Re: [IETF] DMARC methods in mailman

[Viktor Dukhovni <ietf-dane@dukhovni.org>]

[ On-list follow-up to off-list discussion with John R Levine ]

> On Dec 27, 2016, at 12:09 PM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
> 
> What I'm saying is that phishing protection is not the actual goal
> when publishing or filtering on DMARC.  The metric used is complaints
> about spam, or messages blocked not reduction in monetary loss,
> and this lines up with reducing support costs, ...
> 
> So filtering on DMARC reduces complaints and support costs.  Its
> effect on phishing is a separate issue.
> 
> Many of my inbound 419 scams are sent with Yahoo/Gmail/... "Reply-To"
> addresses (the From address is in some random domain), and DMARC
> does nothing to address the endemic infestation of Yahoo/Gmail/...
> by 419 scammer maildrops.

A perfect illustration of this, in the form of (two copies of) a
vanilla 419 scam sent via Yahoo, claiming to be from Gmail, with
a Gmail From/Reply-To landed in my mailbox today:

Return-Path: <fdstrefd@gmail.com>
Received: from nm26-vm3.bullet.mail.ir2.yahoo.com (nm26-vm3.bullet.mail.ir2.yahoo.com [212.82.97.45])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by mournblade.imrryr.org (Postfix) with ESMTPS id 294A3282D54
	for <ietf-dane@dukhovni.org>; Sat, 31 Dec 2016 20:11:56 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1483215114; bh=c4EvhVuT7B7QSV9hGxgYY5JM/FjAch9pBRo19btgucE=; h=Date:From:Reply-To:Subject:References:From:Subject; b=WoiPMDpaa+cfZ9QhmywsDmt8fwb4nK6vFIm6dBY4CV5WaamvGPq+i5VX66OPKSkFHA8kNnzkHuhN4iSFT7gQRNk1/xX6xJ9iGw4GUOePrLSsAJC5uCS+aHEnrTTuLi2yF+S1YDefU286pBkw4yHoX9JN0gcvb5s7uD+JSwIYjlLYOGr+PpGrEAuXNVE2NGzIcb9UWTSJXZMwlBbWkY7nqz1ud1OFhAruu7M8J0b9Qy0JguRF+TXoVIlgwmhtLUkW7zVUjJH97A+pGPLZJTb3ZsP4i+JITXntKt5LTh3rmoA/imXEm5SGRgY26w8S33ogKRbxOGMF+bExVfFSGu6pZw==
Received: from [212.82.98.55] by nm26.bullet.mail.ir2.yahoo.com with NNFMP; 31 Dec 2016 20:11:54 -0000
Received: from [212.82.98.94] by tm8.bullet.mail.ir2.yahoo.com with NNFMP; 31 Dec 2016 08:02:52 -0000
Received: from [127.0.0.1] by omp1031.mail.ir2.yahoo.com with NNFMP; 31 Dec 2016 07:55:04 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 927888.62800.bm@omp1031.mail.ir2.yahoo.com
X-YMail-OSG: QcOFysMVM1m.D45t1au9SSm7UzQg.moWDy838PFy.crU_U2N2Ln5zfPjrV316am
 O5_zn_VmvWY0mvTu381bdjL6BcURqvRHcKaw3g25Wps4hfu5qEa_L9zn29KWuwNWSIyddDcm8mIy
 FyM7llRByUhCYWb7Usx1_GR.5JD3.phNO88gGojPDNcflzmS.nAErUq9Qkt1NWsV1LIOjMO3NJzL
 gmLNZCDp34o6QleUNJ9Ku3Ovu9OkUh0tT0mDgr4wlOnvV6YRHMjpSdIwIOWOOgRXvZyL9TjBwoZ0
 VJe89OUB40o37la9j7NbS2vcdzyPnZHH.n5.ETUZCQjwd9G.CbFHugfmbCQUaSr1YY6EjRNWvnbb
 eUHSEkuPEuTsFM8taHzKIfTfmnPkjYRhzOa2Ch800ROLuT0KUj0jFrHTCA_KLwewubm4G2J01.7s
 RJJKbUMFLFg4xhPS5ZJJf8T7DexaxYYUHrvI2tC9KqRu9HVBPSI0GM2qnYXtySZ4.jFttaFem9WH
 eicjn4zzDzOULy3qatyVelmI-
Received: from jws700080.mail.ir2.yahoo.com by sendmailws165.mail.ir2.yahoo.com; Sat, 31 Dec 2016 07:55:04 +0000; 1483170904.369
Date: Sat, 31 Dec 2016 07:55:04 +0000 (UTC)
From: "Mr.Iheleme Oskama" <fdstrefd@gmail.com>
Reply-To: "Mr.Iheleme Oskama" <mr.ihelemeoskama@gmail.com>
Message-ID: <1310822406.6745256.1483170904116@mail.yahoo.com>
Subject: Greetings My Dear Friend

My MUA's (Mail.app) filters easily recognized it as Junk email, if
only Yahoo's outbound email filters had been equally effective, but
I don't believe that protecting email users against scams is the
game being played.

Yes, when Paypal publishes DMARC policy, the policy is both reasonable,
and does have positive impact in reducing phishing of Paypal users.
Paypal's DMARC policy also has no negative impact on mailing lists.

When a large consumer email provider publishes p=reject, their
motivation is likely less noble and negative impact on other
legitimate uses of email is not negligible.

-- 
	Viktor.