Re: [IETF] DMARC methods in mailman
Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 26 December 2016 18:31 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B9B312947A for <ietf@ietfa.amsl.com>; Mon, 26 Dec 2016 10:31:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iQKEUkLgDxID for <ietf@ietfa.amsl.com>; Mon, 26 Dec 2016 10:31:32 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FAF81293F0 for <ietf@ietf.org>; Mon, 26 Dec 2016 10:31:32 -0800 (PST)
Received: from [IPv6:2604:2000:1382:81a2:e023:6c77:6527:d4de] (unknown [IPv6:2604:2000:1382:81a2:e023:6c77:6527:d4de]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id 79847282D54 for <ietf@ietf.org>; Mon, 26 Dec 2016 18:31:30 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Subject: Re: [IETF] DMARC methods in mailman
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <20161226144901.f4ym2d6bzz5zxafp@thunk.org>
Date: Mon, 26 Dec 2016 13:31:28 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <144FA12E-E647-4F3B-9E5F-8A21213D2678@dukhovni.org>
References: <m1cKvWY-0000HFC@stereo.hq.phicoh.net> <EA2191A9-CF62-4984-8275-E0295A207237@gmail.com> <35FC8FF8-A4E6-423F-994C-304B4B3AAF94@dukhovni.org> <20161226144901.f4ym2d6bzz5zxafp@thunk.org>
To: IETF general list <ietf@ietf.org>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/LXUQFLT4cUZ4wPVqXEyaAIjHREw>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: IETF general list <ietf@ietf.org>
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Dec 2016 18:31:33 -0000
> On Dec 26, 2016, at 9:49 AM, Theodore Ts'o <tytso@mit.edu> wrote: > >> The need for email origin authentication to specify that "Sender" preempts >> "From" has been well understood for a long time before there there was DMARC. >> If there is to be a non-broken replacement, it must correct this design error >> and place the "burden" of dealing with that on any MUAs that fail to display >> Sender (as e.g. from <sender> on behalf of <author>). > > But if MUA's do this, then it becomes trivial to phish consumers, > which was the original excuse for DMARC. So if MUA's do this, > eventually Yahoo and the other big mail providers will promulgate a > non-standard "fix" that will bounce message with Sender lines that > aren't equal to the From field. And then what will you do? You're still operating under the false assumption that DMARC's purpose is to solve phishing. It's real purpose (at Yahoo et. al.) is to reduce support desk workload at the sending domain. Any minimal efficacy at reducing phishing is entirely incidental. Anyway, there's no additional phishing risk. One of the few things that Outlook does right is display both Sender and From, as <sender> on behalf of <author>. If the DMARC replacement authentication (via DKIM's d= or similar is then applied to <sender>, there's no new phishing risk. Users who don't understand that "on behalf of" means allegedly from are just as likely to be confused by a myriad other perplexing signals in email and web content. The phishing problem has no solution by way of email authentication for sufficiently naive and gullible users. -- -- Viktor.
- Re: [IETF] DMARC methods in mailman John Levine
- Re: DMARC methods in mailman Philip Homburg
- Re: DMARC methods in mailman John Levine
- Re: DMARC methods in mailman Theodore Ts'o
- Re: DMARC methods in mailman Randy Bush
- Re: DMARC methods in mailman Philip Homburg
- Re: DMARC methods in mailman John R Levine
- Re: DMARC methods in mailman S Moonesamy
- Re: DMARC methods in mailman Philip Homburg
- Re: DMARC methods in mailman Philip Homburg
- Re: DMARC methods in mailman Theodore Ts'o
- Re: DMARC methods in mailman S Moonesamy
- Re: DMARC methods in mailman Alexey Melnikov
- DMARC stats for IETF mailing lists (was DMARC met… Alexey Melnikov
- Re: DMARC methods in mailman S Moonesamy
- RE: DMARC methods in mailman Christian Huitema
- Re: DMARC methods in mailman John Levine
- Re: DMARC methods in mailman Randy Bush
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman Philip Homburg
- Re: [IETF] DMARC methods in mailman Yoav Nir
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman Ted Lemon
- Re: [IETF] DMARC methods in mailman tom p.
- Re: [IETF] DMARC methods in mailman Patrik Fältström
- Re: [IETF] DMARC methods in mailman Philip Homburg
- Re: [IETF] DMARC methods in mailman Theodore Ts'o
- Re: [IETF] DMARC methods in mailman John C Klensin
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman John Levine
- Re: [IETF] DMARC methods in mailman Theodore Ts'o
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- RE: [IETF] DMARC methods in mailman Christian Huitema
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman S Moonesamy
- Re: [IETF] DMARC methods in mailman Dave Crocker
- Re: [IETF] DMARC methods in mailman Theodore Ts'o
- Re: [IETF] DMARC methods in mailman John C Klensin
- Re: [IETF] DMARC methods in mailman Dave Crocker
- RE: [IETF] DMARC methods in mailman Christian Huitema
- Re: [IETF] DMARC methods in mailman Dave Crocker
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman Dave Crocker
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni