From nobody Sun Jun 7 14:57:44 2015 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4A371ACEC6 for ; Sun, 7 Jun 2015 14:57:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.7 X-Spam-Level: X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TpoUEJZzwFSc for ; Sun, 7 Jun 2015 14:57:40 -0700 (PDT) Received: from mail-pa0-x233.google.com (mail-pa0-x233.google.com [IPv6:2607:f8b0:400e:c03::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0EC81ACEC4 for ; Sun, 7 Jun 2015 14:57:40 -0700 (PDT) Received: by pacyx8 with SMTP id yx8so45466518pac.2 for ; Sun, 07 Jun 2015 14:57:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=etlnyyW1g9dszGsJRNe8t3h5RJTZlnCT9Pa5kUYdVbM=; b=aa3e8M1XHnyjsJMSumTnALUOWFLeim43FdbrlQNAGzSE6uKMUcU1MTB6CiSHL/KmK1 2zJvwaK6UsuR0NYcwItzByS+EIhqB3SubX01Akjfikb4zTj6tslxdpOkpVP6et//vr7E pWjm9P3VIBQtnme8ykdgkT9fmjdzyPgRlYyHBbu6xOhOrASCajdJpm1KZxDhv79UiPGE 8Nke4CUb8C4yOhCoLdGL46S4q0V9SF6mdtIlTrNYwEMlbrTGnzr4+hAJvNoKKhli1ZVM wXxdL6vaPMoPsvdFvoaNCaMiHzohODnrL2JMcjQazVozHrEjmqR+6oOKuhGvHsgjdlLI +T0Q== X-Received: by 10.68.252.38 with SMTP id zp6mr24234312pbc.159.1433714260107; Sun, 07 Jun 2015 14:57:40 -0700 (PDT) Received: from US-DOUGO-MAC.local (mobile-107-107-57-174.mycingular.net. [107.107.57.174]) by mx.google.com with ESMTPSA id dl5sm468664pbd.78.2015.06.07.14.57.35 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 07 Jun 2015 14:57:38 -0700 (PDT) Message-ID: <5574BE4B.6000004@gmail.com> Date: Sun, 07 Jun 2015 17:57:31 -0400 From: Douglas Otis User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: dmarc@ietf.org References: In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [dmarc-ietf] weak dkim canonicalization X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jun 2015 21:57:42 -0000 On 5/28/15 7:08 PM, Brandon Long wrote: > We've been looking at weak dkim from the angle of reducing what's covered > by the signature... but unfortunately, that takes out the major parts of > the message that we care about. > > I'm wondering if there is a different alternative. > > This starts from the concept of the clean subject, similar to the > reply_regexp setting in mutt ( > http://www.mutt.org/doc/devel/manual.html#reply-regexp). In Gmail, this > same cleaning involves more, where we also strip Fwd type prefixes, as well > as list-prefixes [] and whitespace changes. > > One could imagine a canonicalization of the subject which did something > similar, allowing for most list subject mangling to not affect the > signature for that header. We'd probably also need to de-2047 the header > as well, so the processing was done on the user visible header, not the raw > header. > > Maybe there's some phishing or weirdness in allowing [whatever I want in > brackets] as a prefix, and there is the argument that given a large enough > user population, someone will fall for it... but its certainly better than > ignoring the subject completely. > > Moving on to the body is more complicated. I know the proposal for using > the l= to limit the size of the body that is signed, which could allow for > a footer to be added without breaking the signature. With HTML, it's been > argued that the later part of the message could modify the viewability of > the signed part and do all sorts of nasty things, and that may be true. We > might be able to specify a very specific format for footers, requiring both > an l= and that the rest matched that format, and maybe we could encode that > formating requirement as a canonicalization play, ie that a footer matching > the format would be removed during canonicalization, and one that doesn't, > isn't. Obviously, this may require a lot of work on list admins to move > their footers to a matching format, though if its pure text, that may be > simple enough for the list software to handle. One could also imagine that > an MUA could choose to only display the l= part by default, eliding the > rest the same way Gmail hides signatures and the like (ignore that I > mentioned that we should talk with the MUA folks, of course). > > One could also sign the body as an independent mime part and force footers > into multipart/mixed addendums. > > I realize both of these body changes require modifications to various > intermediate software, where the semi-point of the weak signatures was to > hope that it would pass unharmed and limit the scope of changes that would > be required. > > The final hare brained idea I had was more in the scope of "is this > possible" without actually knowing that myself. > > There are various fingerprinting type algorithms, is it possible to > construct a fingerprint algorithm which one could then sign, and require > the modified body to still match the fingerprint. This may not be possible > in cases where the footer is significantly larger than the original message > text, and I'm pretty ignorant of the actual algorithms to know if any would > work in this case, but it seems to me that this is something we could pose > to people knowledgeable about work in that area to see if there is a > solution. > > Now, the fingerprinting solution may end up being just a more generic > version of l=, ie it may allow for prefix and footers or rewriting links or > something. And it probably wouldn't catch the HTML writing tricks, so > maybe all of that is less useful than one would hope. > > Dear Brandon, See: https://tools.ietf.org/html/draft-otis-dmarc-escape-03 Whether a recipient is able to see a Sender header is less of a concern but its inclusion allows accurate determination of the message source and author. Allowing Group syntax must also consider the effect of its friendly display. Large providers concerned about possible abuse can easily mitigate these issues by establishing a _tpa zone referenced by their DMARC policy assertions to establish a dead simple delegation method. I like the idea of a template able to impose header constraints in a manner similar to that used by John Levine. At the end of the day, S/MINE is likely the lowest hanging fruit with respect to mobile devices. It seems somewhat unlikely third-party services will make use of restrictive DMARC policy. Allowing use of Sender header fields can quickly overcome DMARC’s associated hindered use with third-party services. However a third-party domain is authorized, embedding authorization within stacked DKIM signatures represents higher overhead with impaired ability to effectively respond to abuse. Regards, Douglas Otis From randomdev4@gmail.com Mon Jun 8 05:13:33 2015 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 167891A6FF2 for ; Mon, 8 Jun 2015 05:13:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.95 X-Spam-Level: * X-Spam-Status: No, score=1.95 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ad7gJeydW9_P for ; Mon, 8 Jun 2015 05:13:32 -0700 (PDT) Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 273921A6FE9 for ; Mon, 8 Jun 2015 05:13:29 -0700 (PDT) Received: by wibut5 with SMTP id ut5so84063808wib.1 for ; Mon, 08 Jun 2015 05:13:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=t42WfithIc4kOIZQ9rlHmFTOzNR7H73VJpwoeCrx8SU=; b=NHI+KM6uzevA0rFw4ge0uquuY3KFsqP+S484rrCZRNToxZqpZ7O6IVVE2G8T26ocFt KjZkt9yQEQgztxppW9jy9AMiOfCWLQDjj/i079z/XN+wEN344iZQIuBdqkFedxOKQ3t+ mKnzOqmTrvbt1jnyr+FiGHCmAGeUI4eUV7qqNqVr6JsrsSUSDdYrfXPNbrwbIDaHMAMZ chEaQ4hQaVeCxxJ1DqGFAOscowLfFufwfWEPcgCqQ1dcWYSJTwfrPH5PBL6OtqDNfQKG nQGyf1m9s/w3AjTuP+tUknCq6KBi5DJ2+9rizK0nqYmO6ygwhcvbWcpWtCh3P35XcOL5 NLmA== MIME-Version: 1.0 X-Received: by 10.194.157.194 with SMTP id wo2mr32024850wjb.103.1433765607912; Mon, 08 Jun 2015 05:13:27 -0700 (PDT) Sender: randomdev4@gmail.com Received: by 10.27.14.12 with HTTP; Mon, 8 Jun 2015 05:13:27 -0700 (PDT) Date: Mon, 8 Jun 2015 13:13:27 +0100 X-Google-Sender-Auth: kJ3peQfSkq3AHv2vKn9eQ9oBFR0 Message-ID: