Re: What I've been wondering about the DMARC problem

ned+ietf@mauve.mrochek.com Mon, 21 April 2014 18:54 UTC

Return-Path: <ned+ietf@mauve.mrochek.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5FE11A0241 for <ietf@ietfa.amsl.com>; Mon, 21 Apr 2014 11:54:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.174
X-Spam-Level:
X-Spam-Status: No, score=-2.174 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.272, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4qWfK7TBBpaP for <ietf@ietfa.amsl.com>; Mon, 21 Apr 2014 11:54:03 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.159.242.17]) by ietfa.amsl.com (Postfix) with ESMTP id 0DF331A0240 for <ietf@ietf.org>; Mon, 21 Apr 2014 11:54:03 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P6WO15JLCW006A4L@mauve.mrochek.com> for ietf@ietf.org; Mon, 21 Apr 2014 11:48:57 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P6SVAPGZY800004W@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for ietf@ietf.org; Mon, 21 Apr 2014 11:48:48 -0700 (PDT)
From: ned+ietf@mauve.mrochek.com
Message-id: <01P6WO10FRGY00004W@mauve.mrochek.com>
Date: Mon, 21 Apr 2014 11:42:25 -0700 (PDT)
Subject: Re: What I've been wondering about the DMARC problem
In-reply-to: "Your message dated Mon, 21 Apr 2014 10:25:00 -0700" <CAL0qLwbordSBeAhEuwsb2GBkoiickdOebz7TwZODXDgw8EfezA@mail.gmail.com>
References: <534ED376.8060303@bluepopcorn.net> <20140418013433.2763.qmail@joyce.lan> <CAL0qLwY4xVrPwABRhv90JSRF8wta0P5OCw_UWzVYOyUZk2-W4Q@mail.gmail.com> <01P6TRV1PBB000004W@mauve.mrochek.com> <CAL0qLwbordSBeAhEuwsb2GBkoiickdOebz7TwZODXDgw8EfezA@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/oRF0g9EFbEPHhPclw_TbD7lA5rY
Cc: Jim Fenton <fenton@bluepopcorn.net>, John Levine <johnl@taugh.com>, Ned Freed <ned.freed@mrochek.com>, ietf <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Apr 2014 18:54:07 -0000

> On Sat, Apr 19, 2014 at 8:31 AM, Ned Freed <ned.freed@mrochek.com> wrote:

> >
> > > > >"If the RFC5322.From domain does not exist in the DNS, Mail Receivers
> > > > >SHOULD direct the receiving SMTP server to reject the message."
> > > >
> > > > As far as I can tell, that bit of poor advice hasn't been implemented.
> >
> > > Why is that poor advice?  It's not uncommon for an MTA receiving mail to
> > > confirm that the message is replyable, at least insofar as an A and MX
> > are
> > > available for whatever comes after the "@".
> >
> > It's outrageously poor advice, for the simple reason that there's all
> > kinds of
> > legitimate email that's sent for all kinds of different reasons that you
> > don't
> > want people to be able to reply to. And the sooner they get a failure when
> > they
> > try and reply, the better.
> >
> > As such, the ability to reply to the RFC5322.From tells you almost nothing
> > about its legitimacy.
> >
> > It's yet another case where a failure to consider the multiple semamtics
> > field like RFC5322.From has, and designing to a subset of those designs,
> > ends up screwing things up.
> >

> If you say so, but I can't think of an example off the top of my head.

What planet are you on? I get mail with intentionally invalid From: fields all
the time. The domain usuall (but not always) exists, but the mailbox returns an
error.

I also get mail that says something like "this goes to a mailbox that's
unmonitored" somewhere in the message. But rather less of that.

> Is
> that still a currently-used tactic?  Most of the examples I can think of
> involve a valid address that produces an automated response when someone
> replies, rather than using something that is completely unreachable.

Autoresponders for such things produce blowback spam. Not good. If the mailbox
is valid, it's usually a black hole.

Indeed, while I cannot talk about the details, I know there was a lawsuit
against an ISP that was doing this sort of checking very aggressively and
blocking lots of legitimate email. The ISP lost and was forced to remove this
check.

> I seem to recall common use of From: field validation back when that
> capability was introduced into open source sendmail as an anti-spam tactic,
> though it was never supported by the vendor directly.  Maybe it's less
> common now.

A lot less common. See above.

				Ned