Re: DMARC and ietf.org
Hector Santos <hsantos@isdg.net> Mon, 21 July 2014 20:24 UTC
Return-Path: <hsantos@isdg.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46E4B1A000E for <ietf@ietfa.amsl.com>; Mon, 21 Jul 2014 13:24:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.402
X-Spam-Level:
X-Spam-Status: No, score=-101.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_16=0.6, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VYaM2stDmsA8 for <ietf@ietfa.amsl.com>; Mon, 21 Jul 2014 13:23:59 -0700 (PDT)
Received: from winserver.com (news.winserver.com [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id 332701A01DC for <ietf@ietf.org>; Mon, 21 Jul 2014 13:23:58 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=4068; t=1405974233; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=7SbuROmQacqB4K/coBNTEKHBhJ0=; b=GmzswAZeXwmBx8f3cNiA MdjuMgZ8kmLCtgFYT/GbwyihwRIXph4OtNDYQNDCv6udMcBjO2XjfEOWAHk3fua/ AHahcWBZVvPnE9O1nVUud+XuAQzbk+Dgo3QPiR0c+5WPPkFy+/VKP6j05DEfjxkb Vf2L8LANh0Cj18BLU1mNiTQ=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Mon, 21 Jul 2014 16:23:53 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from opensite.winserver.com (beta.winserver.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1159347546.370.1068; Mon, 21 Jul 2014 16:23:52 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=4068; t=1405973990; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=DwnqH5C lw8f8CM98pjq1YRrxMesIHrdYHMHZTXk8/KQ=; b=1ZRIC6PMB5HPFJyPt1N7zm+ quxzW+6ttxwpKTxTlj/pnqgKNlVATffrQ//BF8K/WVMZ+8GDMTPN5C5uSn+S5CR2 1qojGFKIcRu+f1aYrJvsuZpyiBpzPk5T+RndQtTQV5bW2KM7L90OPxN9i0J8Owdo Rwufr7eQXB0rcC6e5/ZY=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Mon, 21 Jul 2014 16:19:50 -0400
Received: from [192.168.1.2] ([99.121.4.27]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1175669641.9.2876; Mon, 21 Jul 2014 16:19:49 -0400
Message-ID: <53CD76D3.2080506@isdg.net>
Date: Mon, 21 Jul 2014 16:23:47 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: DMARC and ietf.org
References: <20140721025132.3111.qmail@joyce.lan> <53CD6585.3090406@isdg.net> <CE39F90A45FF0C49A1EA229FC9899B0507DEDE09@USCLES544.agna.amgreetings.com>
In-Reply-To: <CE39F90A45FF0C49A1EA229FC9899B0507DEDE09@USCLES544.agna.amgreetings.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/FeXMOySF6OrqPhnTQ7YkbUps908
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2014 20:24:02 -0000
Mike, There is no "pretending" here. We actually IMPLEMENTED and DEPLOYED the consensus built MAILING LIST recommendations and it works. So I disagree 100% with the erroneous suggestion there has been "no consensus at all." To suggest there is no guidelines whatsoever has been the real disservice being promoted. Its not true. It doesn't matter if its DMARC or ADSP. It the same design guidelines and if you actually implemented it as list developer, you might see that its really that simple. The old argument that List developers are too old to change doesn't wash anymore and in reality, once you roll up your sleeves and implement the consensus built suggestions, you will see it really has nothing to do with list services. It has to do with the VERIFIER. So in short, I take slight offense to your suggestion that I have no understanding of the total issues involved as a product developer, its product offerings and also addressing the support needs of its customers which represents a wide horizontal spectrum of applied list needs. There are solutions and I speak as a developer of a commercial integrated mail list server product line: http://www.santronics.com/products/winserver/ListServe.php Note. This has nothing to do we have a "big data" problem (how to scale signer authorization). Its a serious problem. But the consensus built guidelines provided are solid and necessary for any solution development. You still need to honor the policies at the mail entry level. -- HLS On 7/21/2014 3:18 PM, MH Michael Hammer (5304) wrote: > John is correct. There is no consensus on how mailing lists should deal with DMARC problems, notwithstanding what rfc6377 says about DKIM. ADSP never gained enough real world implementation for there to be a meaningful consensus. One need only look