IETF Logo Mail Archive

Re: Enough DMARC whinging

Phillip Hallam-Baker <hallam@gmail.com> Thu, 01 May 2014 13:22 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F87E1A8909 for <ietf@ietfa.amsl.com>; Thu, 1 May 2014 06:22:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XihtnrwkhdhI for <ietf@ietfa.amsl.com>; Thu, 1 May 2014 06:22:29 -0700 (PDT)
Received: from mail-lb0-x22f.google.com (mail-lb0-x22f.google.com [IPv6:2a00:1450:4010:c04::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 0C0231A6F52 for <ietf@ietf.org>; Thu, 1 May 2014 06:22:28 -0700 (PDT)
Received: by mail-lb0-f175.google.com with SMTP id p9so2108257lbv.6 for <ietf@ietf.org>; Thu, 01 May 2014 06:22:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=tge3YIAG373I+7ydLZ2XM7iJvVxZMFYlZdQ2qu0FQbU=; b=M++AJtoyL8K1kAw6Ek569fCCp6/tpgRUE9uopcljvvxxjiKscooI2zCFBtla5Dk9jU Rp7QubRp0TbZczAmdwanb0aYucCZpSRbvd6VKZI7Mh5pcRU8ZDvRAv/pzbjyCZQewxV7 QU3qtDiCZ9Htew8CuBgk7cvhdaiGfOm893b/FFm3q6yX4Zka41McycBkJ92v0I2YLQRi l7idjUJ6eOrAxB16FW4nhD9sXue/GuPjrsxb33Th3Bf28/3shSP3P+KhAw5/I+tQJtuo nB1sfqObTgcSAHFoC+wGfuELA+p7JNgPRhCw9tn9iAuMVXM8IduzwDk61SI/hAQlT3Qa cdaw==
MIME-Version: 1.0
X-Received: by 10.112.128.231 with SMTP id nr7mr7278911lbb.9.1398950546451; Thu, 01 May 2014 06:22:26 -0700 (PDT)
Received: by 10.112.234.229 with HTTP; Thu, 1 May 2014 06:22:26 -0700 (PDT)
In-Reply-To: <536113B1.5070309@bbiw.net>
References: <CAMm+Lwh0Sc2wtvjEAjOMi4emDzyF4JWmmzYr5QEFcmyoKtkTAA@mail.gmail.com> <CAA=duU0i1Ppc-nMeWL-ipms4E4b0wpsSRZdLG+2YhujPgH-ZPQ@mail.gmail.com> <CAMm+LwikJhO5R6UqWx8qUswMptgTw_wF6E6_9Ok=SRYTBChYgA@mail.gmail.com> <CAA=duU3scwm=j2BJ6jq4k5zRQPkXOVOR1UscQqZZ8tG5HEZTwQ@mail.gmail.com> <536113B1.5070309@bbiw.net>
Date: Thu, 01 May 2014 09:22:26 -0400
Message-ID: <CAMm+LwiXoW3p5uCmML4kAWXnbrrAnSCK9x5U2qeHJdVgR2r_Gg@mail.gmail.com>
Subject: Re: Enough DMARC whinging
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Dave Crocker <dcrocker@bbiw.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/FRWHfqdUki4HA0ZMz4IoUPmYboE
Cc: IETF general list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 May 2014 13:22:33 -0000

On Wed, Apr 30, 2014 at 11:16 AM, Dave Crocker <dcrocker@bbiw.net> wrote:
> On 4/30/2014 10:03 AM, Andrew G. Malis wrote:
>>
>> Phillip,
>>
>>     Of course the way to make mailing lists work with DMARC would be to
>>     look at the headers and treat messages with mailing list headers
>>     differently. Perhaps the issue isn't in DMARC but how the information
>>     from DMARC is applied.
>>
>>
>>  From my reading of sections 10.2, 5.2, and 15.4 of
>> draft-kucherawy-dmarc-base-04, you can't do that and still claim
>> receiver conformance with that draft (although there's the question of
>> whether one should claim conformance to an informational draft in the
>> first place).
>
>
>
> (Conformance is voluntary.  People choose the specs they want to support, no
> matter the formal status.)
>
>
> To the extent that varying from -base produces better results at reasonable
> cost, then receivers will do it.  The challenge is to offer clear and
> compelling guidance about that variance and gain support for its use.
>
> For example, using the mere presence of List-* header fields as a basis for
> deviating from a domain owner's DMARC policy request would seem an easy
> attack vector by bad actors.
>
> On the other hand, using the presence of the fields, combined perhaps the
> list signing the message (and covering those fields) and with the receiver's
> knowing that the list operator has a good reputation might make quite a bit
> of sense...


Spam filters should know about things as important as mailing list
subscriptions.

It the mailing list has appropriate spam ingress controls, is
authenticated using DKIM and there is evidence that the user has
subscribed then the spam filter can whitelist all the messages from
that list.


And to the other conversations, we are talking about draft- here. And
that isn't the same as standard. In fact one of the requirements for
being granted standard would be to come up with answers to these
issues.

-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email