IETF Logo Mail Archive

Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts

"Murray S. Kucherawy" <superuser@gmail.com> Mon, 28 November 2016 19:33 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A258E12950B for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Mon, 28 Nov 2016 11:33:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.589
X-Spam-Level:
X-Spam-Status: No, score=-1.589 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_SIGNED=0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YCs6AWccTIKl for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Mon, 28 Nov 2016 11:33:29 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61450129492 for <ietf-dkim-archive@ietf.org>; Mon, 28 Nov 2016 11:33:29 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uASJXga5007739; Mon, 28 Nov 2016 11:33:43 -0800
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=gmail.com header.i=@gmail.com header.b=qpMmbS2G; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from mail-ua0-f170.google.com (mail-ua0-f170.google.com [209.85.217.170]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uASJXeDh007735 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <ietf-dkim@mipassoc.org>; Mon, 28 Nov 2016 11:33:41 -0800
Received: by mail-ua0-f170.google.com with SMTP id 20so154235301uak.0 for <ietf-dkim@mipassoc.org>; Mon, 28 Nov 2016 11:32:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Xuw+25jrDc09YwvgDYgL0rJuznJS+kBIL0tkeqb4je4=; b=qpMmbS2G+3rnSo5GtzxvpVf8kRh7vR6tmJTaheKP2p+EcdJHPbydv8FHxaFCq8d7s4 +oyUo47dNSo8HbOJ+u8wv5kfl50ghkz9+MUSfFxzQ9wkd6ratxzVIHHb6Yxgg4KYjKnC wbwPIgCkySfWTsjzrnV7FaHOPVG1hYUHmgnVsfNXPaoc2HzEIAkEoitmymR8jq8N4w0U KEu53qpyUcf7kYBdA9atBDSxd50zc+YAID5ZpwDRGf9h6haFuui/5P22yCMvHrxtvNtw KN7cL7IJvoguoaJKUrWxV+IZ+Fto/Gmt9zMuNH/Of2J7mb/HSn+6PhEpUyMakMzd2+PS gnZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Xuw+25jrDc09YwvgDYgL0rJuznJS+kBIL0tkeqb4je4=; b=MSPfSkBtlR3mDW0z0PuMF9d26ap6zAwfsg1MocjuDhSMGr96BaBteIgezjBleFB7yJ IQedsRoVj5buq2mVmGgun3PBrvO6EbT3wucNtlSNlYA5skPCpR/TU7YQ6oMsx0tLcWjn A6Jly+zEtOeMa9fWJIZWLQE51bJV4Bo2sbx0PGRQ9Em239CqsSpSe9MCA7TPdtK70eSY jhmdZOSGJILFNQ9Kh8RMI+hvmyXxRFU8Y0RvI09XZvzu1bIinMpV3pJUNbxE9bOdw4u/ F7bO2nd4OqPeST8fLWPui5wr0eHKOdKujueApUXMQFP+K0wP6nsSoS/gnFqVpiPSe48y gK8g==
X-Gm-Message-State: AKaTC00fsm6nwSRU8UJvBb3a5dH4oTGnUS6z3yftS1Q2FtldtCVrukwoepKhJdra09Xu1pimvCscfXQkNWVvqA==
X-Received: by 10.176.81.18 with SMTP id e18mr13929310uaa.5.1480361552977; Mon, 28 Nov 2016 11:32:32 -0800 (PST)
MIME-Version: 1.0
References: <CAL0qLwZprdqTEpjd9Z+prf0m8B7gZ=-mWXm+dzy-WBN-0HyRww@mail.gmail.com> <20161113123942.16367.qmail@f5-external.bushwire.net> <CAL0qLwaZeC_4=k80jDQuhT=eLUUd1pqq1xgHGmtGjneU91odGw@mail.gmail.com> <1f8aab9c-655a-123c-ab3d-4e4a216b47fe@mtcc.com> <4c90b6a6-edd5-8a88-17be-f024416e93dc@bluepopcorn.net>
In-Reply-To: <4c90b6a6-edd5-8a88-17be-f024416e93dc@bluepopcorn.net>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Mon, 28 Nov 2016 19:32:22 +0000
Message-ID: <CAL0qLwaHzZDECytyZHdQ7oqY5zZHY9ccVNyupQ8uc88inbxmOg@mail.gmail.com>
To: Jim Fenton <fenton@bluepopcorn.net>, ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============7930707940989208173=="
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>

Yes, later in the thread we all agreed that "don't do this" is far better
than any protocol solution.

On Mon, Nov 28, 2016, 11:30 Jim Fenton <fenton@bluepopcorn.net> wrote:

> Waking up to this thread a little late...
>
>
> On 11/14/16 7:38 AM, Michael Thomas wrote:
>
> On 11/13/2016 09:38 PM, Murray S. Kucherawy wrote:
>
> On Sun, Nov 13, 2016 at 9:39 PM, Mark Delany <sx6un-fcsr7@qmda.emu.st>
> wrote:
>
> Hi Murray.
>
>
> Mark!
>
> > RFC6376 and even RFC4871, but now it's apparently happening
>
> I'd be interested to hear about the actual scenarios. Are the targeted
> users somehow given an indication that the email verifies and it's
> from a credible domain and yet it contains a malevolent payload?
>
>
> As I understand the attack:
>
> Spammer tries to send spam to a victim.  The MSA blocks this because it's
> spam.  However, the spam filter is not applied to mail sent by the spammer
> to itself, because why would that be a problem?  So the spammer sends
> itself a piece of spam, which the MSA dutifully signs.  Then the spammer
> downloads that message and remails it using whatever envelope it likes.
> The signature will continue to validate, carrying the reputation of the
> signing domain through any whitelist or other system that says this signer
> tends to send good mail.
>
>
>
> This sounds like a misconfiguration problem.It's a problem because it's
> $spam/$malware/$bad regardless of who the recipient is.
>
> The rule is: if you think it's bad, don't sign it. If you sign it, you own
> it.
>
> So to put Mike's comment a different way: Why is the MSA signing something
> that isn't subject to scrutiny? If the message is just going back to the
> sender, it doesn't need a signature.  It sounds like this problem could be
> addressed by putting signing after the outgoing spam check, with no change
> to the protocol.
>
>
> -Jim
> _______________________________________________
> NOTE WELL: This list operates according to
> http://mipassoc.org/dkim/ietf-list-rules.html
>

_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email