IETF Logo Mail Archive

Re: yet more DMARC stuff, was Re: Mailing list membership.

Dave Crocker <dhc@dcrocker.net> Mon, 13 March 2017 17:21 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE4351298A8 for <ietf@ietfa.amsl.com>; Mon, 13 Mar 2017 10:21:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HI3Q8VPo2YIK for <ietf@ietfa.amsl.com>; Mon, 13 Mar 2017 10:21:36 -0700 (PDT)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE7DE12989F for <ietf@ietf.org>; Mon, 13 Mar 2017 10:21:36 -0700 (PDT)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id v2DHNWuO014683 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 13 Mar 2017 10:23:32 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=default; t=1489425812; bh=5TEpKzREEu8THan97073JufY/RJ1ayssK8Y/9L/iqUU=; h=Subject:To:References:Cc:Reply-To:From:Date:In-Reply-To:From; b=Vs0P7PFyXhPLPGHedteF7HVpGsF4GTtqcYL8EJNxHueIFbclZSOVcFTcrCIfZoYsx fjjcHVyvHaSSHFNxgG4V3ekBSbozq5Kro51UjsdxF0jWxGI9b5ildxmS6CcjdtPB+k 4h8kT/lXD27Jmt1J5bLemHgI2PncGDJd88AKO8Ys=
Subject: Re: yet more DMARC stuff, was Re: Mailing list membership.
To: Carsten Bormann <cabo@tzi.org>, John Levine <johnl@taugh.com>
References: <20170301210033.1672.qmail@ary.lan> <C758AD84-F7DB-4520-A497-66CFBA8A48B1@tzi.org>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Message-ID: <5e382acb-077c-87f3-7355-aa3bf913e78c@dcrocker.net>
Date: Mon, 13 Mar 2017 10:21:20 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <C758AD84-F7DB-4520-A497-66CFBA8A48B1@tzi.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/CsFpjYpCAfgSSlFZV-rbpEi39Xo>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 17:21:37 -0000

On 3/13/2017 10:03 AM, Carsten Bormann wrote:
>    (reason: 450 4.7.26 Service does not accept messages sent over IPv6 [2001:638:708:30c9::12] unless they pass either SPF or DKIM validation (message not signed))
...
> So they give their mail server an IPv6 address but then don’t accept certain messages on that that they would happily accept over IPv4.


Email abuse across the open Internet remains impressively high. 
Typically above 90% of traffic.  There is a very strong undercurrent of 
desire amongst some email-receiving operators to require all mail to be 
authenticated, in order to facilitate accountability for email streams. 
That is, to have SPF and/or DKIM tests succeed.

Some of them have the view that the transition to IPv6 is a place to 
impose this stringent policy.

In one of the anti-abuse organizations, I've tried to point out the 
problems with imposing policy changes based on transport -- independent 
of whether the policy change is a good idea -- but to no avail.

d/
-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email