From: Tim Smith To: dmarc@ietf.org Content-Type: text/plain; charset=UTF-8 Archived-At: Subject: [dmarc-ietf] Confused about DMARC Reports (ruf/rua) X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2015 15:00:16 -0000 I have a DMARC record that looks like : _dmarc IN TXT "v=DMARC1\;p=none\;rua=mailto:dmarc@example.org\;ruf=mailto:dmarc@example.org\;fo=1:d:s\;adkim=r\;aspf=r\;pct=100\;rf=afrf\;ri=86400\;sp=reject" But I am still receiving reports from hotmail despite DKIM and SPF tests passing ? So I don't understand what hotmail's system's are moaning about ?!? Microsoft Corp.dmarcrep@microsoft.comXXXXXXXXXXXXXXXXXXXXXX@hotmail.com14334912001433577600 example.org r r

none

reject 100 10.3.4.5 1 none pass pass example.org example.org pass example.org pass From nobody Mon Jun 8 08:48:19 2015 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF4741B2F87 for ; Mon, 8 Jun 2015 08:48:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -99.301 X-Spam-Level: X-Spam-Status: No, score=-99.301 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id spl5XQBih1ot for ; Mon, 8 Jun 2015 08:48:10 -0700 (PDT) Received: from secure.winserver.com (pop3.winserver.com [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id A20AA1B2F7B for ; Mon, 8 Jun 2015 08:47:45 -0700 (PDT) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1613; t=1433778461; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=/b9LyqH1ZD9q0NTz8fqeYyDHNKg=; b=tMZqLEvGQPT1J/czOKq5TNx22YB2dBtJ9f78e2XxngJskbr0c25GHK2nIa8ta0 +28n0BUdc9kT/EXXv821rXhpIEvnUvArNWnTJCq87wDo0H/NDApvVapwc7xm+mok jyPXpo3qPWSWkbmBSx4GKQKFAG+01QKjMtEhtGntI36dc= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for dmarc@ietf.org; Mon, 08 Jun 2015 11:47:41 -0400 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; dmarc=pass policy=none author.d=isdg.net signer.d=beta.winserver.com (atps signer); Received: from opensite.winserver.com (beta.winserver.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 3193454669.767.3336; Mon, 08 Jun 2015 11:47:40 -0400 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1613; t=1433778133; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=5PwxFGK PV4aG7iKjynlad9TNycxZQS8pSHL9H3aL39k=; b=Cjf9ZanOwAQwBSl6cuY1KIQ LTRXtxAveQDZ7788zJdx54KtCnBBTQxPN7xkTAcAUKf3L79/IHdWIjve47vPReGA 1uzzjqgooOzZsMq8IBoe8TO2k5yFDmgqdecNV4HiAHvQBqmK/ez4OGhVjPCrk0R/ RrOhtX8cyJqiDt5yU1Lw= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for dmarc@ietf.org; Mon, 08 Jun 2015 11:42:13 -0400 Received: from [192.168.1.2] ([99.121.4.27]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1785702411.9.38092; Mon, 08 Jun 2015 11:42:13 -0400 Message-ID: <5575B91A.2030305@isdg.net> Date: Mon, 08 Jun 2015 11:47:38 -0400 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: Tim Smith , dmarc@ietf.org References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [dmarc-ietf] Confused about DMARC Reports (ruf/rua) X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2015 15:48:17 -0000 I can hardly read these inconsistent formatted reports. Can we turn it off? On 6/8/2015 8:13 AM, Tim Smith wrote: > I have a DMARC record that looks like : > > _dmarc IN TXT > "v=DMARC1\;p=none\;rua=mailto:dmarc@example.org\;ruf=mailto:dmarc@example.org\;fo=1:d:s\;adkim=r\;aspf=r\;pct=100\;rf=afrf\;ri=86400\;sp=reject" > > But I am still receiving reports from hotmail despite DKIM and SPF > tests passing ? So I don't understand what hotmail's system's are > moaning about ?!? > > encoding="utf-8"?>Microsoft > Corp.dmarcrep@microsoft.comXXXXXXXXXXXXXXXXXXXXXX@hotmail.com14334912001433577600 > > example.org > r > r >

none

