IETF Logo Mail Archive

Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)

Scott Kitterman <scott@kitterman.com> Tue, 15 July 2014 16:35 UTC

Return-Path: <scott@kitterman.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A7481A0A8D for <ietf@ietfa.amsl.com>; Tue, 15 Jul 2014 09:35:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MsQYeKqrrS4n for <ietf@ietfa.amsl.com>; Tue, 15 Jul 2014 09:35:10 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CFD51A0A8E for <ietf@ietf.org>; Tue, 15 Jul 2014 09:35:10 -0700 (PDT)
Received: from mailout03.controlledmail.com (localhost [127.0.0.1]) by mailout03.controlledmail.com (Postfix) with ESMTP id 8C1E7D042E7; Tue, 15 Jul 2014 12:35:09 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2014-01; t=1405442109; bh=x6XcRirb8b5FAZwcihauQhxpXoTwVdjTWaDfNvybMOI=; h=From:To:Subject:Date:In-Reply-To:References:From; b=IKTxDxxlFuLJzvqbbGggPVEgn/ZPMnoDy/j6eKWNUarnO/FvJas9EylL5Hq17qM4c RHGjbr70j9/RKQGxK1XUOdwSNJmKK024852M0iAxtUu1uDscPz0kdp0xekvecr4cNA 4YtbRRjGy4L8JEUWKnB5eduH47s9VRQI+livDj7Y=
Received: from scott-latitude-e6320.localnet (static-72-81-252-21.bltmmd.fios.verizon.net [72.81.252.21]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 57282D042B8; Tue, 15 Jul 2014 12:35:09 -0400 (EDT)
From: Scott Kitterman <scott@kitterman.com>
To: ietf@ietf.org
Subject: Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)
Date: Tue, 15 Jul 2014 12:35:08 -0400
Message-ID: <4479292.p2LNmhb84D@scott-latitude-e6320>
User-Agent: KMail/4.13.2 (Linux/3.13.0-30-generic; KDE/4.13.2; x86_64; ; )
In-Reply-To: <20140715154418.76956.qmail@joyce.lan>
References: <20140715154418.76956.qmail@joyce.lan>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
X-AV-Checked: ClamAV using ClamSMTP
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/UVhgqSfTSCSvE9gAOF5DDmigzBY
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jul 2014 16:35:12 -0000

On Tuesday, July 15, 2014 15:44:18 John Levine wrote:
> > Some MUAs already expose "Sender != From" by displaying
> >
> >"From <sender> on behalf of <author>".  This needs to become standard
> >MUA behaviour.
> 
> Perhaps not.  This is the "punt security policy to Grandma" model.  A
> more extreme version is the proposal to show signed and unsigned parts
> of messages in different colors.
> 
> It would have been nice if users and MUAs had done this all along and
> there were widely understood conventions (as opposed to well
> documented but not well understood) conventions for using Sender:
> headers.  But there aren't.  The most popular MUA that shows the
> sender is Outlook, and people I know just find it confusing.
> 
> You and I probably have the background to make useful decisions from
> various combinations of sender and author.  But I don't see any reason
> to believe that non-technical users (in my case, Grandma is my wife's
> 74 year old mother) do.

That's possibly true, but given the goal of the working group, it may turn out 
to be the best we can do.  In my limited IETF experience, I've seen several 
variants of "we aren't U/I experts, so we should stay away from it".  That may 
be true, but we may not get out of this one without having to give some strong 
guidance.

For the large fraction of email users today that are doing it via webmail 
where the service provider controls the MUA experience directly, the timeline 
for improvement can be relatively short compared to traditional software 
deployment cycles.

Scott K

v2.23.0 | Report a Bug | By Email