at the discussion threads on the IETF (and other) list(s) following the publication of DMARC p=reject by several large mailbox providers to see the diverse range of views. > > While I disagree with John on some things, in this case he is 100% dead on. To pretend otherwise is to do a disservice to the mailing list community and the mail community at large. > > Mike > >> -----Original Message----- >> From: ietf [mailto:ietf-bounces@ietf.org] On Behalf Of Hector Santos >> Sent: Monday, July 21, 2014 3:10 PM >> To: ietf@ietf.org >> Subject: Re: DMARC and ietf.org >> >> >> On 7/20/2014 10:51 PM, John Levine wrote: >>>>> I thought the preferred solution was to rewrite the From for those >>>>> users only. >>>> >>>> I think that remains controversial. ... >>> >>> There is no consensus at all on how mailing lists should deal with >>> DMARC problems. >> >> Not quite John. >> >> The specific DMARC protocol aside, with any author domain policies in >> general, whether it was SSP, ADSP or any DKIM author domain signing >> authorization protocol (DSAP), there was a consensus RFC built document >> that provided the basic guideline for mailing list operations in dealing with >> restrictive DKIM signing policies. It used ADSP as the "DSAP" of the day. But >> replace ADSP with DMARC and the design recommendations apply: >> >> RFC6377 DomainKeys Identified Mail (DKIM) and Mailing Lists >> http://tools.ietf.org/html/rfc6377 >> >> And overall, the basic guideline was to support the framework, not ignore it >> as it never existed and instead pushed for breaking the security protocol. >> >> As a LIST developer and implementor of the "DSAP" protocol, it was simple: >> >> 1) Deny Restrictive Domains from Subscribing >> 2) Deny Restrictive Domains from List Submission >> 3) Pottery Principle "You break it, you own it" - Resign mail >> >> That is all at the top level that needed to be done and all the above really has >> nothing to do with a mailing list but the mail receiver verifier and the >> outbound mail server. >> >> This is about not wanting to do a basic author domain signature authorization >> lookup for any kind of mail service. >> >> -- >> HLS >> >
- Re: WG Review: Domain-based Message Authenticatio… Dave Crocker
- Re: WG Review: Domain-based Message Authenticatio… Scott Kitterman
- Re: WG Review: Domain-based Message Authenticatio… Viktor Dukhovni
- Re: WG Review: Domain-based Message Authenticatio… Douglas Otis
- Re: WG Review: Domain-based Message Authenticatio… Viktor Dukhovni
- Re: WG Review: Domain-based Message Authenticatio… Scott Kitterman
- Re: WG Review: Domain-based Message Authenticatio… Viktor Dukhovni
- not really to do with Re: WG Review: Domain-based… t.p.
- Re: not really to do with Re: WG Review: Domain-b… Viktor Dukhovni
- Re: WG Review: Domain-based Message Authenticatio… John Levine
- Re: not really to do with Re: WG Review: Domain-b… ned+ietf
- Re: not really to do with Re: WG Review: Domain-b… Dave Crocker
- Re: WG Review: Domain-based Message Authenticatio… Scott Kitterman
- RE: not really to do with Re: WG Review: Domain-b… Christian Huitema
- Re: not really to do with Re: WG Review: Domain-b… ned+ietf
- Re: WG Review: Domain-based Message Authenticatio… Murray S. Kucherawy
- Re: WG Review: Domain-based Message Authenticatio… Murray S. Kucherawy
- Re: not really to do with Re: WG Review: Domain-b… John Levine
- Re: WG Review: Domain-based Message Authenticatio… Scott Kitterman
- Re: not really to do with Re: WG Review: Domain-b… Dave Crocker
- Re: not really to do with Re: WG Review: Domain-b… Viktor Dukhovni
- Re: not really to do with Re: WG Review: Domain-b… Douglas Otis
- Re: not really to do with Re: WG Review: Domain-b… John Levine
- Re: not really to do with Re: WG Review: Domain-b… Scott Kitterman
- Re: not really to do with Re: WG Review: Domain-b… Dave Crocker
- Re: not really to do with Re: WG Review: Domain-b… Viktor Dukhovni
- Re: not really to do with Re: WG Review: Domain-b… Niels Dettenbach (Syndicat IT&Internet)
- Re: really to do with Re: WG Review: Domain-based… Alessandro Vesely
- Re: not really to do with Re: WG Review: Domain-b… Scott Kitterman
- Re: not really to do with Re: WG Review: Domain-b… t.p.
