Re: [ietf-smtp] the point of domain authentication
John R Levine <johnl@taugh.com> Fri, 28 May 2021 17:23 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B4903A2F20 for <ietf-smtp@ietfa.amsl.com>; Fri, 28 May 2021 10:23:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=i5aibWqh; dkim=pass (2048-bit key) header.d=taugh.com header.b=nOMFG+I0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ypHL7L1RyuK for <ietf-smtp@ietfa.amsl.com>; Fri, 28 May 2021 10:23:02 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8AF53A2F23 for <ietf-smtp@ietf.org>; Fri, 28 May 2021 10:23:01 -0700 (PDT)
Received: (qmail 33524 invoked from network); 28 May 2021 17:22:59 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=82ec.60b126f3.k2105; bh=c3QABlNbC4ksrnZkLl/sT8d893n6oCPVAQnAFJOCoKg=; b=i5aibWqhsMStlwe79aQn+mCCimUd9j/XAdRXMgeP7PsoT3pdudpXA6VE0hEn3JmCRj31olHPZw5aIOI+mDQDLPj0/v4nC7QH5MhTVwVulyDLGuwVi29qb6cFHd1JU1xET6fCRkJm0MmE5DTv1KgYi8ljogwwV1fMn3mSyst6N0XOOh5FBdQqa/9Swm0H5oLZwZpSTTt96iMuvJoXdHJoDWe8J2weG9htzCpTwkRnGyJSdqLiEaKuih/+YqoqxxGlsaJ6w8fH443vxfl+hEi+wmtpJjpxGzwZDik0EBd08dSiTTcQmF2PXhCqgJLuj5nJWl7EoE+BlF5EsGLfyWOzyg==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=82ec.60b126f3.k2105; bh=c3QABlNbC4ksrnZkLl/sT8d893n6oCPVAQnAFJOCoKg=; b=nOMFG+I0D0Tn4ehSnNr3fDCG1V/3DfyG5e9+nTlsaFIUe1oPYq3KhEoTevxOg24nW4TM7EiTluGwfm2KJBOujIIc64B4iYnGUkZiodwMIu/UjTFkS2gwv6XDZCOonAj8EDbDt7atSAJxIuS868zT0zCPeLM/5kTLbw4WH0NRFMA2TLX4ugkumU9PpmQcwR4lpjWKjj0rZBOLCgkRmvhC7GJXSgzdfGhodzL+jOnHcq7TP7zzWIAqyBNFgBlnY1egQ5Zo+kMa0dpXtd8Fo8XJ9hi7HB2SAp8NGqboRBDCwyZJAoIXeVKslXOyephE/s0l56r+6f7YSdEJPQ+0zcF/RA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 28 May 2021 17:22:58 -0000
Received: by ary.qy (Postfix, from userid 501) id E9E348DF979; Fri, 28 May 2021 13:22:56 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id 4FFA18DF953; Fri, 28 May 2021 13:22:56 -0400 (EDT)
Date: Fri, 28 May 2021 13:22:56 -0400
Message-ID: <e83fe981-9e1d-111c-8073-e52ef912f25@taugh.com>
From: John R Levine <johnl@taugh.com>
To: John C Klensin <john-ietf@jck.com>
Cc: IETF SMTP Mailing List <ietf-smtp@ietf.org>
X-X-Sender: johnl@ary.qy
In-Reply-To: <F43E00C7D57DBDB88E527909@PSB>
References: <F43E00C7D57DBDB88E527909@PSB>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/CR18E6dc7lNJV8dvuN_sMQ2BV5M>
Subject: Re: [ietf-smtp] the point of domain authentication
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 May 2021 17:23:07 -0000
On Fri, 28 May 2021, John C Klensin wrote: > I am, personally, not a big fan of domain authentication. My > problems are tied, not to any particular detail but to two > operational/ political problems. The first is that any such > system is inherently dependent on the integrity, responsibility, > and accountability of domain name registrars and domain > operators. You're missing the point. Domain authentication lets us recoginize good actors, who have an incentive not to screw around. The more reliably we can recognize known good senders, the more aggressively we can filter everything else and limit the number of false positives. I cannot say how many times I have pointed this out, only to get a reply "but the bad guys can change their domain." Yeah, we know. When 90% of mail is spam, recognizing good actors is a much smaller and simpler problen than recognizing bad ones, but as far as I can tell, a lot of people fixed their model of mail filtering in the 1990s and can't imagine that it might be different. Similarly, if it were true that blocking senders that leak spam would make them behave, we would have found some evidence of that. I know a few cases where really bad leakers who didn't send much mail that people actually wanted were publicly bludgeoned into submission, but these days the pressure points are not in places that are visible to people who run tiny mail systems like you and I do. For some reason, much of the IETF is particularly disconnected from e-mail reality. I know IETFers who claim that DNSBLs were a fad in the 1990s and nobody uses them any more. R's, John PS: > ... when was the last time you heard of a major email provider closing an > account and deleting a mailbox because it was used as the reply > address in some phishing, extortion, or other fraudulent scheme? Every day. They don't send out press releases. > Or how often do you see a major provider require strong > authentication to establish a mailbox and then having terms and > conditions indicating that any fraudulent or illegal use of the > mailbox would result in termination of the account and handing > the user over to law enforcement? I am guessing you haven't tried to set up an Office 365 account. I did last year for the UASG EAI tests and let me tell you that the hoops I had to jump through to send even one message were quite extensive. If I hadn't brought my own domain, which meant my mail's reputation did not borrow the reputation of MS' large public domains, they would have been a lot worse.
- [ietf-smtp] Email explained from first principles Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… Bron Gondwana
- Re: [ietf-smtp] Email explained from first princi… Alessandro Vesely
- Re: [ietf-smtp] Email explained from first princi… Viktor Dukhovni
- Re: [ietf-smtp] Email explained from first princi… Viktor Dukhovni
- Re: [ietf-smtp] Email explained from first princi… Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… Peter J. Holzer
- Re: [ietf-smtp] Email explained from first princi… John Levine
- Re: [ietf-smtp] Email explained from first princi… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John Levine
- Re: [ietf-smtp] Email explained from first princi… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John Levine
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Matthias Leisi
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John Levine
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Nathaniel Borenstein
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John C Klensin
- Re: [ietf-smtp] Email explained from first princi… Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] Email explained from first princi… Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] Email explained from first princi… Richard Clayton
- Re: [ietf-smtp] Email explained from first princi… Alessandro Vesely
- Re: [ietf-smtp] Email explained from first princi… John C Klensin
- Re: [ietf-smtp] the point of domain authentication John R Levine
- Re: [ietf-smtp] mailing lists are complicated, wa… John Levine
- Re: [ietf-smtp] the point of domain authentication Sam Varshavchik
- Re: [ietf-smtp] the point of domain authentication John Levine
- Re: [ietf-smtp] mailing lists are complicated, wa… Alessandro Vesely
- Re: [ietf-smtp] mailing lists are complicated, wa… John R Levine
- Re: [ietf-smtp] mailing lists are complicated, wa… Dave Crocker
- Re: [ietf-smtp] Email explained from first princi… Richard Clayton
- Re: [ietf-smtp] mailing lists are complicated, wa… Alessandro Vesely