IETF Logo Mail Archive

RE: dmarc damage, was gmail users read on... [bozo subtopic]

Christian Huitema <huitema@microsoft.com> Fri, 12 September 2014 05:34 UTC

Return-Path: <huitema@microsoft.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8527E1A04C5 for <ietf@ietfa.amsl.com>; Thu, 11 Sep 2014 22:34:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.398
X-Spam-Level:
X-Spam-Status: No, score=0.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MANGLED_SPAM=2.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7AHVA_F8DkFK for <ietf@ietfa.amsl.com>; Thu, 11 Sep 2014 22:34:08 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0114.outbound.protection.outlook.com [65.55.169.114]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A064B1A0169 for <ietf@ietf.org>; Thu, 11 Sep 2014 22:34:08 -0700 (PDT)
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (25.160.96.17) by DM2PR0301MB0653.namprd03.prod.outlook.com (25.160.96.15) with Microsoft SMTP Server (TLS) id 15.0.1019.16; Fri, 12 Sep 2014 05:34:06 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([25.160.96.17]) by DM2PR0301MB0655.namprd03.prod.outlook.com ([25.160.96.17]) with mapi id 15.00.1019.015; Fri, 12 Sep 2014 05:34:06 +0000
From: Christian Huitema <huitema@microsoft.com>
To: Doug Barton <dougb@dougbarton.us>, "ietf@ietf.org" <ietf@ietf.org>
Subject: RE: dmarc damage, was gmail users read on... [bozo subtopic]
Thread-Topic: dmarc damage, was gmail users read on... [bozo subtopic]
Thread-Index: AQHPw8VM4NoXeKdcK0+o9Oj98sM9PJvoHk2AgBJ73YCAAJzQAIABA5iAgAAKD4CAAC+fAIAABbgAgACR5nA=
Date: Fri, 12 Sep 2014 05:34:06 +0000
Message-ID: <bb48b8f170074ddeb25cbb213f613892@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <20140911202058.3327.qmail@joyce.lan> <541208F6.1010302@dougbarton.us>
In-Reply-To: <541208F6.1010302@dougbarton.us>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [83.195.117.36]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;UriScan:;
x-forefront-prvs: 0332AACBC3
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(51704005)(199003)(189002)(83072002)(92566001)(101416001)(86362001)(15975445006)(77096002)(21056001)(74662001)(81342001)(76482001)(79102001)(20776003)(74502001)(31966008)(97736003)(64706001)(80022001)(87936001)(50986999)(107046002)(90102001)(107886001)(76176999)(66066001)(19580395003)(83322001)(95666004)(108616004)(99396002)(99286002)(54356999)(106116001)(106356001)(33646002)(76576001)(85852003)(4396001)(15202345003)(74316001)(77982001)(105586002)(46102001)(81542001)(2501002)(85306004)(86612001)(2656002)(24736002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0653; H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/4EB-mB1UTkrdMM4jNFCeumnD0_4
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Sep 2014 05:34:10 -0000

>>>> I've collected all of the DMARC workarounds I know on the ASRG wiki:
>>>> http://wiki.asrg.sp.am/wiki/Mitigating_DMARC_damage_to_third_party_mail
>
> Two responses to that, in no particular order of importance:
>
> 1. So you said, and yet the mere existence of that page out on the 
> intertubez has (oddly enough) not yet spurred the secretariat into action.

The big change with DMARC is a deprecation of the Sender/From differentiation, effectively requiring that these two will be the same. It seems that big systems have voted that the differentiation causes more harm (spam, phish) than good (remailers). 

Of the responses listed, the one that clearly works is to ask forwarders to forward messages, what the wiki calls "message wrapping." It works in the sense that the mail system sees consistent headers that pass all verifications, and represent the actual action of the remailer while not relying on Sender/From differences.

At that point, the issue is mostly with the UI. If my reader did recognize the "simple forwarding" case from "authorized remailers," then the message wrapping solution would be just fine. The good thing is that it is very much under my control.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email