- Re: WG Review: Domain-based Message Authenticatio… Dave Crocker
- Re: not really to do with Re: WG Review: Domain-b… Hector Santos
- Re: WG Review: Domain-based Message Authenticatio… Hector Santos
- Re: WG Review: Domain-based Message Authenticatio… Pete Resnick
- Re: WG Review: Domain-based Message Authenticatio… S Moonesamy
- Re: WG Review: Domain-based Message Authenticatio… Dave Crocker
- Re: WG Review: Domain-based Message Authenticatio… S Moonesamy
- Re: WG Review: Domain-based Message Authenticatio… Dave Crocker
- Re: WG Review: Domain-based Message Authenticatio… Martin Rex
- Re: WG Review: Domain-based Message Authenticatio… Dave Crocker
- Re: WG Review: Domain-based Message Authenticatio… Martin Rex
- Re: WG Review: Domain-based Message Authenticatio… Randy Bush
- Re: WG Review: Domain-based Message Authenticatio… John Levine
- Re: WG Review: Domain-based Message Authenticatio… S Moonesamy
- Re: WG Review: Domain-based Message Authenticatio… Barry Leiba
- Re: WG Review: Domain-based Message Authenticatio… John C Klensin
- Re: WG Review: Domain-based Message Authenticatio… Dave Crocker
- Re: WG Review: Domain-based Message Authenticatio… S Moonesamy
- Re: WG Review: Domain-based Message Authenticatio… John C Klensin
- Re: WG Review: Domain-based Message Authenticatio… John C Klensin
- Re: WG Review: Domain-based Message Authenticatio… Barry Leiba
- Re: WG Review: Domain-based Message Authenticatio… John R Levine
- Re: WG Review: Domain-based Message Authenticatio… Martin Rex
- Registration policies (was: WG Review: Domain-bas… S Moonesamy
- Re: Registration policies (was: WG Review: Domain… Barry Leiba
- Re: WG Review: Domain-based Message Authenticatio… Dave Crocker
- Re: WG Review: Domain-based Message Authenticatio… Pete Resnick
- Re: WG Review: Domain-based Message Authenticatio… Murray S. Kucherawy
- Re: WG Review: Domain-based Message Authenticatio… Pete Resnick
- Re: Registration policies (was: WG Review: Domain… S Moonesamy
- Re: Registration policies (was: WG Review: Domain… Barry Leiba
- Re: Registration policies (was: WG Review: Domain… Murray S. Kucherawy
- Re: Registration policies (was: WG Review: Domain… Barry Leiba
- Re: Registration policies (was: WG Review: Domain… Murray S. Kucherawy
- [***SPAM***] Re: Registration policies (was: WG R… S Moonesamy
- Re: WG Review: Domain-based Message Authenticatio… ned+ietf
- Re: WG Review: Domain-based Message Authenticatio… Hector Santos
- Re: WG Review: Domain-based Message Authenticatio… Martin Rex
- Re: WG Review: Domain-based Message Authenticatio… Murray S. Kucherawy
- Re: WG Review: Domain-based Message Authenticatio… Stuart Barkley
- Re: WG Review: Domain-based Message Authenticatio… Randy Bush
- Re: WG Review: Domain-based Message Authenticatio… John Levine
- DMARC and ietf.org Michael Richardson
- Re: WG Review: Domain-based Message Authenticatio… Douglas Otis
- Re: WG Review: Domain-based Message Authenticatio… S Moonesamy
- Re: DMARC and ietf.org Brian E Carpenter
- Re: [***SPAM***] Re: Registration policies (was: … Barry Leiba
- Re: DMARC and ietf.org John C Klensin
- Re: DMARC and ietf.org Brian E Carpenter
- Re: DMARC and ietf.org Hector Santos
- Re: DMARC and ietf.org Miles Fidelman
- Re: WG Review: Domain-based Message Authenticatio… Eric Burger
- Re: DMARC and ietf.org Brian E Carpenter
- Re: DMARC and ietf.org Miles Fidelman
- Re: DMARC and ietf.org Pete Resnick
- Re: DMARC and ietf.org Dave Crocker
- Re: [dmarc-ietf] WG Review: Domain-based Message … Hector Santos
- Re: WG Review: Domain-based Message Authenticatio… Martin Rex
- Re: DMARC and ietf.org Martin Rex
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org Hector Santos
- RE: DMARC and ietf.org MH Michael Hammer (5304)
- Re: DMARC and ietf.org Hector Santos
- RE: DMARC and ietf.org MH Michael Hammer (5304)
- Re: DMARC and ietf.org Hector Santos
- Re: DMARC and ietf.org Viktor Dukhovni
- Re: DMARC and ietf.org Hector Santos
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org Rich Kulawiec
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org Alessandro Vesely
- Re: DMARC and ietf.org Dave Crocker
- Re: DMARC and ietf.org Brian E Carpenter
- Re: DMARC and ietf.org ned+ietf
- Re: DMARC and ietf.org Russ Housley
- Re: DMARC and ietf.org ned+ietf
- Re: DMARC and ietf.org Dave Crocker
- Re: DMARC and ietf.org Brian E Carpenter
- Re: DMARC and ietf.org Dave Crocker
- Re: DMARC and ietf.org Michael Richardson
- Re: DMARC and ietf.org Michael Richardson
- Re: DMARC and ietf.org Michael Richardson
- Re: DMARC and ietf.org Andrew G. Malis
- Re: DMARC and ietf.org Russ Housley
- Re: DMARC and ietf.org Michael Richardson
- Re: DMARC and ietf.org Brian E Carpenter
- Re: DMARC and ietf.org Brian E Carpenter
- Re: DMARC and ietf.org Dave Crocker
- Re: DMARC and ietf.org Russ Housley
- Re: DMARC and ietf.org Michael Richardson
- Re: DMARC and ietf.org John Payne
- Re: DMARC and ietf.org John Levine