Re: protecting the Internet from DMARC damage, was perspectives

"John Levine" <johnl@taugh.com> Mon, 14 April 2014 21:50 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C87EF1A04E8 for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 14:50:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.343
X-Spam-Level: **
X-Spam-Status: No, score=2.343 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mcEqTEcqf2ML for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 14:50:27 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) by ietfa.amsl.com (Postfix) with ESMTP id F16971A06FE for <ietf@ietf.org>; Mon, 14 Apr 2014 14:50:23 -0700 (PDT)
Received: (qmail 54910 invoked from network); 14 Apr 2014 21:50:11 -0000
Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 14 Apr 2014 21:50:11 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=7d7f.534c5813.k1404; i=johnl@user.iecc.com; bh=5rlAmmhZn8L5yTJPQgNju785eRhfQnAPaGEr984FkR4=; b=nAMKRUJD+Tse7iQ/T10UE9rI2n/yD3Ou11Pz1WVnM0Hrbg4IMKDgt4j3MJPDo/Suxl0p3/FUzkpwsg3uHpBPhIjUBorsch0C0bQRRuXTIHgXPmfRRAMYrdguNICzY77mBcBBAs+RjJX0vLjBwjj3dz4DVrIuTlWXxd0K1LHyZa9ru4odc+D9MV0ebYPSFDhDYkJK9fZrJOoiry19hS9Toa/e9SaCTVaZNW/YaCLEYrT+Er5FQZld9XBQuAzm6MtO
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=7d7f.534c5813.k1404; olt=johnl@user.iecc.com; bh=5rlAmmhZn8L5yTJPQgNju785eRhfQnAPaGEr984FkR4=; b=0L/kNFOjOWAUSrHuoGhNDf5B89bTxlp6d6nd13tMLVZm1pG8Yi5t4fAxzcRPmNIUCqo8dn0J8Ef9ThMwbm4Zb3CgM+7zDiZJ9qUDWU0WI2q19J3f3ZW+Llxm6CybNCNezgLomC97TgSnuzRhMHdO60BKrelzu6n+O8QkW6fSE89DdAR4PwH/ZL5AGt8bQ84zgfCIixJDNERsfIVw4YPeK32Z4ssIZJo5RAxj35/r0DrrBO6NMt5XLqg6LlLh4fCA
Date: 14 Apr 2014 21:49:49 -0000
Message-ID: <20140414214949.32126.qmail@joyce.lan>
From: "John Levine" <johnl@taugh.com>
To: ietf@ietf.org
Subject: Re: protecting the Internet from DMARC damage, was perspectives
In-Reply-To: <CE39F90A45FF0C49A1EA229FC9899B0507D45766@USCLES544.agna.amgreetings.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/AtJHyiimDJKgVo8nXegw9o-sQLc
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 21:50:32 -0000

>The fact is that a vocal constituency led by John Levine made it extremely clear that MLMs were out of scope
>and there was zero interest on the part of the MLM community in discussing ways in which MLMs could be made to
>work in an email authentication framework even if there were any MLM operators willing to do so. ...

DMARC must be in pretty bad shape if its proponents have to resort to
malicious lies like this.  It saddens me that Mike, who I used to
consider a friend, would do so.

My position has always been perfectly clear: mailing lists are not
broken, they provide a significant service to individual Internet mail
users, and it is not our job to spend time and money to solve other
people's problems.  DMARC, like all of its predecessor authentication
schemes, has a model of the way people send mail that describes much
but not all of the actual mail people send.  There are an awful lot of
ways that people send mail, so this shouldn't come as a surprise to
anyone.

The invariable next step is that some of the proponents of the scheme,
rather than recognizing and admitting to its limitations, declare that
the mail the scheme can't describe is bad and must be eradicated, with
the term "forged" often misused.  People who have been around long
enough will remember when the SPF crowd demanded that everyone stop
forwarding mail, or a few people wanted to apply strict DKIM ADSP to
everything.  Mailing lists are the most obvious sending scenario that
DMARC doesn't describe, but it's far from the only one.

I have always said that DMARC is useful for a lot of mail, such as the
"spam cannon" stuff (a comment on the volume, not necessarily the
character) that Mike's employer sends, or that Paypal and banks send.
As we have seen, it fails miserably for domains with non-employee live
users.

Without exception the ways proposed to change MLMs to "to work in an
email authentication framework" have involved removing useful features
added over the decades that our users use and like, so it also
shouldn't be a surprise that we're not interested in bowdlerizing our
service to solve their problem.  We also note that many of the
proposed solutions are overcomplicated and unlikely to work in
practice (original-authentication-results) or just plain won't work
(turning off all subject tags, message footers, and other message
modifications.)

If the DMARC crowd were interested in being good net citizens, there
is a way to deal with DMARC's limitations that is straightforward but
not free: whitelisting.  Most of the lists I see sign their mail, and
they generally use static IP sending addresses, so they're not hard to
characterize.  The set of mailing lists and other legitimate mail
sources that DMARC doesn't describe is not enormous, and it should be
possible to develop shared whitelists for them, if someone were
willing to pay for doing so.  (This is a much smaller problem than
trying to whitelist all "legitimate" mail.) If the list-whitelist
group said that lists need to sign their mail or use an unshared IP to
get whitelisted, you would find little resistance, both because most
of us do that already, and because it doesn't ask us to make our lists
worse for our users.

Unfortunately, we've seen no willingness to spend their money to help
us solve their problem, and far too much of do it our way or else,
because we are bigger than you are.

R's,
John