Re: [dmarc-ietf] Signaling MLMs
Benny Pedersen <me@junc.eu> Wed, 19 April 2023 13:51 UTC
Return-Path: <me@junc.eu>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33AD0C137386 for <dmarc@ietfa.amsl.com>; Wed, 19 Apr 2023 06:51:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=junc.eu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bkTiHYnR-Ueo for <dmarc@ietfa.amsl.com>; Wed, 19 Apr 2023 06:51:22 -0700 (PDT)
Received: from mx.junc.eu (mx.junc.eu [172.104.150.56]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CD82C15DD6A for <dmarc@ietf.org>; Wed, 19 Apr 2023 06:51:20 -0700 (PDT)
Received: from localhost.junc.eu (localhost.junc.eu [127.0.0.1]) by mx.junc.eu (Postfix) with ESMTP id 7781183319 for <dmarc@ietf.org>; Wed, 19 Apr 2023 15:50:54 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junc.eu; i=@junc.eu; q=dns/txt; s=default; t=1681912254; h=from : subject : date : to : message-id; bh=k/BI2WGHWvle9b4eJTrO9ybLkAM912LMEIUwXymk2Hk=; b=RzDGrmCHD05l2iOj597dFmCftN657Jd94cQGx/i3M4xFtCZvlRg/oQ0QL5qQ3Wlzr5MKQ O6cqvBprMzNuNkLln/cwNRbO4t7aNr+2DX2GmSA5JHfy8w7fIOgOHintSN1UiOuqE5E8sKz iEXcZI6ePt+dHmFOWr74uA4pOVtx81Fn1IuJxdztgrQUx/t121Sn9yCUfzxT4rdU+Upr7/N siZoNEQ4WMlCpq9+T4udWSNayhzFX6gg40YJZR4a6kf6rzUcPvng68vWQX86XpfekC8ah0h lxyGBAIhcAox4nhZPELeo+YUn2tiQxmPdJsa+enztmRd/oaEGjBV5mpgBkVw==
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=junc.eu; s=default; t=1681912254; b=CQ6dkNYkbFDCFJy1Ks5rUtG0sAh74qnRM1lx00eML+z3eay7x6rVZJqU90MDhkaSgJ6Ul uD7IBujAG4SJIO8J7Dh5gfUqEFSGKnzXHNAhJ+Ec3LkvjTMPFkvGcxCTfd5p74PeDPezLVt bwxVAK13FiuOFhnB2FQpCYUXTDQWbsWcG88b3CJ4ue2zxNtb4DbCywt7MFN8jKWkk1lT0GC f72m5XuuxuDfk3Eg7w093wu/5rldr4uf3U0FCaANE+4dDiVezW16ndpfjaphl5GtJgR7U9F 3fx1iueBsEgqI7cObaV67fMxZxrf7SeGzxm4uMaH1+RIQaiROIE4aBWNeIyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=junc.eu; s=default; t=1681912254; h=from : subject : date : to : message-id; bh=k/BI2WGHWvle9b4eJTrO9ybLkAM912LMEIUwXymk2Hk=; b=r9t04NjlYYZFoYckJt364lQ2jkjkGCpfeePdqJuRrSc7cyvvhmXNGDeSCCPMPMtzNn38m IMJV/wcfcE7oqQc87rUIIlP5k2oR4XqOmliB8TzOmdZX74Bh+AQkdmOKzxHAX1J5ed7xXFL AdS0m8sJEXC990ay7r2dj1vONDJ2RponaUR8Mg/+pdjSPWSXp9vVKjsJeQ4SDU2oejiY7KS yEyOV1ve5aT5O/U0Euz/pg4YRU7YcPyx6rQgVsgGfomdoAWWnzkfdJNqJpGUkGENvr3yZf5 MR4Gd2EDVv01aEp0B1zel3pGUTfPbHiyZmOOlDueGi4602Kgm6R1fL+YiWKA==
ARC-Authentication-Results: i=1; localhost.junc.eu; iprev=pass
Authentication-Results: localhost.junc.eu;iprev=pass
Received: from localhost.junc.eu (localhost.junc.eu [127.0.0.1]) by mx.junc.eu (Postfix) with ESMTPSA id 593DD8192D for <dmarc@ietf.org>; Wed, 19 Apr 2023 15:50:54 +0200 (CEST)
MIME-Version: 1.0
Date: Wed, 19 Apr 2023 15:50:54 +0200
From: Benny Pedersen <me@junc.eu>
To: dmarc@ietf.org
In-Reply-To: <dee4a66a-4741-264f-07d6-19c4db957748@tana.it>
References: <5DAE096A-B547-4569-A3C6-34ED9EC91B2D@isdg.net> <AA303EAF-76DA-4FAD-877D-C7B0143E21D3@marmot-tech.com> <643CB79E.7060309@isdg.net> <01ffe451b5f6e748cdcd295221f085e4@junc.eu> <D791743D-9E7F-4724-8181-44EF6148F5B3@isdg.net> <c19d02bdc96f8f016af430710ccb4247@junc.eu> <10c5dcb4-4eca-b6f4-6a76-29faf2700f76@tana.it> <A8C8D8CA-47D5-40FC-B164-E8CB221B3F35@isdg.net> <0e65af20ba017692818670b156151e4f@junc.eu> <dee4a66a-4741-264f-07d6-19c4db957748@tana.it>
Message-ID: <b218707b5da0e0d143a158728a51d59c@junc.eu>
X-Sender: me@junc.eu
Organization: junc.eu
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/zjj4ZODBF5xf3PugB3v8s51xjxA>
Subject: Re: [dmarc-ietf] Signaling MLMs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2023 13:51:27 -0000
