IETF Logo Mail Archive

Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)

Scott Kitterman <scott@kitterman.com> Tue, 15 July 2014 02:12 UTC

Return-Path: <scott@kitterman.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ED161B27CD for <ietf@ietfa.amsl.com>; Mon, 14 Jul 2014 19:12:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KVGZLE3BLvHm for <ietf@ietfa.amsl.com>; Mon, 14 Jul 2014 19:12:01 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CCEE1B27E5 for <ietf@ietf.org>; Mon, 14 Jul 2014 19:12:00 -0700 (PDT)
Received: from mailout03.controlledmail.com (localhost [127.0.0.1]) by mailout03.controlledmail.com (Postfix) with ESMTP id C3CE7D045BA; Mon, 14 Jul 2014 22:11:59 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2014-01; t=1405390319; bh=oT0heDLDR/YbeVycm33P0K7wkpUNIdCVp9tb3vbHhdk=; h=From:To:Subject:Date:In-Reply-To:References:From; b=ZlvbXywpIIWfJEXM3fEqS5IuSJuwcf5codh7z8i23vAFsLeKebNlKGBtd8tIvTI4J AZpHHlif0btoNOG7AAkMw2AtbAyJWAl/h0AjSCJYjBVg6JZvZYR9earZ0TgTengUPR GtOaZcFAC9hjuKXOZS77DOBT1XgLBxSN+C0FLak0=
Received: from scott-latitude-e6320.localnet (static-72-81-252-21.bltmmd.fios.verizon.net [72.81.252.21]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 8E83CD041E1; Mon, 14 Jul 2014 22:11:59 -0400 (EDT)
From: Scott Kitterman <scott@kitterman.com>
To: ietf@ietf.org
Subject: Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)
Date: Mon, 14 Jul 2014 22:11:58 -0400
Message-ID: <2270075.AYnCC6OxAQ@scott-latitude-e6320>
User-Agent: KMail/4.13.2 (Linux/3.13.0-30-generic; KDE/4.13.2; x86_64; ; )
In-Reply-To: <20140715001549.GG2595@mournblade.imrryr.org>
References: <20140714164212.22974.20340.idtracker@ietfa.amsl.com> <4450964.7UmRiHm4KW@scott-latitude-e6320> <20140715001549.GG2595@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
X-AV-Checked: ClamAV using ClamSMTP
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/LiqqA0eniUuWfUBrNDX-BMAU5ZI
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jul 2014 02:12:02 -0000

On Tuesday, July 15, 2014 00:15:49 Viktor Dukhovni wrote:
> On Mon, Jul 14, 2014 at 04:47:19PM -0400, Scott Kitterman wrote:
> > > >    However, DMARC is problematic for mail that does not flow from
> > > >    operators having a relationship with the domain owner, directly to
> > > >    receivers operating the destination mailbox. Examples of such
> > > >    "indirect" flows are mailing lists, publish-to-friend
> > > >    functionality,
> > > >    mailbox forwarding (".forward"), and third-party services that send
> > > >    on behalf of clients. The working group will explore possible
> > > >    updates
> > > >    and extensions to the specifications in order to address
> > > >    limitations
> > > >    and/or add capabilities. It will also provide technical
> > > >    implementation guidance and review possible enhancements elsewhere
> > > >    in
> > > >    the mail handling sequence that could improve could DMARC
> > > >    compatibility.
> 
> This is a solved problem, the "Rfc822.Sender" field should have
> from the outset trumped the "Rfc822.From" field when determining
> message origin, and the DMARC policy should be that of the "Sender"
> domain.  Some MUAs already expose "Sender != From" by displaying
> "From <sender> on behalf of <author>".  This needs to become standard
> MUA behaviour.

I am coming around to the point of view.

FWIW, the text is from the proposed charter, I didn't write any of it.

Scott K

v2.23.0 | Report a Bug | By Email