Re: yet more DMARC stuff, was Re: Mailing list membership.

"John R Levine" <johnl@taugh.com> Mon, 13 March 2017 17:43 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E670E129412 for <ietf@ietfa.amsl.com>; Mon, 13 Mar 2017 10:43:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=Dqer22Bh; dkim=pass (1536-bit key) header.d=taugh.com header.b=AyHBihG8
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0n8mNwsBQmxT for <ietf@ietfa.amsl.com>; Mon, 13 Mar 2017 10:43:24 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8504D12997E for <ietf@ietf.org>; Mon, 13 Mar 2017 10:43:24 -0700 (PDT)
Received: (qmail 17519 invoked from network); 13 Mar 2017 17:43:23 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-id:user-agent; s=446d.58c6da3b.k1703; bh=dVSoATQfb4oukGA/u1pV2qF743V3+K7dQ2NTIhVuHmg=; b=Dqer22BhITZkSDdqmyEhhT9S026SvrTM60P4sSf9ZYVme9X7D1RPWwf2dedLD1XPRTxd7BqzUx7REv4DcFDJExYVottiNnG8ohNzOnA+aekRuvRa6Oy4l4puzfEjG6rEr4QUB1FtNj7tXVEWb1rx1EVIS14tazSoV0cLdcL5ZLcvUcaEPueGHZN5JSR1UibMy3zFPAX2U5pyJEM1Xe5nxDMnaG+JXYSoRSnkOjRZlzeQXlzd3KhJM4lxS7/d/DWF
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-id:user-agent; s=446d.58c6da3b.k1703; bh=dVSoATQfb4oukGA/u1pV2qF743V3+K7dQ2NTIhVuHmg=; b=AyHBihG8Q5D29MAv07vro7YbumtiDEtWeCOFgoaCqUdes24ciL8UMSrttm08FTQaBgTF717qunplgpWyaCodGVEFVgbLLhpWi6SIHyNSkRBvTTMcggLhmetOVvQNwl/T17Cv1t9/RJSeE4HB5RnDIMTA45/ASyuVM0BFzEc0EazV4aYWHUMe1Q6LHVjkXWQGCz2xNme5Y2B5lgR0hm5BCO66DVEuN9vMl9nsTY1D+Jf5cyOliLD+cgMLtx1gyM2D
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 13 Mar 2017 17:43:22 -0000
Date: Mon, 13 Mar 2017 18:43:21 +0100
Message-ID: <alpine.OSX.2.20.1703131838100.54839@ary.local>
From: John R Levine <johnl@taugh.com>
To: Carsten Bormann <cabo@tzi.org>
Subject: Re: yet more DMARC stuff, was Re: Mailing list membership.
In-Reply-To: <EEAA5E62-DD3A-4D62-8E78-204C24859A73@tzi.org>
References: <20170301210033.1672.qmail@ary.lan> <C758AD84-F7DB-4520-A497-66CFBA8A48B1@tzi.org> <5e382acb-077c-87f3-7355-aa3bf913e78c@dcrocker.net> <EEAA5E62-DD3A-4D62-8E78-204C24859A73@tzi.org>
User-Agent: Alpine 2.20 (OSX 67 2015-01-07)
MIME-Version: 1.0
Content-Type: multipart/mixed; BOUNDARY="0-542573642-1489426949=:54839"
Content-ID: <alpine.OSX.2.20.1703131842530.54839@ary.local>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/GDVzTAF6N2m96C4-ATozGIn1vr0>
Cc: IETF general list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 17:43:27 -0000

> I sure understand the problem that the scarcity-based address reputation hack won’t work that well on IPv6.  But the “solution”…  And NIST isn’t exactly Mom and Pop’s Bait and Internet Shop.

Nor is gmail, which also requires that incoming IPv6 mail be authenticated 
with SPF or DKIM.  They know what they are doing, and they have decided 
that the amount of legit mail they will lose by doing this is 
insignificant compared to the improvement in the amount of spam and 
malware they will be able to filter.

You can complain about how stupid they are or you can upgrade your mail 
system to use authentication methods that have been IETF standards for a 
decade and get your mail delivered.  Your choice.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

PS:
> No idea whether there is code around that can react to a DEFER with a 
> change of source address.

Unless it changes to an IPv4 address, it won't help.