Re: [Tools-discuss] [rt5.ietf.org #6435] Unable to get mail back from alias expansion - expand-mediaman-chairs
Tero Kivinen <kivinen@iki.fi> Thu, 19 May 2022 16:33 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: tools-discuss@ietfa.amsl.com
Delivered-To: tools-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FF8BC1D34E0 for <tools-discuss@ietfa.amsl.com>; Thu, 19 May 2022 09:33:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.955
X-Spam-Level:
X-Spam-Status: No, score=-3.955 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iki.fi
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X765eeucvgdz for <tools-discuss@ietfa.amsl.com>; Thu, 19 May 2022 09:33:33 -0700 (PDT)
Received: from meesny.iki.fi (meesny.iki.fi [195.140.195.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06129C1B92B7 for <tools-discuss@ietf.org>; Thu, 19 May 2022 09:33:32 -0700 (PDT)
Received: from fireball.acr.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kivinen@iki.fi) by meesny.iki.fi (Postfix) with ESMTPSA id D5FBA20034; Thu, 19 May 2022 19:33:27 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1652978008; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Q9w9f6JPv48P7zAqEpXHtWb2QL7DYeYOmkBDDoJ2fo0=; b=LTGf2cuczqee8eENrjymQmachcQJNY3RJgG78D8keErpyplexH+j8fd1AWiAs/qE8C4Y/L cnbGKVvlTD/W2gHPee8rfFSdUJtKLKc5CgRwCLgnzTgHJFWbMpxOIs/VE7uMEYYEXSzHvq YjbS5xkSdgLoGWoH41+WI/tThhP9Dgc=
Received: by fireball.acr.fi (Postfix, from userid 15204) id 56AD525C1299; Thu, 19 May 2022 19:33:27 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <25222.29015.286832.988532@fireball.acr.fi>
Date: Thu, 19 May 2022 19:33:27 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Carsten Bormann <cabo@tzi.org>
Cc: Michael Richardson <mcr@sandelman.ca>, Harald Alvestrand <harald@alvestrand.no>, tools-discuss@ietf.org
In-Reply-To: <16E5BF41-F2D5-45F7-A80D-90E6C96678CC@tzi.org>
References: <rt-5.0.1-61158-1652918204-1888.6435-5-0@rt5.ietf.org> <a5e072c6-b370-0134-af78-1fb2f2762b01@alvestrand.no> <3297556F-6FC2-4A43-9B59-3E2544BAABA6@tzi.org> <713753.1652961995@dooku> <16E5BF41-F2D5-45F7-A80D-90E6C96678CC@tzi.org>
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 14 min
X-Total-Time: 13 min
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1652978008; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Q9w9f6JPv48P7zAqEpXHtWb2QL7DYeYOmkBDDoJ2fo0=; b=hCfWzYac6jhIkg0ni5hxqbsrawjf8bwFp/e97A2JBMc676mFdiJz9kzEGhlfEU3hhd56B6 MFCsVoM/+8mA8ADT1aB7dUFEhFk8h4QiqQqE/QSwFRL/kiv45AxC1mDBE+4FLtIYSXxzqX 8fDxL8O23RS0TBcyJPTMgVE+vPZdR1s=
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen@iki.fi smtp.mailfrom=kivinen@iki.fi
ARC-Seal: i=1; s=meesny; d=iki.fi; t=1652978008; a=rsa-sha256; cv=none; b=W59RJN62IQme/3a/D/hsIRrY2+6Drh2HaKHuLwFpRxjntZViJ2AA0+D4114E9/IGKNxlC4 8Rv49UjtLdDX66hDUCRYdclxtLbV+BFyAhbj1Me+hsHdBzU5Ul4gDNIlwvtpU+sWZOgyOH qjfVbv37mic1X8djLbUTUz5I3EWJpPg=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tools-discuss/HGTGfv1dP0y2yn0AO550nkpCbuI>
Subject: Re: [Tools-discuss] [rt5.ietf.org #6435] Unable to get mail back from alias expansion - expand-mediaman-chairs
X-BeenThere: tools-discuss@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF Tools Discussion <tools-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tools-discuss>, <mailto:tools-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tools-discuss/>
List-Post: <mailto:tools-discuss@ietf.org>
List-Help: <mailto:tools-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tools-discuss>, <mailto:tools-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2022 16:33:35 -0000
Carsten Bormann writes: > > > > I think that the IETF should have rejected all email from sites > > with a p=reject policy. That would have made many of the problems > > apparent to the senders. > > The problem already is apparent. > > Victim blaming is not the solution. We are the victim, the dmarc policy people are the offenders... We are not blaming the victims, we are blaming people who configure their systems in a way which is incompatible with the way ietf mail systems work. > Fixing the problem (doing DMARC rewrite workaround games) is the > solution. That is not really a solution, as it causes other problems. Changing the both the from and envelope from address do allow emails to go through, but that causes all kind of user interface issues and usability problems. Using term "workaround games" just indicates that you see that too... Proper solution is to get rid of SPF, and make sure people use DKIM and ARC, and configure the systems so that they do not reject emails based on SPF etc failures, but just mark the email having unverifable sender. What we would need is to have better way of verifying ARC signers, i.e., have a away of finding whether specific signer can be trusted for certain email (not sure if that is problem that can be solved). Rejecting emails because the SPF fails is just wrong. Marking it is proper way to combat phishing. > The only viable solution is not having the problem in the first > place (i.e., not doing forwarding without rewriting). That is just replacing one set of issues with other set of issues. It does somewhat work with mailing lists (where the sender is assumed to be reachable by the sending reply to the list), it does not work properly on the temporary aliases like draft aliases. -- kivinen@iki.fi
- [Tools-discuss] Fwd: [rt5.ietf.org #6435] Unable … Harald Alvestrand
- Re: [Tools-discuss] [rt5.ietf.org #6435] Unable t… Carsten Bormann
- Re: [Tools-discuss] [rt5.ietf.org #6435] Unable t… Harald Alvestrand
- Re: [Tools-discuss] [rt5.ietf.org #6435] Unable t… Michael Richardson
- [Tools-discuss] Fwd: [rt5.ietf.org #6435] Unable … Tero Kivinen
- Re: [Tools-discuss] [rt5.ietf.org #6435] Unable t… Carsten Bormann
- Re: [Tools-discuss] [rt5.ietf.org #6435] Unable t… Tero Kivinen
- Re: [Tools-discuss] Fwd: [rt5.ietf.org #6435] Una… Michael Richardson
- Re: [Tools-discuss] Fwd: [rt5.ietf.org #6435] Una… Tero Kivinen