IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC's purpose

Miles Fidelman <mfidelman@meetinghouse.net> Mon, 14 April 2014 18:17 UTC

Return-Path: <mfidelman@meetinghouse.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62A9E1A0203 for <dmarc@ietfa.amsl.com>; Mon, 14 Apr 2014 11:17:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.881
X-Spam-Level:
X-Spam-Status: No, score=-0.881 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kHREsi1ujjmO for <dmarc@ietfa.amsl.com>; Mon, 14 Apr 2014 11:16:59 -0700 (PDT)
Received: from server1.neighborhoods.net (server1.neighborhoods.net [207.154.13.48]) by ietfa.amsl.com (Postfix) with ESMTP id A92EF1A0673 for <dmarc@ietf.org>; Mon, 14 Apr 2014 11:16:59 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by server1.neighborhoods.net (Postfix) with ESMTP id CE0A7CC0B3 for <dmarc@ietf.org>; Mon, 14 Apr 2014 14:16:56 -0400 (EDT)
X-Virus-Scanned: by amavisd-new-2.6.2 (20081215) (Debian) at neighborhoods.net
Received: from server1.neighborhoods.net ([127.0.0.1]) by localhost (server1.neighborhoods.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id kxXGyS-uH98M for <dmarc@ietf.org>; Mon, 14 Apr 2014 14:16:52 -0400 (EDT)
Received: from new-host.home (pool-173-76-155-14.bstnma.fios.verizon.net [173.76.155.14]) by server1.neighborhoods.net (Postfix) with ESMTPSA id 4FD75CC0BF for <dmarc@ietf.org>; Mon, 14 Apr 2014 14:16:52 -0400 (EDT)
Message-ID: <534C2614.6090400@meetinghouse.net>
Date: Mon, 14 Apr 2014 14:16:52 -0400
From: Miles Fidelman <mfidelman@meetinghouse.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
MIME-Version: 1.0
CC: "dmarc@ietf.org" <dmarc@ietf.org>
References: <534699BA.9010602@melix.net> <5346BD0F.8030600@bluepopcorn.net> <6.2.5.6.2.20140412013413.0ba16da8@resistor.net> <534931B1.4010407@meetinghouse.net> <5349537A.8000604@gmail.com> <20140412151013.GA29795@roeckx.be> <CAL0qLwZhZ1d_r+3vooXR2Janu0HxV-b5sNaeWzjR-955pZbiQg@mail.gmail.com> <20140414174358.GA23168@roeckx.be>
In-Reply-To: <20140414174358.GA23168@roeckx.be>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dmarc/zc2084YOUuFKGvKghpGgF963GlE
Subject: Re: [dmarc-ietf] DMARC's purpose
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 18:17:03 -0000

Kurt Roeckx wrote:
> On Mon, Apr 14, 2014 at 12:42:25AM -0700, Murray S. Kucherawy wrote:
>> On Sat, Apr 12, 2014 at 8:10 AM, Kurt Roeckx <kurt@roeckx.be> wrote:
>>
>>>> 2.  The spec is clear about how it works and what the implications are.
>>>   The
>>>> issue with mailing lists is well-documented.
>>> I don't agree with this.
>>>
>> If you have any specific suggestions for how it can be improved, now would
>> be a good time to make them.
> I thought I made my comments about this in the past, but I can't
> actually find them.  Some of them are:
> - It does not describe how it (ab)uses existing technology and
>    breaks existing things.  It's not clear what the effects of the
>    alignment is.
> - It does not say anything about how participating mailinglists
>    should behave
> - It's not clear in how reports should look like for messages that
>    don't pass.  It would help that there were examples in it.
>
> What would also help is:
> - Implementations that actually follow the spec.  So far I have
>    received 0 report mails that follow the specification.
>
And a definitive statement as to whether or not Yahoo's implementation 
recognizes Original-Authentication-Results - which would represent a 
low-impact way to interoperate with DMARC.

Kind of trying to decide whether to invest time and energy in patching 
our Sympa installation to generate OAR headers - but so far, the only 
folks who claim to support it are Google - and I've received multiple 
anecdotal statements that "nobody has implemented it."
The dmarc.org faq recommends: "Add an Original Authentication Results 
<http://tools.ietf.org/html/draft-kucherawy-original-authres-00> (OAR) 
header to indicate that the list operator has performed authentication 
checks on the submitted message and share the results. " but a few days 
ago this was added: "*This is not a short term solution.* Assumes a 
mechanism to establish trust between the list operator and the receiver. 
No such mechanism is known to be in use for this purpose at this time. 
Without such a mechanism, bad actors could simply add faked OAR headers 
to their messages to circumvent such measures. OAR was only described as 
a draft document, which expired in 2012. No receivers implementing DMARC 
are currently known to make use of OAR from external sources. "





-- 
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra

v2.23.0 | Report a Bug | By Email