Re: Do we actually want to do anything about DMARC?

"John Levine" <johnl@taugh.com> Mon, 15 August 2016 20:54 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A2B312D1B7 for <ietf@ietfa.amsl.com>; Mon, 15 Aug 2016 13:54:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JGxjBL0r0a0D for <ietf@ietfa.amsl.com>; Mon, 15 Aug 2016 13:54:32 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9601912D18A for <ietf@ietf.org>; Mon, 15 Aug 2016 13:54:31 -0700 (PDT)
Received: (qmail 52121 invoked from network); 15 Aug 2016 20:54:30 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 15 Aug 2016 20:54:30 -0000
Date: 15 Aug 2016 20:54:08 -0000
Message-ID: <20160815205408.10151.qmail@ary.lan>
From: "John Levine" <johnl@taugh.com>
To: ietf@ietf.org
Subject: Re: Do we actually want to do anything about DMARC?
In-Reply-To: <20160815130106.GS10626@thunk.org>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/RrRowelzASHQQNMzEH3SdwF-988>
Cc: tytso@mit.edu
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2016 20:54:33 -0000

>> Marissa@yahoo.com.MANUALLY.REMOVE.THE.TRAILING.PARTS would involve ...

>>From what John has said, he's actually made the from field work:
>
>% dig -t mx dmarc.fail +nocomments
>
>; <<>> DiG 9.10.3-P4-Debian <<>> -t mx dmarc.fail +nocomments
>;; global options: +cmd
>;dmarc.fail.			IN	MX
>dmarc.fail.	3599	IN	MX	20 mail1.iecc.com.

Yup.  It's even DNSSEC signed.

$ dig yahoo.com.dmarc.fail mx +dnssec

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47725
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;yahoo.com.dmarc.fail. 		IN     	MX

;; ANSWER SECTION:
yahoo.com.dmarc.fail.  	3599   	IN     	MX     	20 mail1.iecc.com.
yahoo.com.dmarc.fail.  	3599   	IN     	RRSIG  	MX 8 2 3600 20161011000000 20160810041505 58563 dmarc.fail. J9UaHbKJPwu5vK/jxJKrv0pZH6bzI8TgDY78m4S8SWUiUoB/irnlur3Z SsowLaiOjekzhYqiPmT6KOq7dt2G0lD5Pil4Z8SA0MCFWHcYyyWNMT/D eka93UNGoFzVBzNCYLzTyduy/P01isqKelkC6BZaX7tTm2CWlLKD9Th6 avM=


>I do wonder how he deals with the spam reputation problem of his
>forwarding server if too many spammers try to send mail to
>marissa@yahoo.com.dmarc.fail --- I assume he must do a lot of
>anti-spam filtering and is refusing to forward stuff which is spam?

I turn off the forward a day or so after the list message goes out.
The forwarder uses the usual Spamhaus BLs to block incoming mail.  So
far the amount of spam has been too low to notice.  Maybe I'm lucky,
but I think the time limited time addresses make scraping and spamming
unproductive.

As I noted in an earlier message, the IETF already has a bazillion
forwarders for I-D and RFC authors, so this problem is not a new one
for the IETF.

R's,
John