Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmarc-rcpts
Brandon Long <blong@google.com> Tue, 22 November 2016 05:17 UTC
Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 389B212956A for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Mon, 21 Nov 2016 21:17:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.789
X-Spam-Level:
X-Spam-Status: No, score=-1.789 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kNRmGFUdfpS3 for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Mon, 21 Nov 2016 21:17:57 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D488212948B for <ietf-dkim-archive@ietf.org>; Mon, 21 Nov 2016 21:17:57 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAM5I0lU023393; Mon, 21 Nov 2016 21:18:01 -0800
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=google.com header.i=@google.com header.b=b3RpKw9t; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from mail-oi0-f41.google.com (mail-oi0-f41.google.com [209.85.218.41]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAM5Hv5V023388 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <ietf-dkim@mipassoc.org>; Mon, 21 Nov 2016 21:17:58 -0800
Received: by mail-oi0-f41.google.com with SMTP id w63so7540473oiw.0 for <ietf-dkim@mipassoc.org>; Mon, 21 Nov 2016 21:16:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=hKaSJlzyxEzTDtZw2gKq5yfeH9bgiI6kp51kFRqKcYQ=; b=b3RpKw9t/4quYuRawru/i/CX+NaBtgIfCjLZpBdxFc2+2YFFgfmodcwO6SCqKGmC38 XjMN+RENyY+MWKsjCZ9RgPgIcwGd5DosENfqP7l6w29SGuDzrDWcbqjMsL+ZBG9hFx4a d/D93DcLhNH3yI8BuE99Wk4+PJXcG7xP6vl7QxhQp4QA790XFlfsmUXL8waIxWYKzO3L rN2Sth1pYZrn0rqyWVUzIJi0XU4Qd63evEcr1UXkUhv7nZ+tKd+WrLtcKcduio8AAy8E OzslsCVN9mI21ZPbhdhyjWuF6amL9fikji/aQduMH4UVnOC3s4Pbbq69f11nX2YT8zp0 GhDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=hKaSJlzyxEzTDtZw2gKq5yfeH9bgiI6kp51kFRqKcYQ=; b=ZcSKzi0Mr61HqrAy4j5thYtilOUujTeMlRADiCue4blOcYGtD8OTQaJOwj2uybVjq8 7jANNhtHGmWT+ZRiIgmEw+zSWyw4HYAO2bm/2IF7pUquUrsYcJPSzJf1eKxZR/YKjdVC C6W0LKX4l1K3/+tTn/oZSTOcv2dY67ljKFjM0eOgpEMNtSOxWznItOsTGq6twvaNtXey M+J39r3/YjK/z3/fV2+Fdx2itx7CmRN18fgR4ujxkS74qpCeIeBrQA+wA91u8H7iq32a 6LSuUhLbg7KBCPA6f8Fnmivknwn8tF2VBo002ZBeR3pD5+MZoUwgCe930LEV6Nmbs3Lo IdVQ==
X-Gm-Message-State: AKaTC00pwV65g4KUySm4uFEruJKtb0wWQWrnpc28McLiZGGvnU3lkiSBuCq6fRpUZvdi/k2HkImdin7VBmQN8zZ3
X-Received: by 10.157.48.112 with SMTP id w45mr10975135otd.198.1479791812924; Mon, 21 Nov 2016 21:16:52 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.42.43 with HTTP; Mon, 21 Nov 2016 21:16:51 -0800 (PST)
In-Reply-To: <CAL0qLwbAebKZSwL19M1YVMX1J822u9epwbz3HEdOUvfOjNHOhA@mail.gmail.com>
References: <CAL0qLwZprdqTEpjd9Z+prf0m8B7gZ=-mWXm+dzy-WBN-0HyRww@mail.gmail.com> <82FCD54F-7D3F-4778-BF6C-C7735EDB99AE@kitterman.com> <CAL0qLwZvL3MyUtcsfomHBkBreX3dEB+NsaYTp+_ziA2NNqt1Cg@mail.gmail.com> <37927422.Q9kxFfTxl2@kitterma-e6430> <20161115165319.GB30243@lapsedordinary.net> <FCE93B2B-5853-4A35-8A88-75B9F27970FA@kitterman.com> <20161115191729.GA3886@lapsedordinary.net> <CAL0qLwZ4Z0CTfJwaY5jMm8Z8==WPNMymOXy5QWg79m_GQEzC8Q@mail.gmail.com> <e2b21830-2f03-e012-6292-1439ef038727@mtcc.com> <CAL0qLwa_vPQGgBuX4g_62ef3K6g1aGDTBrYXk3bnZyRxvgQ4_Q@mail.gmail.com> <CABa8R6vCxDe73iwVR9apznCpBS28UnK=PUd2WgBzR3og4__ujg@mail.gmail.com> <CAL0qLwbAebKZSwL19M1YVMX1J822u9epwbz3HEdOUvfOjNHOhA@mail.gmail.com>
From: Brandon Long <blong@google.com>
Date: Mon, 21 Nov 2016 21:16:51 -0800
Message-ID: <CABa8R6sLKCgCXF7=cC1ScQA6YeXT0YMk6OSiPAiye8drZghKhg@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: ietf-dkim <ietf-dkim@mipassoc.org>
Subject: Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmarc-rcpts
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============5215637930705158825=="
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>
Well, besides the obvious damage of phishing/spam mails that may make it through filters because of this, yes, this can also be used to damage the reputation of senders. Gmail can probably weather the reputation issue, since we're a large high volume service, and antispam folks would have to mitigate in order to let through the regular high volume of "good" mail. Users tend to hate false positives more than false negatives. Same with most high volume / well known senders. It's the medium senders who are can be caught in a bind, effectively blacklisted. It's kind of like IP reputation or blacklisting if your server gets owned and is used to send spam, cleaning up after that is a not fun for the admin. Previously, most systems wouldn't have blacklisted a server for literally sending a single spam message (maybe if the recipient happened to be a particularly strong spam trap, but that would be pretty amazing). Now, a single