IETF Logo Mail Archive

Re: Enabling DMARC workaround code for all IETF/IRTF mailing lists

Hector Santos <hsantos@isdg.net> Tue, 15 May 2018 13:38 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27BC012DA17 for <ietf@ietfa.amsl.com>; Tue, 15 May 2018 06:38:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.208
X-Spam-Level:
X-Spam-Status: No, score=-1.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RDNS_NONE=0.793, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=gCuYgkum; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=rZy8ryt4
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v-2oV9B32ddB for <ietf@ietfa.amsl.com>; Tue, 15 May 2018 06:38:05 -0700 (PDT)
Received: from pop3.winserver.com (unknown [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 1100B12D954 for <ietf@ietf.org>; Tue, 15 May 2018 06:38:04 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1541; t=1526391483; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=uhMeMUSCZOthkJ4P5qJ0+2WlqQ0=; b=gCuYgkumzgO7Bs/ZPqPL66p8tbr01oHf5Ehx8oFYw8EJ3uQ4BQQ15xcD/E16Hf 74BKBDyBmWQvdW8nEKoHCO23XhL9PHKj6CXaqq1eM/yQQLPuhN+urLymvusx0Wkm EiygSqfodjHtQDKw4cseU+m8TjrZ8uxzW3BwfsKuTJe8c=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for ietf@ietf.org; Tue, 15 May 2018 09:38:03 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 3375142259.1.4332; Tue, 15 May 2018 09:38:02 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1541; t=1526391000; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=ycFBpop dwyFbabpUmB+vuHJAMPgH1kc9TuWXTmK5G6A=; b=rZy8ryt4E7C7HLhZxEWAFMb Pm7XSKeGj+EZnbWxW4Ykp4yQBiPl1QTAOhZc6LFe42TRTROw/tFAE0eaFEAsb5sB cbA/u1t9eUKjPgaNosqvhwIPdh0aDC00m2lKRq69bgavZkA4x1DmFKBN3ltIYxTG a1QCAJrfbtozpQ4y1m5U=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for ietf@ietf.org; Tue, 15 May 2018 09:30:00 -0400
Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 3374939191.9.140628; Tue, 15 May 2018 09:29:59 -0400
Message-ID: <5AFAE2B5.3030206@isdg.net>
Date: Tue, 15 May 2018 09:37:57 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: Enabling DMARC workaround code for all IETF/IRTF mailing lists
References: <919855CA-9F77-420A-8B8F-79174CD2FC19@fastmail.fm> <5849b364-ee61-6c0c-4905-b7bca88d2fd3@tana.it>
In-Reply-To: <5849b364-ee61-6c0c-4905-b7bca88d2fd3@tana.it>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/hU3S3wTtTptv9-0iAJ2KKw3nF7Q>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2018 13:38:07 -0000

On 5/13/2018 7:50 AM, Alessandro Vesely wrote:
> Just a couple of notes:
>
> On Fri 11/May/2018 14:00:15 +0200 Alexey Melnikov wrote:
>>
>> Below are some technical details on how the email address rewriting workaround is going to work:
>>
>> Emails from domains that don't have a p=reject DMARC setting are not going to be affected in any way.
>>
>> For emails from p=reject domains:
>
> Some put p=reject; pct=0; for the sole purpose of having From: rewritten.  The
> principle of least surprise would suggest to apply rewriting uniformly.

At the very least, we should allow the declaring DMARC domain to 
dictate/publish his intent specifically using a new tag in the domain 
record, such as 'rewrite=allowed|1" or something directly specific to 
this technical protocol intent.

I don't think pct=0 was it.  It was not documented for such an 
technical protocol intent so we shouldn't be inventing new meanings of 
the existing tags.   If we going to change code, then leverage the 
opportunity and use a new specific tag,

I don't prefer rewriting at all.  Once we "normalized" the 5322.From 
rewriting, the long time DKIM issues may be finally done with, i.e. 
ARC is less meaningful but in fact, DKIM itself becomes more 
meaningless, if not already.  The 5322.From is the only required hash 
binding header for DKIM.   Any transformations, including a rewrite 
with a "X-Original-From" addition, should be reversible and verifiable.

We make email more complex by justifying 5322.From rewriting.


Thanks

-- 
HLS

v2.23.0 | Report a Bug | By Email