Re: Do we actually want to do anything about DMARC?

ned+ietf@mauve.mrochek.com Mon, 15 August 2016 15:52 UTC

Return-Path: <ned+ietf@mauve.mrochek.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D267712D0DA for <ietf@ietfa.amsl.com>; Mon, 15 Aug 2016 08:52:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.149
X-Spam-Level:
X-Spam-Status: No, score=-3.149 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.247, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EiV1fEy5x-AH for <ietf@ietfa.amsl.com>; Mon, 15 Aug 2016 08:52:22 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [68.183.62.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9B2812B049 for <ietf@ietf.org>; Mon, 15 Aug 2016 08:52:22 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01Q3RQILSXQO00FQ2N@mauve.mrochek.com> for ietf@ietf.org; Mon, 15 Aug 2016 08:47:28 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: TEXT/PLAIN; CHARSET=us-ascii; format=flowed
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01Q2VYVWUFM800005M@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for ietf@ietf.org; Mon, 15 Aug 2016 08:47:17 -0700 (PDT)
From: ned+ietf@mauve.mrochek.com
Message-id: <01Q3RQIKJ3NU00005M@mauve.mrochek.com>
Date: Mon, 15 Aug 2016 08:45:57 -0700 (PDT)
Subject: Re: Do we actually want to do anything about DMARC?
In-reply-to: "Your message dated Mon, 15 Aug 2016 11:35:20 -0400" <alpine.OSX.2.11.1608151129030.17984@ary.local>
References: <20160815012208.8845.qmail@ary.lan> <32352.1471272804@obiwan.sandelman.ca> <alpine.OSX.2.11.1608151129030.17984@ary.local>
To: John R Levine <johnl@taugh.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/WKHbHvkgHoiFPVcusrQe6e8KuRY>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, IETF general list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2016 15:52:24 -0000

> > Good, we agree about this, but, I still think we need to lead with a carrot
> > (new DMARC spec to solve the problem), and a stick (date at which we will
> > comply to DMARC)

> I can promise you that the large mail providers will say "that's nice" and
> will not change the way they handle DMARC.  They have a large investment
> in it, and they see significant benefits rejecting actual forgery.  The
> number of bogus messages that DMARC rejects vastly outnumber the mistakes,
> but unfortunately the mistakes are painful to us.

> We have no leverage here.  It's ARC or nothing.

> > It's been like two years that I said the same thing.
> >
> >    > My preferred approach until ARC is usable is to rewrite the From:
> >    > address to a legible forwarding address.  The IETF already handles a
> >    > bazillion forwarding addresses for I-D and RFC authors, so I'd think it
> >    > wouldn't be terribly hard to adapt that.  You don't have to change any
> >    > mailman code; you can do everything in a shim between the list manager
> >    > and the outgoing postfix submission program.
> >
> > I call this NAT for email.

> Kind of, but it's 1-1 NAT where you can look at the NAT address and know
> what the underlying address is, so you still see something useful in your
> MUA's message list.

And if you have the tools, you can undo the damage.

I regard being able to undo whatever is done as a "must have".

				Ned