IETF Logo Mail Archive

Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts

Brandon Long <blong@google.com> Tue, 22 November 2016 03:17 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA821129427 for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Mon, 21 Nov 2016 19:17:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.289
X-Spam-Level:
X-Spam-Status: No, score=-1.289 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_SORBS_SPAM=0.5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1RMdNOg3AEmq for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Mon, 21 Nov 2016 19:17:38 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD4071293FE for <ietf-dkim-archive@ietf.org>; Mon, 21 Nov 2016 19:17:38 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAM3HimL018487; Mon, 21 Nov 2016 19:17:45 -0800
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=google.com header.i=@google.com header.b=O5HIusRw; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from mail-oi0-f45.google.com (mail-oi0-f45.google.com [209.85.218.45]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAM3HfBl018461 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <ietf-dkim@mipassoc.org>; Mon, 21 Nov 2016 19:17:42 -0800
Received: by mail-oi0-f45.google.com with SMTP id w63so5533772oiw.0 for <ietf-dkim@mipassoc.org>; Mon, 21 Nov 2016 19:16:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=7Q8pZlJjtfjL0LvI4fjzwPh98PPYAmouQlvuby3151Y=; b=O5HIusRwG0pEr2z1u7Gqk6R6L86G1LcCnIhOlWPRfRfU6GXVlhQy+IIl3n/nftwuV4 9uE5uOfigvD5522o464FDRYcgdwjiY7x1iMdrmlpA3r4ee04h1BY+0RfAaE75Bd3+n+X 8AGbU/lGyeT1ztUa0EgHnvliMOHbw8wHP/oGbWjG6MdVn2n+w22oyyGTXqVVGPzqIL3f g3K8PFttEbXhycdYPGCkZf9KmOFGRVtBAdCLTcRVoFOY36dFAZQzu1LrNewCyorWgllJ R50Yw9PE1BBCKTwnXvaptyQKQ9U7+YYw8+0DRnGIuaLEG/9oi5NE9v1IauJLhRKgqOjY EXqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=7Q8pZlJjtfjL0LvI4fjzwPh98PPYAmouQlvuby3151Y=; b=jn3oZRDNVbmRX3akTkBXewlKJpWYc5WaZ+0J992SREXfBHYgwxch9MiZvdhlFWO6rQ Iryx9ahf3CrP9eDnttb4pSsbfg7zNQS0kfn+DtWrRUvS4iZqVP9NnVsLMSniWcGehXe+ zHAvw1mImOIPS8JC094yg7OuZVLi7nXgC+CSiivOUkTOOwTWm9AMPTEZjUkwJ/UxFOxs vMn01oe0WwTI900PM+fiO5yQL+QeV7+U1BAKXRnekVcwaeVVgoOYTaJBSx8X7lAxBoDc 6wvyDyeJ7FcthXoskaz1NE3X5RTsMgOtqDA1ssl55uaeIY1hRfuGQAXx2O3bzSnwJzJx x/Pg==
X-Gm-Message-State: AKaTC026sSm6ANz0cMBB6PK4ny9FAtF0POaKLj0prU4g8db5fZZcpgXFCtRMw/65lcrWbWqMu6pd7pFM5u8qkR9Z
X-Received: by 10.157.3.102 with SMTP id 93mr11839915otv.30.1479784597267; Mon, 21 Nov 2016 19:16:37 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.42.43 with HTTP; Mon, 21 Nov 2016 19:16:35 -0800 (PST)
Received: by 10.157.42.43 with HTTP; Mon, 21 Nov 2016 19:16:35 -0800 (PST)
In-Reply-To: <alpine.OSX.2.11.1611212129030.27567@ary.qy>
References: <alpine.OSX.2.11.1611142158000.21738@ary.local> <01Q7ASDZFS6C011WUX@mauve.mrochek.com> <CAL0qLwazAg2UJvGAr+nx8R_xEbc4xV0ttPEWFKUD69u6xXaMhA@mail.gmail.com> <CAL0qLwaMzy=qeW5XYZ_txPaiYE27Oof+C5V1uRANvv-_cayOcQ@mail.gmail.com> <CY1PR00MB0107389F8FE73F140849A19996BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <2736ea21-69e6-83b1-3b59-377c032290b5@dcrocker.net> <CY1PR00MB01072F4EB32969888104C45196BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <CAL0qLwbdNVwT-xiCmxyhSqKcp4-hCA1COHKh0wdYrYEekzZ=XA@mail.gmail.com> <3009defcc6dc9043823618dbc338460d@xmail.mwn.de> <CAL0qLwbvqABZGsm2Hp20y8wgvQTKvPn+EBKiS37eMrp+9NemjA@mail.gmail.com> <da2e49df90980fe460d1effd7734ef42@xmail.mwn.de> <CAL0qLwbA6Vjqpi5hGOtbpLV9FwgDO3VVA=Q5GgAU9F0qOsQCNQ@mail.gmail.com> <63a2bfc52a81eb569a0af5e1699390d9@xmail.mwn.de> <CAL0qLwZ42=GFDRm7H0qQ_7bczY8CPQaEuSUfgFEbO_Y5+5YvqA@mail.gmail.com> <CABa8R6ut_+PNm3xhSu7wQF4bEv_fN3EZESZZYWLaj=A7RECruQ@mail.gmail.com> <alpine.OSX.2.11.1611212129030.27567@ary.qy>
From: Brandon Long <blong@google.com>
Date: Mon, 21 Nov 2016 19:16:35 -0800
Message-ID: <CABa8R6s4nqgwt6fpODuxjtz437EU9G-yUH7Yiwnj+mb86ETduA@mail.gmail.com>
To: "John R. Levine" <johnl@iecc.com>
Cc: ietf-dkim <ietf-dkim@mipassoc.org>
Subject: Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============3785442879216517129=="
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>

On Nov 21, 2016 6:30 PM, "John R. Levine" <johnl@iecc.com> wrote:

Also realize that this isn't "Gmail shouldn't sign spam", it's everyone who
> normally has a good reputation needs to not sign spam, this is a way to
> steal reputation from any service allowing you to choose your own message,
> and can be used against any mail receiver.
>

Just wondering, roughly when would you use the no-forward flag?  I hope you
wouldn't use it on everything, since that would make DMARC have far worse
effects on legit mail than the current mailing list issues.


No, I'm not recommending -all.  I'm saying that this increases the value of
an spf pass in your spam filtering.  Ie, an spf pass and a dkim pass is
worth more in your scoring than a dkim pass and spf fail.

Which is obviously a short hand for how it's actually used, but that's the
general form of working this attack.

A dkim with hidden knowledge of recipient will survive forwarding with some
amount of work on sharing knowledge of forwarding paths, but without that
is no better than spf.  ARC would allow forwarding spf pass info, which
would be useful, but isn't available.

Brandon

_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email