.b=NK0AErh1
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MQds_13j1oxs for <dmarc@ietfa.amsl.com>; Thu, 13 Aug 2020 19:08:08 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94FF93A03F5 for <dmarc@ietf.org>; Thu, 13 Aug 2020 19:08:08 -0700 (PDT)
Received: (qmail 10148 invoked from network); 14 Aug 2020 02:08:07 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=27a1.5f35f207.k2008; bh=5UoZIBYZAsVr8I63wIG3SOx3i/Z+SKV4F++Ne8ZuReI=; b=G2dIYSevj7/0e7C4aPDzj3zkJFzqrn9Qlx54QhW5x3S5tjtx+0b/PujVF67WX486zMsJoKrTweL7jPfNX3uHp1gTceLZvbMmHXn6ZAblP0yNPCV4fXDBEdaTYJL/H8F5sTi3qySbhKED0VwOX5PWha/Ndm2VQJZ5qiDmYqG8JytKxWff2oKqHCAhjikY8EebXanNoFvukt5qLR7Z/c9l0OVmuXewYS9ZdftWfMsxvNYw5NFluRBTuF7gDpeA2/35J56Pm6DeB3HxQvnSrRlAZW6r1GECSOl8JSy+xjeg48El0VOB0Qyb3viMK9qT113ufsnLAFvdEHlv0oug9+6oZw==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=27a1.5f35f207.k2008; bh=5UoZIBYZAsVr8I63wIG3SOx3i/Z+SKV4F++Ne8ZuReI=; b=NK0AErh1RbSmcSwXMh1xXHYE/Fx2FnGoRDPfQKexLDlqzqj8GKLaPU9SrUBcX2wj4MJwcxbw2bjlBIgnpnDP5wwJFREkJajp/6dqJqpxQXzGdHSogZqQf6sZcgjO7KnGOnHkB1flgkJ/pjP/Qpveb7q3TNkfunSLnS6eprVHb8HAYdh0g987vBSA25+IsOCLVvp0qI5Kb54hEyz+LT1ZCflc64R+vKk4D2tQzFrfiHaLFvmO6qcrcnndixnOWl73BfiYP80qEJCvdQM5haui8cv7IlWnCdJO5EcFz3l81OWGbe2Nm87LBvqQ63ePyVbwoYLcnxg+P5Ouj6vauQCmKA==
Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 14 Aug 2020 02:08:07 -0000
Received: by ary.local (Postfix, from userid 501) id 7D8BF1E92E0C; Thu, 13 Aug 2020 22:08:06 -0400 (EDT)
Date: Thu, 13 Aug 2020 22:08:06 -0400
Message-Id: <20200814020806.7D8BF1E92E0C@ary.local>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: dotzero@gmail.com
In-Reply-To: <CAJ4XoYfpGMUmkDkQYN0qZeNFi_xZjfR=99yVu0dgLz-z19iwfA@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/z_UWqk_u_QIQlYaAIzl2NkvNnPM>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2020 02:08:11 -0000

In article <CAJ4XoYfpGMUmkDkQYN0qZeNFi_xZjfR=99yVu0dgLz-z19iwfA@mail.gmail.com> you write:
>> "DISCUSS" shouldn't really be a joke. draft-crocker-dmarc-sender suffers
>from a similar problem as PRA in the SenderId draft. There is no way to
>validate that the specific intermediary is authorized by the (From) domain
>originating the email through it's generic signalling that it
>authorizes intermediaries. This means that any source can emit a message
>claiming to be a legitimate intermediary just as any source could game PR
>to gain a neutral result.

That's a feature, not a bug. I want recipients to be able to assess
the mail my lists send on its own merits.

>One could achieve similar outcomes using
>only reputation and local policy override of DMARC policy.

Only if you believe that the domain on the From: line is automatically
more credible than the one on the Sender: line. The whole third party
problem is that the people sending their mail through lists or
whatever are in fact doing so legitimately, but for various reasons
their organizations' DMARC policies lie and say they aren't.

R's,
John

v2.23.0 | Report a Bug | By Email