IETF Logo Mail Archive

Re: Options for temporary operational solution to DMARC problem

John Leslie <john@jlc.net> Fri, 04 November 2016 18:36 UTC

Return-Path: <john@jlc.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B20D12960D; Fri, 4 Nov 2016 11:36:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.697
X-Spam-Level:
X-Spam-Status: No, score=-5.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z0SjJbNSjuh6; Fri, 4 Nov 2016 11:36:20 -0700 (PDT)
Received: from mailhost.jlc.net (mailhost.jlc.net [199.201.159.4]) by ietfa.amsl.com (Postfix) with ESMTP id B7D23129612; Fri, 4 Nov 2016 11:36:20 -0700 (PDT)
Received: by mailhost.jlc.net (Postfix, from userid 104) id 8ECEB909B57; Fri, 4 Nov 2016 14:36:19 -0400 (EDT)
Date: Fri, 04 Nov 2016 14:36:19 -0400
From: John Leslie <john@jlc.net>
To: Ted Lemon <mellon@fugue.com>
Subject: Re: Options for temporary operational solution to DMARC problem
Message-ID: <20161104183619.GH2601@verdi>
References: <678C2FBA-A661-4556-A300-5C08562B5F8A@iii.ca> <29429.1478113235@obiwan.sandelman.ca> <CABa8R6vHdt75NFKW3s6xOzLcq=jmVAHDPX0tjLRdGpYSTP2cYA@mail.gmail.com> <20161102232357.b55vx7est7vjrdfo@thunk.org> <CO2PR00MB01018CDB45F0CE17671AD67596A30@CO2PR00MB0101.namprd00.prod.outlook.com> <20161103134909.lnndzi6feaqfskyj@thunk.org> <CO2PR00MB0101960D3E311D2E1D4E1C4296A30@CO2PR00MB0101.namprd00.prod.outlook.com> <20161103220326.jz2mtk6s7tvdg55v@thunk.org> <1F305C1D-7228-4084-9F33-8834AAAC82CB@fugue.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1F305C1D-7228-4084-9F33-8834AAAC82CB@fugue.com>
User-Agent: Mutt/1.6.1 (2016-04-27)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/jDVR9Uv2QBIV1G83RdJX7hUhbmI>
Cc: IETF <ietf@ietf.org>, The IESG <iesg@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2016 18:36:24 -0000

   Alas, I'm hard up for time to address this as it deserves. :^(

   But it _is_ very helpful to move to discussing _particular_ remediations;
so I'll take a shot at it.

Ted Lemon <mellon@fugue.com> wrote:
> 
> My understanding is that there are really four possible approaches:

   IMHO, the universe is bigger than four; but let's see if we _can_
divide "omnia Gallia" into four pieces.

> Bounce messages from sites that have p=REJECT; users at those sites
> have to use some other email address for IETF business.

   This is obviously reasonable and _very_ easy to implement.

   (p=reject _means_ "Please reject this if it didn't come from me.")

> Rewrite From: header on messages from sites that have p=REJECT to point
> at discard address

   This doesn't seem helpful (for various reasons I won't list).

   But why limit this option to "discard" addresses? There's quite a
universe of other rewrite options which could actually reach the sender.

   Also, there's quite a universe of even "discard" addresses which could
properly identify the sender: why not specify that the "discard" address
uniquely identify the actual sender?

> Rewrite all From: headers to point at discard address

   This breaks things for participants experiencing no problems now. I
would hope we could start from a "do no harm" paradigm.

   (I know Ted has requested a list of potential harms: I may get around
to writing one; but I think this is the wrong thread for it. As an operator
I found from painful experience that it's impossible to consider _every_
possible harm before taking a seemingly-harmless action.)

> Rewrite all From: headers to reply to addresses that forward to senders
> for senders with p=REJECT

   Oops! That was option #4.

   Ted certainly left out most of the universe.

   First examle: I consider this a subcase of #2: why should we harm folks
not seeing any problem?

   Second example: there's the universe of "solutions" involving forwarding
to a special-purpose server which could implement different strokes for
different folks... There's no satisfactory reason to limit our consideration
to excluding things our current version of Mailman doesn't know how to do.

   (The rest of the email I'm responding to discusses what "discard" means:
I see no reason to enter that flame-war. Also, I choose not to take sides
among the choices in _this_ email.)

--
John Leslie <john@jlc.net>

v2.23.0 | Report a Bug | By Email