Re: Do we actually want to do anything about DMARC?

"John R Levine" <johnl@taugh.com> Mon, 15 August 2016 15:35 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2944612D8F4 for <ietf@ietfa.amsl.com>; Mon, 15 Aug 2016 08:35:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=DL+yLJKV; dkim=pass (1536-bit key) header.d=taugh.com header.b=m3lPw2NU
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vr7qHHBhcDLd for <ietf@ietfa.amsl.com>; Mon, 15 Aug 2016 08:35:26 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D96112D8F3 for <ietf@ietf.org>; Mon, 15 Aug 2016 08:35:26 -0700 (PDT)
Received: (qmail 77339 invoked from network); 15 Aug 2016 15:35:25 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=12e1a.57b1e13d.k1608; bh=N8o0OQ9Qb3p5ie5+FZE/cejaCUYYo5nXI+K4T/CAeow=; b=DL+yLJKVnpkvv6PLyI44KxFBF4TzEOVeKKvUGuGrgy/xmkyLyrBza3gUTxig89CqaO5XM2egS2AFfJon+jWGykB/ZSSUI+9hqWpdFmqzPEJDJlIWXcjE5a6o9NmzaiEoN5CL7e9o0P6z8OI90svHpGIl5u0ppG1U/baw1Oz8YFST76C4prXU+HmpE7Qtm3MbRYu/oxKUegRhmfitmHzBqB/hcB+eJK1NQx3gtlkkgg1bplnJeAi0cF+aIL7q9eGC
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=12e1a.57b1e13d.k1608; bh=N8o0OQ9Qb3p5ie5+FZE/cejaCUYYo5nXI+K4T/CAeow=; b=m3lPw2NUOHsPIycV1UH6AyRhJdlxtni1re/UJ3VRwfeeOBPqgB8AqW+AkZ48VdaS9OxYxa+S6C2qw58/UBGzBPYasMlMur22NuHsEe5b4dxCBImUwvyREkm+AOcs0uN1f8B9oOkgno+vq/C8egL4Q88WpGfSlDtDT36A649YLRMXF93T6qu/TtuGzK8HUvkFNtPjj7HsPv10wJLOuG+c7Mx3Jjo9lt5QycvEGGyKRuthYOjPhDuCnN+od3lUeT2Y
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 15 Aug 2016 15:35:25 -0000
Date: 15 Aug 2016 11:35:20 -0400
Message-ID: <alpine.OSX.2.11.1608151129030.17984@ary.local>
From: "John R Levine" <johnl@taugh.com>
To: "Michael Richardson" <mcr+ietf@sandelman.ca>
Subject: Re: Do we actually want to do anything about DMARC?
In-Reply-To: <32352.1471272804@obiwan.sandelman.ca>
References: <20160815012208.8845.qmail@ary.lan> <32352.1471272804@obiwan.sandelman.ca>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/Ss3MFz8tMvrHfKb2N4elA5sShpc>
Cc: IETF general list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2016 15:35:28 -0000

> Good, we agree about this, but, I still think we need to lead with a carrot
> (new DMARC spec to solve the problem), and a stick (date at which we will
> comply to DMARC)

I can promise you that the large mail providers will say "that's nice" and 
will not change the way they handle DMARC.  They have a large investment 
in it, and they see significant benefits rejecting actual forgery.  The 
number of bogus messages that DMARC rejects vastly outnumber the mistakes, 
but unfortunately the mistakes are painful to us.

We have no leverage here.  It's ARC or nothing.

> It's been like two years that I said the same thing.
>
>    > My preferred approach until ARC is usable is to rewrite the From:
>    > address to a legible forwarding address.  The IETF already handles a
>    > bazillion forwarding addresses for I-D and RFC authors, so I'd think it
>    > wouldn't be terribly hard to adapt that.  You don't have to change any
>    > mailman code; you can do everything in a shim between the list manager
>    > and the outgoing postfix submission program.
>
> I call this NAT for email.

Kind of, but it's 1-1 NAT where you can look at the NAT address and know 
what the underlying address is, so you still see something useful in your 
MUA's message list.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.