Re: What I've been wondering about the DMARC problem

"Murray S. Kucherawy" <superuser@gmail.com> Mon, 21 April 2014 17:25 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40B6E1A0031 for <ietf@ietfa.amsl.com>; Mon, 21 Apr 2014 10:25:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vEnDQWp4t-QK for <ietf@ietfa.amsl.com>; Mon, 21 Apr 2014 10:25:06 -0700 (PDT)
Received: from mail-we0-x234.google.com (mail-we0-x234.google.com [IPv6:2a00:1450:400c:c03::234]) by ietfa.amsl.com (Postfix) with ESMTP id 4CF811A0015 for <ietf@ietf.org>; Mon, 21 Apr 2014 10:25:06 -0700 (PDT)
Received: by mail-we0-f180.google.com with SMTP id k48so828443wev.11 for <ietf@ietf.org>; Mon, 21 Apr 2014 10:25:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=OWG1Nk0KSCOWtFKrmNcl+ZaBvFVLvFAIeec1uue6Tb0=; b=VlbErSXpDusnvCwB0Ir1B2LSdS2WwbKyEvSHZLQp+J0J+gM1y8nvZTXZGMkLgAWEYD yIimWTVLeGDJcx0f+fOp1o0DjRmTB3uN7zhhSRr+Knz5Ugjlus6At8+ki1PZgr5CvuLG d0Qc5W6T27QXDi2KCP0fXVDdlW22Nmoiaxf6Q/z6+6Lu3SCVMhtRKSfP1huuewaZpX1+ z4cmDb2/83lNlTcUnY8DK/nKzUYczgRdSjKTl7JUAT2l4l9hp+qWFnKU0kWPLKOa5D3G uffcMa+ONz0nPh9YuPeJDILVDycoSAv5agEJa/D0vE8Jjf4LNhnFdGvC1SCwgllm7gY7 qb1A==
MIME-Version: 1.0
X-Received: by 10.180.211.116 with SMTP id nb20mr14746640wic.5.1398101100727; Mon, 21 Apr 2014 10:25:00 -0700 (PDT)
Received: by 10.180.211.40 with HTTP; Mon, 21 Apr 2014 10:25:00 -0700 (PDT)
In-Reply-To: <01P6TRV1PBB000004W@mauve.mrochek.com>
References: <534ED376.8060303@bluepopcorn.net> <20140418013433.2763.qmail@joyce.lan> <CAL0qLwY4xVrPwABRhv90JSRF8wta0P5OCw_UWzVYOyUZk2-W4Q@mail.gmail.com> <01P6TRV1PBB000004W@mauve.mrochek.com>
Date: Mon, 21 Apr 2014 10:25:00 -0700
Message-ID: <CAL0qLwbordSBeAhEuwsb2GBkoiickdOebz7TwZODXDgw8EfezA@mail.gmail.com>
Subject: Re: What I've been wondering about the DMARC problem
From: "Murray S. Kucherawy" <superuser@gmail.com>
To: Ned Freed <ned.freed@mrochek.com>
Content-Type: multipart/alternative; boundary=001a11c26ab478128304f790c7f4
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/lVmtIhWGmiiZ1dSkDnhOFvXlPrc
Cc: Jim Fenton <fenton@bluepopcorn.net>, John Levine <johnl@taugh.com>, ietf <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Apr 2014 17:25:11 -0000

On Sat, Apr 19, 2014 at 8:31 AM, Ned Freed <ned.freed@mrochek.com> wrote:

>
> > > >"If the RFC5322.From domain does not exist in the DNS, Mail Receivers
> > > >SHOULD direct the receiving SMTP server to reject the message."
> > >
> > > As far as I can tell, that bit of poor advice hasn't been implemented.
>
> > Why is that poor advice?  It's not uncommon for an MTA receiving mail to
> > confirm that the message is replyable, at least insofar as an A and MX
> are
> > available for whatever comes after the "@".
>
> It's outrageously poor advice, for the simple reason that there's all
> kinds of
> legitimate email that's sent for all kinds of different reasons that you
> don't
> want people to be able to reply to. And the sooner they get a failure when
> they
> try and reply, the better.
>
> As such, the ability to reply to the RFC5322.From tells you almost nothing
> about its legitimacy.
>
> It's yet another case where a failure to consider the multiple semamtics
> field like RFC5322.From has, and designing to a subset of those designs,
> ends up screwing things up.
>

If you say so, but I can't think of an example off the top of my head.  Is
that still a currently-used tactic?  Most of the examples I can think of
involve a valid address that produces an automated response when someone
replies, rather than using something that is completely unreachable.

I seem to recall common use of From: field validation back when that
capability was introduced into open source sendmail as an anti-spam tactic,
though it was never supported by the vendor directly.  Maybe it's less
common now.

-MSK