IETF Logo Mail Archive

Re: dmarc damage, was gmail users read on... [bozo subtopic]

Hector Santos <hsantos@isdg.net> Sun, 14 September 2014 15:20 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C2141A0026 for <ietf@ietfa.amsl.com>; Sun, 14 Sep 2014 08:20:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.002
X-Spam-Level:
X-Spam-Status: No, score=-102.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QFJIjmXnERfK for <ietf@ietfa.amsl.com>; Sun, 14 Sep 2014 08:20:46 -0700 (PDT)
Received: from news.winserver.com (pop3.winserver.com [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id E0CF81A002F for <ietf@ietf.org>; Sun, 14 Sep 2014 08:20:45 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=2079; t=1410708040; h=Received:Received: Message-Id:From:Subject:Date:To:Organization:List-ID; bh=Teysq6Q Hail51nsggY1ku1vEHL8=; b=TeYcL4eAlGq+op7qpdHTOuQCeq2yWfTu+d4xZ8S hnDPetm8QV4mRItN6UJXIH3ZBXh1Kzzkp/FbkkcL0J4nKSizl3IiNL/b1eRKUTlR 0mEXBUK6dp0pfF+ys31tUAl3DbXN2ubKhZYV4FkDPCn1GY8vrS2o0SYc8Yo8xMUI CJdM=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Sun, 14 Sep 2014 11:20:40 -0400
Received: from [192.168.1.67] (99-121-4-27.lightspeed.miamfl.sbcglobal.net [99.121.4.27]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1598133135.1.4268; Sun, 14 Sep 2014 11:20:39 -0400
References: <20140913134907.2020.qmail@joyce.lan> <299EAC72-667A-46D5-9BB9-7ADFEF61A21E@isdg.net> <ca0abd2c-9b8b-40a9-83e3-e884f81241c0@email.android.com> <08BE30C5-3627-4A11-A711-23D5FABFDA7F@isdg.net>
Mime-Version: 1.0 (1.0)
In-Reply-To: <08BE30C5-3627-4A11-A711-23D5FABFDA7F@isdg.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-Id: <562FCABB-969C-4AF1-8142-F6BC510C6917@isdg.net>
X-Mailer: iPad Mail (11D257)
From: Hector Santos <hsantos@isdg.net>
Subject: Re: dmarc damage, was gmail users read on... [bozo subtopic]
Date: Sun, 14 Sep 2014 11:20:36 -0400
To: Scott Kitterman <scott@kitterman.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/OH-tLabfeEm9NuhshTpoZRlChW8
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Sep 2014 15:20:48 -0000

That is author domain Policy was the original proof of concept, that is why the 5322.From anchor was required,

--
Hector Santos
http://www.santronics.com

> On Sep 14, 2014, at 11:16 AM, Hector Santos <hsantos@isdg.net> wrote:
> 
> 
> 
>> On Sep 14, 2014, at 10:56 AM, Scott Kitterman <scott@kitterman.com> wrote:
>> 
>> 
>> 
>>> On September 14, 2014 10:40:51 AM EDT, Hector Santos <hsantos@isdg.net> wrote:
>>> 
>>> On Sep 13, 2014, at 9:49 AM, "John Levine" <johnl@taugh.com> wrote:
>>> 
>>>>> Agreed, but just wanted to add one thing- doesn't the details of the
>>> whether the sender
>>>>> has to align or not depends on whether SPF or DKIM is used as the
>>> authentication method?
>>>> 
>>>> No.  Neither DKIM nor SPF have any connection to either the From: or
>>>> Sender: header other than what DMARC is trying to do.
>>> 
>>> DKIM has a required hash bind to the 5322.From field data -- the only
>>> 5322 header signing requirement in DKIM.  It's burned into the now DKIM
>>> now STD level specification.  That's not a DMARC requirement, but one
>>> DMARC relies on having with DKIM.  
>>> 
>>> Maybe an errata is in order?   
>> 
>> The field is required to be signed. It's not required to have any particular value. It's most certainly not required to be related to the signing domain in any way (which is what DMARC does).
>> 
> 
> Major disagreement and why this problem is not solved. 
> 
> There is tremendous inherent value that could only be understand by working on mail systems offline, online for 30 years.  The from field is a treasured field Scott and it's not just for network mail but local and all forms of telecommunications.  There is a reason why it's the only one required to be signed and that's strongly because it was the original proof of concept since day 0.  Domainkeys started the policy concept. DKIM improved it. 
> 
> One group tried to separate it and that failed.
> 
> --
> Hector Santos
> http://www.santronics.com
>

v2.23.0 | Report a Bug | By Email