IETF Logo Mail Archive

Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts

Hector Santos <hsantos@isdg.net> Thu, 17 November 2016 23:06 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7B73129408 for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Thu, 17 Nov 2016 15:06:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.991
X-Spam-Level:
X-Spam-Status: No, score=-100.991 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, USER_IN_WHITELIST=-100] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=isdg.net header.b=ZZLPvAy+; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=beta.winserver.com header.b=HX75AIRV
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pRttQYA-2bAJ for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Thu, 17 Nov 2016 15:06:15 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3B491293E1 for <ietf-dkim-archive@ietf.org>; Thu, 17 Nov 2016 15:06:15 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAHN6D2k008250; Thu, 17 Nov 2016 15:06:14 -0800
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=isdg.net header.i=@isdg.net header.b=ZZLPvAy+; dkim-adsp=fail (unprotected policy); dkim-atps=neutral
Received: from mail.winserver.com (pop3.winserver.com [76.245.57.69]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAHN69up008243 for <ietf-dkim@mipassoc.org>; Thu, 17 Nov 2016 15:06:10 -0800
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1560; t=1479423906; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=mWdMUJTVEssyjw74Bpbb0g5UqGc=; b=ZZLPvAy+LLsPq/hQPJzi pcn/AbZW4U9F5O5+nKW7uVDn841XuCRqFo9UQqtCZXprz9WpziYUYOsREfkZb5/9 OZ5TkQ2Dm/6B3Bqdk8WRvgt5SuO9v41akrWnZygpcVvydgREvYDTGVW8nrPi6XSM Xug7B4ARRBtAtZVUK/GtKec=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.5) for ietf-dkim@mipassoc.org; Thu, 17 Nov 2016 18:05:06 -0500
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.5) with ESMTP id 962865299.1.3872; Thu, 17 Nov 2016 18:05:04 -0500
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1560; t=1479423866; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=P3zQ0dm +uinbCW5Zt3i3jD1m2h3Z5HtjVUoRdf+NN8g=; b=HX75AIRVP/P/pF2cobchL8L urvQDegL4OFWX5IE7pWCyjOa3sEeyrUN18zHe+JID6B9IP+PuOSgNILt/TVdd8D0 BVIqAediYCn5KSO5s5ioJnR9bpba4ymZNZgOU1FQ3iBqnfPaMzZWxpMWJhWgkduJ ab2c+6oYlVFQATYyMQb4=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.5) for ietf-dkim@mipassoc.org; Thu, 17 Nov 2016 18:04:26 -0500
Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.5) with ESMTP id 959330343.10.219076; Thu, 17 Nov 2016 18:04:25 -0500
Message-ID: <582E379C.4040302@isdg.net>
Date: Thu, 17 Nov 2016 18:05:00 -0500
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: "dmarc@ietf.org" <dmarc@ietf.org>, Ietf Dkim <ietf-dkim@mipassoc.org>
References: <alpine.OSX.2.11.1611142158000.21738@ary.local> <01Q7ASDZFS6C011WUX@mauve.mrochek.com> <CAL0qLwazAg2UJvGAr+nx8R_xEbc4xV0ttPEWFKUD69u6xXaMhA@mail.gmail.com> <CAL0qLwaMzy=qeW5XYZ_txPaiYE27Oof+C5V1uRANvv-_cayOcQ@mail.gmail.com> <CY1PR00MB0107389F8FE73F140849A19996BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <2736ea21-69e6-83b1-3b59-377c032290b5@dcrocker.net> <CY1PR00MB01072F4EB32969888104C45196BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <CAL0qLwbdNVwT-xiCmxyhSqKcp4-hCA1COHKh0wdYrYEekzZ=XA@mail.gmail.com> <3009defcc6dc9043823618dbc338460d@xmail.mwn.de> <CY1PR00MB0107C2A78F65F65ED68920A796BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <582DBEF5.5010101@isdg.net> <CE39F90A45FF0C49A1EA229FC9899B05267A9A03@USCLES544.agna.amgreetings.com>
In-Reply-To: <CE39F90A45FF0C49A1EA229FC9899B05267A9A03@USCLES544.agna.amgreetings.com>
Subject: Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>



On 11/17/2016 9:34 AM, MH Michael Hammer (5304) wrote:

>>
>> For exclusive policies (SPF -ALL), you really don't need DKIM, DMARC or ARC
>> for that matter since the receiver (at least ours) will never accept the payload
>> anyway, i.e. it never gets to the SMTP "DATA"
>> state.  SPF does not require you to accept the mail for the hard reject policy
>> (-ALL).
>>
>
> Hector, the reality is that most mailbox providers do not reject on SPF -all because so many senders don't understand what they are "saying" with -all and the mailbox providers are the ones who get the complaints about mail not getting delivered. THAT is reality.
>

Is "MOST" 100%, 90%, 80%, 70%, 51%?  The fact is there are receivers 
that do reject on -ALL. Its doesn't matter if its 1%.  The specs has 
always allowed to be done and it is done.  That's the reality. All 
systems need to be ready to handle that situation.  The payload isn't 
even transferred. In the 13 years implementing it, I can't even recall 
one false positive. Another point is that many domains have switched 
their early SoftFail or Neutral setup to Hardfail for the primary 
purpose of rejection despite how a receiver will actually do 
rejection.  A good majority of high value domains are Hard Fails and 
have been for a number of years.  I just don't buy that the notion 
that senders don't know what they are doing.

In any case, my main point is that if you use SPF -ALL, you can bypass 
lots of unnecessary overhead processing in DKIM/DMARC or any related 
payload technology.

-- 
HLS


_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email