Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles
John Levine <johnl@taugh.com> Tue, 25 May 2021 18:43 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6ADC13A1909 for <ietf-smtp@ietfa.amsl.com>; Tue, 25 May 2021 11:43:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.85
X-Spam-Level:
X-Spam-Status: No, score=-1.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=YAPCNmN6; dkim=pass (2048-bit key) header.d=taugh.com header.b=atknsHse
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GE6eSbwYIYyD for <ietf-smtp@ietfa.amsl.com>; Tue, 25 May 2021 11:43:05 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6809B3A190C for <ietf-smtp@ietf.org>; Tue, 25 May 2021 11:43:05 -0700 (PDT)
Received: (qmail 67213 invoked from network); 25 May 2021 18:43:04 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=1068b.60ad4538.k2105; bh=MmWxkihjNcmmPTPiPHJ/ol0i7eynKP/1kLhH8kRL4zU=; b=YAPCNmN6BL2s/gmlzjpQE8sctGfSoeUbwtztBSYFJ8W59u+pELAHLW4uJY1Z2xDdw5rYf0lnuVuEkCGhKI6aXCw+PsoczK9U3M37t8YFtuVnl0z+GPRH3k6jNCj/cDUm/Wh+TyKZr+wU0DpJ6Jl5Poid42M3kbumV8RXJ7Z3gmcKHPH/GnsZ7LhmE0yLl6xjHEOtl/eqRfHhnR7xAOQQwRcxuXRUyS6nL1msePuFM+P0p1cJZ31DjR/cKRqJBp1IhjzUjeEO8TAnOCSd/kpgDgrdZGqQ45WV6RwRwx4WYKVUDPoyBUZp3mHqgoCW+cDleg17PAyEegdyjBk51vs56A==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=1068b.60ad4538.k2105; bh=MmWxkihjNcmmPTPiPHJ/ol0i7eynKP/1kLhH8kRL4zU=; b=atknsHse/lomxoJbkhcRG1/QKooZSdFunsvSdo39xKb1UrVy8H8yXNU29hcTmWTa4r7CelwpFMxd8gnGpF4YvwKpOvQoZclKA+cVM+Dst+mclG+Ys5AXfYJ4UD8jKUxiRBySoReH04oVjhYmHSsFlTe/0+df14ZlNFW7IPlYHW1ZVPt/mx3ZCpciwmumdZQJoXzeNp+xSCKgQC3HOHahx7ul2TZie5EOTCPkYXVVUxZZOJbxRl62e4oZJnjAGxKIhV+jDVw6VPVqIsnqBU4wRuE1gAsuuHvBJG6N3Hx6qibnBH3prCDK2dSfxgX97xtuhVwdn20QUCCU3Qx/bPMgEA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 25 May 2021 18:43:04 -0000
Received: by ary.qy (Postfix, from userid 501) id 573878B888E; Tue, 25 May 2021 14:43:03 -0400 (EDT)
Date: Tue, 25 May 2021 14:43:03 -0400
Message-Id: <20210525184303.573878B888E@ary.qy>
From: John Levine <johnl@taugh.com>
To: ietf-smtp@ietf.org
Cc: mrsam@courier-mta.com
In-Reply-To: <cone.1621939932.396187.66265.1004@monster.email-scan.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/ryRSRMLCrt7_ROcRxSjswttmQ8A>
Subject: Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2021 18:43:11 -0000
It appears that Sam Varshavchik <mrsam@courier-mta.com> said: >I should clarify this. I see that occasionally. But when it does, I seem to >always end up moving my goalposts, and conclude that the mail provider >itself is rogue, and made a business decision to go into the business of >providing spam outsourcing services, with some non-spam mail services on the >side. So I treat it as a bad mail source. You and I do not run large mail systems. The bigger you are, the less latitude you have to punish senders (even places like Sendgrid that deserve it) if it means also losing the real mail they send. On my small system I have elaborate rules to post-filter Sendgrid's mail because there is useful stuff in with the crud and my users are sad if it disappears. >I don't accept the premise that accepts bad and clean mail coming out of the >same IP address using "oh well just use a domain signature" as a solution. You certainly don't have to use DKIM if you don't want to, but large providers seem to feel differently. >> Large mail systems all do this. We hoped that >> there would be shared DKIM reputation lists like there are shared IP >> lists but so far that hasn't happened. > >This is never going to happen. Domains are relatively cheap. If a domain >acquires negative social credit it'll be discarded and replaced by a new one. Reputation goes both ways. If a domain has a good reputation you can accept its mail even if some of it smells sort of spammy. >> The original point of DMARC was for B2C or B2B mail from heavily >> phished domains like Paypal, that could say please discard anything >> from us that fails DMARC ... >Eh, no. A large majority of user-facing mail clients are now hiding the >sending mail address, and showing only the name, up front. > >From: "Paypal Customer Service" <kjsdfjklk@934iowero.us> Yeah, we know. But large providers tell me that DMARC still blocks a great deal of phish that uses the target's actual domain name. >Most people will see "Paypal Customer Service". Valid domain signature for >934iowero.us, and straight it goes into your Inbox. You're making the same mistake again. DMARC is not a whitelist. If something is DMARC aligned, all that means is that it was really sent by the domain in the From: header. You still apply reputaiton and other spam filters to it. It's not a FUSSP. R's, John
- [ietf-smtp] Email explained from first principles Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… Bron Gondwana
- Re: [ietf-smtp] Email explained from first princi… Alessandro Vesely
- Re: [ietf-smtp] Email explained from first princi… Viktor Dukhovni
- Re: [ietf-smtp] Email explained from first princi… Viktor Dukhovni
- Re: [ietf-smtp] Email explained from first princi… Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… Peter J. Holzer
- Re: [ietf-smtp] Email explained from first princi… John Levine
- Re: [ietf-smtp] Email explained from first princi… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John Levine
- Re: [ietf-smtp] Email explained from first princi… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John Levine
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Matthias Leisi
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John Levine
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Nathaniel Borenstein
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John C Klensin
- Re: [ietf-smtp] Email explained from first princi… Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] Email explained from first princi… Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] Email explained from first princi… Richard Clayton
- Re: [ietf-smtp] Email explained from first princi… Alessandro Vesely
- Re: [ietf-smtp] Email explained from first princi… John C Klensin
- Re: [ietf-smtp] the point of domain authentication John R Levine
- Re: [ietf-smtp] mailing lists are complicated, wa… John Levine
- Re: [ietf-smtp] the point of domain authentication Sam Varshavchik
- Re: [ietf-smtp] the point of domain authentication John Levine
- Re: [ietf-smtp] mailing lists are complicated, wa… Alessandro Vesely
- Re: [ietf-smtp] mailing lists are complicated, wa… John R Levine
- Re: [ietf-smtp] mailing lists are complicated, wa… Dave Crocker
- Re: [ietf-smtp] Email explained from first princi… Richard Clayton
- Re: [ietf-smtp] mailing lists are complicated, wa… Alessandro Vesely