> reject > 100 > > > > 10.3.4.5 > 1 > > none > pass > pass > > > > example.org > > > example.org > pass > > > example.org > pass > > > > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > > -- HLS From nobody Mon Jun 8 08:56:05 2015 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D638A1B2FA6 for ; Mon, 8 Jun 2015 08:56:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.663 X-Spam-Level: * X-Spam-Status: No, score=1.663 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lyYEwz35kj36 for ; Mon, 8 Jun 2015 08:56:02 -0700 (PDT) Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B12E71B2FA1 for ; Mon, 8 Jun 2015 08:56:02 -0700 (PDT) Received: (qmail 59682 invoked from network); 8 Jun 2015 15:56:10 -0000 Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 8 Jun 2015 15:56:10 -0000 Date: 8 Jun 2015 15:55:39 -0000 Message-ID: <20150608155539.3661.qmail@ary.lan> From: "John Levine" To: dmarc@ietf.org In-Reply-To: Organization: X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Cc: r.and.om.dev.4+dmarc@gmail.com Subject: Re: [dmarc-ietf] Confused about DMARC Reports (ruf/rua) X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2015 15:56:04 -0000 >But I am still receiving reports from hotmail despite DKIM and SPF >tests passing ? So I don't understand what hotmail's system's are >moaning about ?!? Aggregate reports aren't failure reports, they're aggregate reports. They tell you about all incoming mail that purports to be from you and what the recipient thought about it. R's, John From nobody Mon Jun 8 08:56:37 2015 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1D4A1B2FAF for ; Mon, 8 Jun 2015 08:56:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.699 X-Spam-Level: X-Spam-Status: No, score=0.699 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RXVen9SL6sTG for ; Mon, 8 Jun 2015 08:56:29 -0700 (PDT) Received: from mx-out-1.zmailcloud.com (01.zmailcloud.com [192.198.85.104]) by ietfa.amsl.com (Postfix) with ESMTP id D13AF1A90E2 for ; Mon, 8 Jun 2015 08:56:26 -0700 (PDT) Received: from smtp.01.com (smtp.01.com [10.10.0.43]) by mx-out-1.zmailcloud.com (Postfix) with ESMTP id 6DA9C564731; Mon, 8 Jun 2015 10:56:26 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by smtp-out-2.01.com (Postfix) with ESMTP id 5B7FA6020C; Mon, 8 Jun 2015 10:56:26 -0500 (CDT) X-Virus-Scanned: amavisd-new at smtp-out-2.01.com Received: from smtp.01.com ([127.0.0.1]) by localhost (smtp-out-2.01.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hLZeMPexvION; Mon, 8 Jun 2015 10:56:24 -0500 (CDT) Received: from smtp.01.com (localhost [127.0.0.1]) by smtp-out-2.01.com (Postfix) with ESMTP id F24DA60216; Mon, 8 Jun 2015 10:56:23 -0500 (CDT) DKIM-Filter: OpenDKIM Filter v2.8.4 smtp-out-2.01.com F24DA60216 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=peachymango.org; s=61F775A4-4A7F-11E4-A6BB-61E3068E35F6; t=1433778984; bh=BVKa8OeY5taPLgGs8hiXiADTQGppIPVPRC8J8FhwvEY=; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type: Content-Transfer-Encoding; b=kR4z3WuTdhX3+dSTuqllKWV/tFnetmgwdi43p6ZbDFu48dtOrJyUQPFiRamTy7YRQ e9JWEzun5FjLMH3MqaVQXjRbqsEQHEYRSb78+gO3TLrZfLZNEJ8YHMonjN1vgLPdyD 3hTlxRI9zOxcUu9Aadh9A0DYcu3tTwtFbeieLqd4= Received: from localhost (localhost [127.0.0.1]) by smtp-out-2.01.com (Postfix) with ESMTP id DC56C6020D; Mon, 8 Jun 2015 10:56:23 -0500 (CDT) X-Virus-Scanned: amavisd-new at smtp-out-2.01.com Received: from smtp.01.com ([127.0.0.1]) by localhost (smtp-out-2.01.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id lPmfcnZoUrxK; Mon, 8 Jun 2015 10:56:23 -0500 (CDT) Received: from mail-2.01.com (mail.01.com [10.10.0.41]) by smtp-out-2.01.com (Postfix) with ESMTP id B723B6020C; Mon, 8 Jun 2015 10:56:23 -0500 (CDT) Date: Mon, 8 Jun 2015 10:56:19 -0500 (CDT) From: Franck Martin To: Tim Smith Message-ID: <285591897.9605.1433778979218.JavaMail.zimbra@peachymango.org> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Mailer: Zimbra 8.0.5_GA_5839 (ZimbraWebClient - FF38 (Mac)/8.0.5_GA_5839) Thread-Topic: Confused about DMARC Reports (ruf/rua) Thread-Index: H6NQFtMT6BBhSy4T+qbk8rbKN+GBHg== Archived-At: Cc: dmarc@ietf.org Subject: Re: [dmarc-ietf] Confused about DMARC Reports (ruf/rua) X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2015 15:56:35 -0000 ----- Original Message ----- > From: "Tim Smith" > To: dmarc@ietf.org > Sent: Monday, June 8, 2015 5:13:27 AM > Subject: [dmarc-ietf] Confused about DMARC Reports (ruf/rua) > > I have a DMARC record that looks like : > > _dmarc IN TXT > "v=DMARC1\;p=none\;rua=mailto:dmarc@example.org\;ruf=mailto:dmarc@example.org\;fo=1:d:s\;adkim=r\;aspf=r\;pct=100\;rf=afrf\;ri=86400\;sp=reject" > > But I am still receiving reports from hotmail despite DKIM and SPF > tests passing ? So I don't understand what hotmail's system's are > moaning about ?!? > You are getting an aggregate report. Any receiver will send you an aggregate report as long as they got at least one email with your Domain in the From: header. (in general) The aggregate report is to tell you how many emails from your domains the receiver has seen, and which emails passed DMARC and which ones did not and why (in an aggregated fashion)... From nobody Tue Jun 9 03:16:41 2015 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B835E1B2B87 for ; Tue, 9 Jun 2015 03:16:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.601 X-Spam-Level: X-Spam-Status: No, score=-0.601 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ugo6By-sihXJ for ; Tue, 9 Jun 2015 03:16:37 -0700 (PDT) Received: from mx-out-1.zmailcloud.com (01.zmailcloud.com [192.198.85.104]) by ietfa.amsl.com (Postfix) with ESMTP id B7CB31B2B81 for ; Tue, 9 Jun 2015 03:16:37 -0700 (PDT) Received: from smtp.01.com (smtp.01.com [10.10.0.43]) by mx-out-1.zmailcloud.com (Postfix) with ESMTP id 40CCA563E93; Tue, 9 Jun 2015 05:16:37 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by smtp-out-2.01.com (Postfix) with ESMTP id 2F297601CA; Tue, 9 Jun 2015 05:16:37 -0500 (CDT) X-Virus-Scanned: amavisd-new at smtp-out-2.01.com Received: from smtp.01.com ([127.0.0.1]) by localhost (smtp-out-2.01.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id otKvgULVtL4H; Tue, 9 Jun 2015 05:16:37 -0500 (CDT) Received: from smtp.01.com (localhost [127.0.0.1]) by smtp-out-2.01.com (Postfix) with ESMTP id E937860236; Tue, 9 Jun 2015 05:16:36 -0500 (CDT) DKIM-Filter: OpenDKIM Filter v2.8.4 smtp-out-2.01.com E937860236 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=peachymango.org; s=61F775A4-4A7F-11E4-A6BB-61E3068E35F6; t=1433844997; bh=u0Gynd1CQ9Ri2jN6wg42UMsfdaPevYGmWpvH4zpJHnk=; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type: Content-Transfer-Encoding; b=hOE2DXDFOAPJKc/r7wp8P8rABhfI/3Z1B3UfIgXOHgOdKXN62/tux7eEdY15BMfdv LVJhLKbqXxAU8VjhX3OH1PvJKi390J2VJLTvn9y9IuxAT58V8DUFy6jxlB8M8rAMn2 RMma2nTG9LQZQk+WGDxphGN7STSc2zSR+dZ2LXiI= Received: from localhost (localhost [127.0.0.1]) by smtp-out-2.01.com (Postfix) with ESMTP id D25FD60225; Tue, 9 Jun 2015 05:16:36 -0500 (CDT) X-Virus-Scanned: amavisd-new at smtp-out-2.01.com Received: from smtp.01.com ([127.0.0.1]) by localhost (smtp-out-2.01.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id aNS3aIOR-v5g; Tue, 9 Jun 2015 05:16:36 -0500 (CDT) Received: from mail-2.01.com (mail.01.com [10.10.0.41]) by smtp-out-2.01.com (Postfix) with ESMTP id AC824601CA; Tue, 9 Jun 2015 05:16:36 -0500 (CDT) Date: Tue, 9 Jun 2015 05:16:33 -0500 (CDT) From: Franck Martin To: ned+dmarc@mrochek.com Message-ID: <2093626059.24963.1433844993858.JavaMail.zimbra@peachymango.org> In-Reply-To: References: <65726159.97984.1432334680529.JavaMail.zimbra@peachymango.org> <20150522231626.76111.qmail@ary.lan> <01PMB2QF7BNI0000AQ@mauve.mrochek.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Mailer: Zimbra 8.0.5_GA_5839 (ZimbraWebClient - FF38 (Mac)/8.0.5_GA_5839) Thread-Topic: draft-ietf-dmarc-interoperability-02.txt Thread-Index: ThpAu4CfSXoFnin0A+geCVO5NellEw== Archived-At: Cc: dmarc@ietf.org, John Levine Subject: Re: [dmarc-ietf] draft-ietf-dmarc-interoperability-02.txt X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2015 10:16:39 -0000 ----- Original Message ----- > From: ned+dmarc@mrochek.com > To: "John Levine" > Cc: dmarc@ietf.org, franck@peachymango.org > Sent: Saturday, May 23, 2015 7:59:07 AM > Subject: Re: [dmarc-ietf] draft-ietf-dmarc-interoperability-02.txt > > (chair hat off) > > > >Please submit "stuff" that needs to be fixed > > > The worst problem is still section 3.1.2.3 which needs to be deleted, > > since most of what it says is wrong, and what little isn't wrong is > > irrelevant. > > > RFC 6854 is not about EAI, since an ASCII MUA can create mail with an > > empty group From: as easily as an EAI MUA. The assertion that RFC > > 6854 allows empty groups "during the transition period to SMTPUTF8" is > > false. > > RFC 6854 does mention EAI, but only as one of its possible uses. The primary > stated use is for "utomated systems that wish to send email but cannot handle > replies". > > > Empty group syntax has nothing to do with DMARC since there is no > > domain on the From: line to check. From a DMARC point of view, there > > is no difference between a From: with an empty group and one with an > > address in a domain that publishes no DMARC record. > > Agreed. > > > This sentence is completely false. EAI MTAs never downgrade mail in > > transit: > > > If an EAI/SMTPUTF8-aware MTA needs to transmit a message to a non- > > aware MTA, the EAI/SMTPUTF8-aware system may transform the > > RFC5322.From header field of the message to include group syntax to > > allow the non-aware MTA to receive the email. > > Specifically, this sort of downgrading is only defined in the context of an > EAI-aware POP or IMAP server returning a message to a non-EAI-aware client. > While it's true that such a message can be resubmitted to the transport > infrastructure, at that point its a new message, with all that implies. > > An MTA performing such a downgrade in the context of handling EAI mail is > engaging in an egregious standards violation. Talking about such standards > violations is an interoperability document is fine, but (1) The standards > violation aspect needs to be made clear and (2) There needs to at least some > evidence that such things are happening on a wide enough scale to care about. > > As such, I agree with John: This section needs to be deleted. I may not have read everything EAI, but I think the above is not necessarily spelled out in the EAI protocol, and someone not knowing the history of EAI may interpret the spec quite differently. This is why I guess you have operational testing before an RFC get the standard status... Removed, because the EAI paragraphs is about malformed emails and security workaround to defeat DMARC and not the impact DMARC has on email flows. This language could go in a BCP on how to deploy an MTA with DMARC. > > > Section 4.1.2.3 is equally wrong for the same reasons and also needs to go. > > Agreed. > > > Section 4.1.3.1 doesn't mention rewriting the From: address to a valid > > forwarding address in a domain for which the list can sign. It's not > > just me doing it, LISTSERV can do that, it's widely implemented. > > Our list server supports it as well, and it is being used this way. So: > Agreed. Added > > > Take > > out .invalid, nobody does that because (as I discovered and you > > mention) many spam filters dislike From: addresses with domains that > > don't resolve. > > I don't mind mentioning .invalid as long as the problematic nature of > using this mechanism is made clear. > > I think it is, and I too, prefer to document it, rather than omit it From nobody Tue Jun 9 03:20:08 2015 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ECCD1B2B90 for ; Tue, 9 Jun 2015 03:20:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D3GXONgI9OCz for ; Tue, 9 Jun 2015 03:20:07 -0700 (PDT) Received: from mx-out-1.zmailcloud.com (01.zmailcloud.com [192.198.85.104]) by ietfa.amsl.com (Postfix) with ESMTP id E38961B2B8F for ; Tue, 9 Jun 2015 03:20:06 -0700 (PDT) Received: from smtp.01.com (smtp.01.com [10.10.0.43]) by mx-out-1.zmailcloud.com (Postfix) with ESMTP id 9046F5647D7; Tue, 9 Jun 2015 05:20:06 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by smtp-out-1.01.com (Postfix) with ESMTP id 74BA9A032C; Tue, 9 Jun 2015 05:20:06 -0500 (CDT) X-Virus-Scanned: amavisd-new at smtp-out-1.01.com Received: from smtp.01.com ([127.0.0.1]) by localhost (smtp-out-1.01.