Alessandro Vesely skrev den 2023-04-19 11:09: >>> Benny is telling the world “ietf.org [1] is authorize to resign on my >>> behalf” via DNS. No headers required. No delayed learning >>> necessary. > How would I get a clue of that? reading books ? >> if all maillist did arc on incomming mails before mailman scrapled >> dkim then all will be good, only left is dmarc is not in all places >> tests arc results > It is all too easy to spoof an ARC chain offering false authentication > results. ARC chains is untrusted by defaullt, where is the problem ? > Allowing ARC to override DMARC result requires the ARC > signer to be whitelisted. whitelisted is not right word for it, its either trusted or untrusted > Now, one can object that whitelisting could be done by DKIM, by SPF, > by DNSWL, without the need to introduce a new, long-winded protocol. > However, ARC brings a couple of advantages: > > 1) In case of multiple forwarding steps, ARC delivers an ordered and > cohesive chain which is easier to verify than a messy mass of DKIM > signatures. recipients should only care of dmarc, not dkim/arc/spf fails to make this work dmarc must trust arc > 2) Authentication results, which normally are deleted or renamed on > crossing ADMD barriers, can be exported. well it scramples dkim, no go > As they can sometimes be > checked against message transformation, fraudsters can in the long run > be debunked. if we keep the problem on maillist we lost all the goods dkim protect, i dont want this i still wonder what errors done in rspamd now :/ my dmarc policy is none, but rspamd says its reject, hmm
- [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Todd Herr
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Steven M Jones
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling forwarders, not just M… John Levine
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Todd Herr
- Re: [dmarc-ietf] Signaling MLMs Barry Leiba
- Re: [dmarc-ietf] Signaling MLMs Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Mark Alley
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Dotzero
- Re: [dmarc-ietf] Signaling forwarders, not just M… John R Levine
- Re: [dmarc-ietf] Signaling forwarders, not just M… Todd Herr
- Re: [dmarc-ietf] Signaling forwarders, not just M… Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Dotzero
- Re: [dmarc-ietf] Signaling forwarders, not just M… Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Brotman, Alex
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling forwarders, not just M… John R Levine
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling MLMs John Levine
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling forwarders, not just M… Alessandro Vesely
- Re: [dmarc-ietf] Signaling forwarders, not just M… Alessandro Vesely
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Dotzero
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Jesse Thompson
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Laura Atkins
- Re: [dmarc-ietf] Signaling MLMs Jesse Thompson
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Give up on SPF alone Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs John Levine
- Re: [dmarc-ietf] list history, Signaling MLMs John Levine
- Re: [dmarc-ietf] list history, Signaling MLMs Jesse Thompson
- Re: [dmarc-ietf] list history, Signaling MLMs John R Levine
- Re: [dmarc-ietf] list history, Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] list history, Signaling MLMs Hector Santos
- Re: [dmarc-ietf] list history, Signaling MLMs Wei Chuang
- Re: [dmarc-ietf] Give up on SPF alone Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely