IETF Logo Mail Archive

Re: yet more DMARC stuff, was Re: Mailing list membership.

Brandon Long <blong@google.com> Mon, 13 March 2017 21:05 UTC

Return-Path: <blong@google.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13DF91294DD for <ietf@ietfa.amsl.com>; Mon, 13 Mar 2017 14:05:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5En8Ro2e-FIy for <ietf@ietfa.amsl.com>; Mon, 13 Mar 2017 14:05:07 -0700 (PDT)
Received: from mail-yw0-x230.google.com (mail-yw0-x230.google.com [IPv6:2607:f8b0:4002:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36FDB129AF5 for <ietf@ietf.org>; Mon, 13 Mar 2017 14:05:07 -0700 (PDT)
Received: by mail-yw0-x230.google.com with SMTP id v76so67455110ywg.0 for <ietf@ietf.org>; Mon, 13 Mar 2017 14:05:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=TM58aaEjK/+H58RbvRgHhk2k/LI9Mctde3MreezyEVU=; b=MhnfAwCnxN5/Fo1Ql9jIiRkrVva9hjggoh3ouetVy7C8YhHfbg49UJqd1l/Fr6SSn7 EGG5EX2OaXj1v1eoR7wB5mswAm26Q62b/I490FfAI1hMGjP1T3lCx0wczipauhnKX2ig 4F6mAgYt2dVXYOBYBrrFkWbIvFykzC9tBRbiVPi3SVNJ/UBwUeeI89XU3zH2edQLzym7 yR6ygzs829LE26c+2zDCwrscHjitJhpOghjD0tIfJ4lRn8+AQxJeqL/4p7usMhkqqL5G NxYzPEF7AjoK4oext+gcECEGSgrnTZKY6+pmnjUQ2KySMpV/LWwipq5c9mgOGA6ilGSV eIYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=TM58aaEjK/+H58RbvRgHhk2k/LI9Mctde3MreezyEVU=; b=bJg4OXaay5A4V0JywZcus03UTLhKZdwaeVFRi8XjthIvnEcyb1F66xxJ+8HGuf0g6z HwtYDgEKf3c3lo08C26KGlBLFuQxdvP1IJMG8RT8q1TmoJwh34pfLwYDPLMwUL4Y0SyQ 1CCIY+eKdND4iwpN5cZJdUpS9ceWZm4qX310wzqdddb/3czSPtrjSm6nz44nxdlccS4z /ZfQ0IXTUabWZekbH0CiBDxv3grpFwJqk5AWapFlgKqd46dfRy2rbOosefIirs04sfWm ha/o6jKY8y/UhJFM4rZKAgyVUA8HKI2FO35c/ODstWIW4w8FNSrlzAP6r9Yq2j5WMutx cj2g==
X-Gm-Message-State: AFeK/H1QNwQUz86ouEP3lHccubv99AxIfPpFNdf3J+sA82BUSpImyniiraXTHPjd2SvoPYVHqYXRwdmbSKlOWnkI
X-Received: by 10.37.192.16 with SMTP id c16mr16404234ybf.195.1489439105825; Mon, 13 Mar 2017 14:05:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.220.11 with HTTP; Mon, 13 Mar 2017 14:05:04 -0700 (PDT)
In-Reply-To: <m1cnWU5-0000EaC@stereo.hq.phicoh.net>
References: <alpine.OSX.2.20.1703131838100.54839@ary.local> <m1cnWU5-0000EaC@stereo.hq.phicoh.net>
From: Brandon Long <blong@google.com>
Date: Mon, 13 Mar 2017 14:05:04 -0700
Message-ID: <CABa8R6sgcmANj+F=8MLDAhWCphasBTJTQizFKQUd=2bieeXemA@mail.gmail.com>
Subject: Re: yet more DMARC stuff, was Re: Mailing list membership.
To: Philip Homburg <pch-ietf-6@u-1.phicoh.com>
Content-Type: multipart/alternative; boundary="001a113a119ad1d433054aa310de"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/nlkzFEm82S7alh54i2AvT_yCoYM>
Cc: John R Levine <johnl@taugh.com>, IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 21:05:10 -0000

https://support.google.com/mail/answer/81126?hl=en#authentication see
"Additional guidelines for IPv6"

Right now, it's basically an OR between the two instead of AND, though as
with any rule, there are exceptions.  We also still do "best guess" style
SPF auth, so if you set your PTR records right, you may be getting SPF for
"free" from us.

And it's always subject to change based on spamminess.

If your work around is to use ip4 to send to us, that's fine.  The
percentage of spam mail on ip6 is higher than on ip4.  Our own outgoing
code makes choices on whether to use ip6 or ip4 based on expected
authentication level, and it is ugly.  I don't like ugly, but I don't like
spam either.

Brandon

On Mon, Mar 13, 2017 at 1:22 PM, Philip Homburg <pch-ietf-6@u-1.phicoh.com>
wrote:

> In your letter dated 13 Mar 2017 18:43:21 +0100 you wrote:
> >Nor is gmail, which also requires that incoming IPv6 mail be authenticated
> >with SPF or DKIM.  They know what they are doing, and they have decided
> >that the amount of legit mail they will lose by doing this is
> >insignificant compared to the improvement in the amount of spam and
> >malware they will be able to filter.
>
> That's not correct, unless gmail made an exception for my home mail server.
>
> Getting mail delivered to gmail over IPv6 works most of the time without
> ever setting up SPF or DKIM. Gmail does seem to be the single most
> unreliable mail server that I know of, mostly due to their attempts
> to be more strict on IPv6.
>
> What gmail does require is reverse DNS for IPv6.
>
>

v2.23.0 | Report a Bug | By Email