spam message can be multiplied into blacklisting by dozens of mailbox providers. And, if you think about it, spam is in the eyes of the recipient. If you take this message I'm composing right now and send a couple billions copies to the top 10 mailbox providers, how many spam markings will it get? With some of the spammers we deal with, all they're looking for is clicks on the links in the email, there is nothing particularly commercial about the content itself. To believe that you can keep email "the same as it's been" and prohibit sending even a single weaponizable message is to ignore reality. That said, at this point most of the major mailbox providers have had to deal with this and have some level of mitigation in place. The rate at which we can deploy a new protocol to fix an attack like this is always going to be challenging, but it may be that this attack will continue and move down market in time, so a protocol could be available as other folks are abused or targeted. None of that speaks to whether this proposal is the right solution or if there is a good one. Brandon On Nov 21, 2016 4:27 PM, "Murray S. Kucherawy" <superuser@gmail.com> wrote: What's the actual damage here? Does, say, gmail.com's reputation suffer when it signs spam that then gets replayed? On Mon, Nov 21, 2016 at 4:04 PM, Brandon Long <blong@google.com> wrote: > In examples we've seen, the mail is delivered to a host and immediately > (seconds) picked up by the spammers botnet and millions of copies sent. > > Short of charging an exorbitant amount of money per message sent, I don't > see how any service can prevent sending a single spam message with 100% > accuracy. > > Brandon > > On Nov 15, 2016 12:52 PM, "Murray S. Kucherawy" <superuser@gmail.com> > wrote: > >> On Wed, Nov 16, 2016 at 5:11 AM, Michael Thomas <mike@mtcc.com> wrote: >> >>> So, when the filters catch up, it will then mark it as spam again >>> regardless of the DKIM signature. >>> >>> So what exactly is the problem here? >>> >> >> I suppose when the filters catch up, the spammer can no longer get >> $HIGH_REPUTATION_MAIL_SERVER to sign that message until the next hole is >> discovered. But everything submitted and replayed prior to that has >> already gone out and been delivered on the basis of that reputation. >> >> That's the problem here. >> >> -MSK >> >> _______________________________________________ >> NOTE WELL: This list operates according to >> http://mipassoc.org/dkim/ietf-list-rules.html >> >>
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
- [ietf-dkim] draft-kucherawy-dmarc-rcpts Murray S. Kucherawy
- Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts Mark Delany
- Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts Martijn Grooten
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Scott Kitterman
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… ned+dkim
- Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts Murray S. Kucherawy
- Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts Murray S. Kucherawy
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Murray S. Kucherawy
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Murray S. Kucherawy
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Murray S. Kucherawy
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Scott Kitterman
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Murray S. Kucherawy
- Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts Martijn Grooten
- Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts Murray S. Kucherawy
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Scott Kitterman
- Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts Michael Thomas
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Hector Santos
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Martijn Grooten
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Scott Kitterman
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Martijn Grooten
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Michael Thomas
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Murray S. Kucherawy
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Michael Thomas
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Murray S. Kucherawy
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Brandon Long
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Murray S. Kucherawy
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Brandon Long
- Re: [ietf-dkim] [dmarc-ietf] draft-kucherawy-dmar… Brandon Long
- Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts Jim Fenton
- Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts Murray S. Kucherawy