IETF Logo Mail Archive

Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)

Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 15 July 2014 00:15 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FCE91B27BC for <ietf@ietfa.amsl.com>; Mon, 14 Jul 2014 17:15:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EIkywKZt4jcP for <ietf@ietfa.amsl.com>; Mon, 14 Jul 2014 17:15:51 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CD321A01EB for <ietf@ietf.org>; Mon, 14 Jul 2014 17:15:51 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 6C07B2AB0CD; Tue, 15 Jul 2014 00:15:49 +0000 (UTC)
Date: Tue, 15 Jul 2014 00:15:49 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: ietf@ietf.org
Subject: Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)
Message-ID: <20140715001549.GG2595@mournblade.imrryr.org>
References: <20140714164212.22974.20340.idtracker@ietfa.amsl.com> <53C413EB.5060408@dcrocker.net> <4450964.7UmRiHm4KW@scott-latitude-e6320>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4450964.7UmRiHm4KW@scott-latitude-e6320>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/F7iYu0OPeYQbQp7yncHvl7G4UlA
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: ietf@ietf.org
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jul 2014 00:15:54 -0000

On Mon, Jul 14, 2014 at 04:47:19PM -0400, Scott Kitterman wrote:

> > >    However, DMARC is problematic for mail that does not flow from
> > >    operators having a relationship with the domain owner, directly to
> > >    receivers operating the destination mailbox. Examples of such
> > >    "indirect" flows are mailing lists, publish-to-friend functionality,
> > >    mailbox forwarding (".forward"), and third-party services that send
> > >    on behalf of clients. The working group will explore possible updates
> > >    and extensions to the specifications in order to address limitations
> > >    and/or add capabilities. It will also provide technical
> > >    implementation guidance and review possible enhancements elsewhere in
> > >    the mail handling sequence that could improve could DMARC
> > >    compatibility.

This is a solved problem, the "Rfc822.Sender" field should have
from the outset trumped the "Rfc822.From" field when determining
message origin, and the DMARC policy should be that of the "Sender"
domain.  Some MUAs already expose "Sender != From" by displaying
"From <sender> on behalf of <author>".  This needs to become standard
MUA behaviour.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email