Re: [dmarc-ietf] Sender vs From Addresses

John R Levine <johnl@taugh.com> Thu, 25 March 2021 18:23 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 060CE3A2965 for <dmarc@ietfa.amsl.com>; Thu, 25 Mar 2021 11:23:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=S8GcJKNI; dkim=pass (2048-bit key) header.d=taugh.com header.b=XK4DpS/v
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jtg7xnTC64yH for <dmarc@ietfa.amsl.com>; Thu, 25 Mar 2021 11:23:53 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50EFA3A2974 for <dmarc@ietf.org>; Thu, 25 Mar 2021 11:23:53 -0700 (PDT)
Received: (qmail 71497 invoked from network); 25 Mar 2021 18:23:47 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type:content-id; s=11746.605cd533.k2103; bh=qOozWv6nfng17CGTiLHQ6bGjlhcv9zHnEwHI/BLyKDM=; b=S8GcJKNIXNAvhjyjoTYaMI8YOz9t6lXuyKPm2TbAIx06R0yW+4TLYxScN3WOEfb93NH0DiTgk2PUyaVie4nh4HioRtvPg6sU8W6ys8vGGUO0hJCY0qp92oU6tdY23nvZoVYOvPd3RzwQQaM1aJsKVkMopA9Kc0gbT5ERzJVvKnKfWAXD40JeXOMUCiyxTmE4bCLft0uQFeANFLxbBT0rmpCHKvoY4YwO29QrMaMMFCxYbUxL3vKjzv539fch8/NF0+ZnI7/k075AA4f9qRHkKrO/8EsGuf2zO7QjL3Xm4w9VcwX+iZgGOa8djc7ECM/9j+9FZ+6tJ8DuxMgypdeAtw==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type:content-id; s=11746.605cd533.k2103; bh=qOozWv6nfng17CGTiLHQ6bGjlhcv9zHnEwHI/BLyKDM=; b=XK4DpS/v9MIBZuP/ybZKFrGL544e1xY+p/eoYPBlxjJG7eox2gaQugtWDRwdrR0jFGRD6OSkVaoWAnauyewLEukgGk4CavOjnT5iJ06jQTPx7BAMaswsD8RZFKmAqTCnow2FuqfyqSxXXGqSvp+Q0WD4w1aOXzL3DLqQ8a9/074zGw0aq3YdmScKfffB6r0NWYyGs0l3GiJcjsFJF1a5iX2IWdGweb7aEVmdHwJfTS1VT328q6PBqOOW/xYv5vNaijdHJCTG/yDmnjnXl+GYbzHtLFsXJcsEoZ0A+ouUk+LpR6PjcvwA0jv5koo0PK4aJtP8JB3nfHFuRi8EqcedwA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 25 Mar 2021 18:23:47 -0000
Received: by ary.qy (Postfix, from userid 501) id 0580D714190A; Thu, 25 Mar 2021 14:23:46 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id 59CF171418EC; Thu, 25 Mar 2021 14:23:46 -0400 (EDT)
Date: 25 Mar 2021 14:23:46 -0400
Message-ID: <2ea2767-4940-77d1-e09e-a0ab215f9c9e@taugh.com>
From: "John R Levine" <johnl@taugh.com>
To: "Gren Elliot" <gelliot@mimecast.com>, "Kurt Andersen (b)" <kboth@drkurt.com>, "dmarc@ietf.org" <dmarc@ietf.org>
X-X-Sender: johnl@ary.qy
In-Reply-To: <4677E791-B028-4CAC-9752-0F4D8F1B0103@mimecast.com>
References: <F1E2D8D7-9978-4C4B-9FD7-AB6428D12789@contoso.com> <20210324202058.91E777134D1B@ary.qy> <CABuGu1ovwwwwZALDOed74nBu1gOHcom8W+UDKC2GdWiEE_7yKw@mail.gmail.com> <4677E791-B028-4CAC-9752-0F4D8F1B0103@mimecast.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1660406422-1616623132=:31146"
Content-ID: <7620927e-3f8e-20e5-149e-fe967d3f7a47@iecc.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/zfWuPgPeodVVcrjhtlqKpE6DgQw>
Subject: Re: [dmarc-ietf] Sender vs From Addresses
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Mar 2021 18:23:59 -0000

> Calconnect’s TC-CALSPAM group is currently looking at this issue and 
> yes, the reason is because of real world corporations that use multiple 
> brands with different domains.  Typically employees got a single email 
> address on one of their domains but often work with people who have 
> email addresses in different domains.

Oh, OK.

It sounds like they're asking DMARC to do things it doesn't do. If you
can't ensure that everything sent with your domain on the From line is
signed with your signature, you shouldn't publish a DMARC policy.

While I am not opposed to a future tweak to DMARC to add some way to say
that A can sign for B, even if we did it, it would be a long time if ever
that DMARC verifiers implement it.  RFC 6541 added a third-party signature
option to DKIM in 2012, and after nine years, nobody implements it.

This is not the same problem as we have with mailing lists. If your
user's Sender and From domains belong to the same owner, it should be
a SMOP to add a signature in the From domain. I'm not saying it's
trivial, but this is how DMARC works. The rest of the world will not
change the way it works to adapt to your situtation rather than you
fixing your setup to work with DMARC as it exists.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly