IETF Logo Mail Archive

Re: not really to do with Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)

Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 15 July 2014 11:20 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C9C21B27E8 for <ietf@ietfa.amsl.com>; Tue, 15 Jul 2014 04:20:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4G8Q5JO470l2 for <ietf@ietfa.amsl.com>; Tue, 15 Jul 2014 04:20:24 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 877AD1B27D4 for <ietf@ietf.org>; Tue, 15 Jul 2014 04:20:24 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 4AA942AB0CE; Tue, 15 Jul 2014 11:20:23 +0000 (UTC)
Date: Tue, 15 Jul 2014 11:20:23 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: ietf@ietf.org
Subject: Re: not really to do with Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)
Message-ID: <20140715112023.GU2595@mournblade.imrryr.org>
References: <20140714164212.22974.20340.idtracker@ietfa.amsl.com> <4450964.7UmRiHm4KW@scott-latitude-e6320> <20140715001549.GG2595@mournblade.imrryr.org> <2270075.AYnCC6OxAQ@scott-latitude-e6320> <20140715033346.GL2595@mournblade.imrryr.org> <026301cfa01a$7ebdde40$4001a8c0@gateway.2wire.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <026301cfa01a$7ebdde40$4001a8c0@gateway.2wire.net>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/C8cib9pAd4IoyyN_ZWwUHB7UdLs
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: ietf@ietf.org
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jul 2014 11:20:26 -0000

On Tue, Jul 15, 2014 at 09:06:55AM +0100, t.p. wrote:

> > MUAs should expose message origin when different from author.
> 
> Viktor,
> 
> A fine idea, but, as a pragmatic engineer, I know that changes to an MUA
> will take five, may be ten, years to achieve widespread deployment,
> whereas changes to MTA could happen in a matter of weeks, if needs must.

We could have started 5 years ago.  Better late than never.  The
problem being tackled has no instant gratification solutions.
Pretending the problem is simpler than it is has a way of coming
back to bite you.  I've always held that no amount of sender origin
authentication will save the clueless from themselves, any real
protection is at the gateway, and the gateway sees all the headers.

In the mean-time "citibank.com.dukhovni.org" will look plausible
enough to the helpless and will not be foiled by DMARC.

The expedient approach has not worked, it should have been done right
long ago, and should still be done right in the present.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email