Re: DMARC: perspectives from a listadmin of large open-source lists

John C Klensin <john-ietf@jck.com> Mon, 14 April 2014 03:44 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE4BE1A032C for <ietf@ietfa.amsl.com>; Sun, 13 Apr 2014 20:44:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.973
X-Spam-Level:
X-Spam-Status: No, score=-0.973 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.272] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2ZOLSNm05UnA for <ietf@ietfa.amsl.com>; Sun, 13 Apr 2014 20:44:44 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) by ietfa.amsl.com (Postfix) with ESMTP id 35DCB1A0328 for <ietf@ietf.org>; Sun, 13 Apr 2014 20:44:44 -0700 (PDT)
Received: from [198.252.137.115] (helo=JcK-HP8200.jck.com) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1WZXoi-000417-S0; Sun, 13 Apr 2014 23:44:20 -0400
Date: Sun, 13 Apr 2014 23:44:15 -0400
From: John C Klensin <john-ietf@jck.com>
To: John R Levine <johnl@taugh.com>, Dave Crocker <dcrocker@bbiw.net>, IETF general list <ietf@ietf.org>
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
Message-ID: <E0B7196CB2603B80BBEC21AF@JcK-HP8200.jck.com>
In-Reply-To: <alpine.BSF.2.00.1404132327560.26258@joyce.lan>
References: <20140414024956.26078.qmail@joyce.lan> <534B524F.4050206@dcrocker.net> <alpine.BSF.2.00.1404132327560.26258@joyce.lan>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.115
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/uEIqOKGp5xg9p7pwEXjlTzT0vW8
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 03:44:45 -0000

--On Sunday, April 13, 2014 23:28 -0400 John R Levine
<johnl@taugh.com> wrote:

>>> Yes, that's the 1980s percent hack.
> 
>> intended recipient.  While a bit inefficient -- and probably
>> will emerge as  an attack vector (sigh) -- it's a plausible
>> mechanism.
> 
> Right -- something is seriously wrong with DMARC as used if we
> need to invent new phish syntaxes to work around it.

Sadly, there are a non-trivial number of MTA installations whose
implementers or operators, having discovered that they had not
seen a legitimate use of the percent hack in years, decided that
they were about as likely to appear in legitimate messages as
source routing and dealt with them accordingly.  Put more
simply, a "%" in a local-part may be least as likely to get a
message rejected or dumped as a badly specified DMARC record, so
the one is really not a very good cure for the other.

    john