Re: DMARC: perspectives from a listadmin of large open-source lists

John C Klensin <john-ietf@jck.com> Mon, 14 April 2014 04:34 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBD9F1A0322 for <ietf@ietfa.amsl.com>; Sun, 13 Apr 2014 21:34:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.973
X-Spam-Level:
X-Spam-Status: No, score=-0.973 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.272] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T4EsgZbU6KPF for <ietf@ietfa.amsl.com>; Sun, 13 Apr 2014 21:34:47 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) by ietfa.amsl.com (Postfix) with ESMTP id C1D491A0319 for <ietf@ietf.org>; Sun, 13 Apr 2014 21:34:47 -0700 (PDT)
Received: from [198.252.137.115] (helo=JcK-HP8200.jck.com) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1WZYbS-00044a-GK; Mon, 14 Apr 2014 00:34:42 -0400
Date: Mon, 14 Apr 2014 00:34:37 -0400
From: John C Klensin <john-ietf@jck.com>
To: John R Levine <johnl@taugh.com>
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
Message-ID: <1EBDF5239EEE5202D3837D25@JcK-HP8200.jck.com>
In-Reply-To: <alpine.BSF.2.00.1404132346420.26386@joyce.lan>
References: <20140414024956.26078.qmail@joyce.lan> <534B524F.4050206@dcrocker.net> <alpine.BSF.2.00.1404132327560.26258@joyce.lan> <E0B7196CB2603B80BBEC21AF@JcK-HP8200.jck.com> <alpine.BSF.2.00.1404132346420.26386@joyce.lan>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.115
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/WlpJMesxuF_SlB4Hjsd_QCy_G5E
Cc: IETF general list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 04:34:53 -0000

--On Monday, April 14, 2014 00:10 -0400 John R Levine
<johnl@taugh.com> wrote:

>> Sadly, there are a non-trivial number of MTA installations
>> whose implementers or operators, having discovered that they
>> had not seen a legitimate use of the percent hack in years,
>> decided that they were about as likely to appear in
>> legitimate messages as source routing and dealt with them
>> accordingly.  Put more simply, a "%" in a local-part may be
>> least as likely to get a message rejected or dumped as a
>> badly specified DMARC record, so the one is really not a very
>> good cure for the other.
> 
> Since the percent hack became a famous vector for open relay
> abuse, so we all stopped honoring it.  A lot of MTAs still
> reject anything with a % saying something like no more source
> routing.  Mine does.

Exactly.

> So this would require inventing something with the same
> semantics as the percent hack, but a different syntax.
> Perhaps we can use an exclamation point.

I suppose the correct response is "bang, bang, bang,..."

But this takes us back to Ned's point (or at least my
interpretation of it): it is lots easier to fix a bad DMARC
config, ignore restrictive DMARC specifications, or even to
abandon DMARC entirely, than it is to believe that we can
upgrade every MTA and MUA on the network to start accepting
percent hacks, bang paths, or the syntax characters used to
denote them, again.  Or any other strange local-part syntax
anyone is likely to come up with, e.g., perhaps we could use
plus signs, hyphens, or appropriately-escaped backslashes.  Or
we could steal "/" and "=" back from X.400 gateways.  Right.

   john