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wy-as7fuAENc; Tue, 9 Jun 2015 05:20:06 -0500 (CDT) Received: from smtp.01.com (localhost [127.0.0.1]) by smtp-out-1.01.com (Postfix) with ESMTP id D37DEA02AB; Tue, 9 Jun 2015 05:20:05 -0500 (CDT) DKIM-Filter: OpenDKIM Filter v2.8.4 smtp-out-1.01.com D37DEA02AB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=peachymango.org; s=61F775A4-4A7F-11E4-A6BB-61E3068E35F6; t=1433845206; bh=zIVlE2O1ZeTKbZ99BV2u3X7zdY6h51yC20JWWXRpYyg=; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type: Content-Transfer-Encoding; b=E6/vCmJAVd0YSJpMxvBHj4vxV3pb36Gk8LgjiXND+zqO2f51TUNww5bRNBS9/pDq8 zZfJ42TghaSQk9ydh5NdyAIMSk1ykL1/DoottvVQ5U6hkCd/xQWMh2grCnwI1fkiaI NMRtbJm3GzBaGkckt+TAs12FeaH98GKWyxB+JbY0= Received: from localhost (localhost [127.0.0.1]) by smtp-out-1.01.com (Postfix) with ESMTP id B14F4A032C; Tue, 9 Jun 2015 05:20:05 -0500 (CDT) X-Virus-Scanned: amavisd-new at smtp-out-1.01.com Received: from smtp.01.com ([127.0.0.1]) by localhost (smtp-out-1.01.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id UfE-Kee6L9Rv; Tue, 9 Jun 2015 05:20:05 -0500 (CDT) Received: from mail-2.01.com (mail.01.com [10.10.0.41]) by smtp-out-1.01.com (Postfix) with ESMTP id 58130A02AB; Tue, 9 Jun 2015 05:20:05 -0500 (CDT) Date: Tue, 9 Jun 2015 05:20:05 -0500 (CDT) From: Franck Martin To: Hector Santos Message-ID: <1317364682.24974.1433845205216.JavaMail.zimbra@peachymango.org> In-Reply-To: References: <65726159.97984.1432334680529.JavaMail.zimbra@peachymango.org> <20150522231626.76111.qmail@ary.lan> <01PMB2QF7BNI0000AQ@mauve.mrochek.com> <55648BF8.6080205@isdg.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Mailer: Zimbra 8.0.5_GA_5839 (ZimbraWebClient - FF38 (Mac)/8.0.5_GA_5839) Thread-Topic: draft-ietf-dmarc-interoperability-02.txt Thread-Index: k/gkVLBN9BepMq9N3dT9ZYrnYfXuGA== Archived-At: Cc: dmarc@ietf.org Subject: Re: [dmarc-ietf] draft-ietf-dmarc-interoperability-02.txt X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2015 10:20:08 -0000 ----- Original Message ----- > From: "Hector Santos" > To: dmarc@ietf.org > Sent: Tuesday, May 26, 2015 8:06:32 AM > Subject: Re: [dmarc-ietf] draft-ietf-dmarc-interoperability-02.txt > > On 5/23/2015 10:59 AM, ned+dmarc@mrochek.com wrote: > > (chair hat off) > > > > For DMARC, I don't support any form of rewriting the header from. I > don't think the interop report should encourage rewriting or > downgrading. But I am not sure if removal/deleting the section does > that. I think it should say that downgrading or rewriting can cause > more unrelated to DMARC conflicts. The EAI section is removed, because it is about rejecting message that may trivially bypass DMARC, rather than the scope of the document which is what to do to remediate DMARC policy. > > The reports should outline all the related issues that a current and > future MARC implementation may run into. > Future is hard to predict From nobody Tue Jun 9 03:34:30 2015 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C654A1B2BAC; Tue, 9 Jun 2015 03:30:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e9-6yJlVrVLr; Tue, 9 Jun 2015 03:30:45 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A0C881B2BA8; Tue, 9 Jun 2015 03:30:45 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: X-Test-IDTracker: no X-IETF-IDTracker: 6.0.3.p2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20150609103045.6723.29678.idtracker@ietfa.amsl.com> Date: Tue, 09 Jun 2015 03:30:45 -0700 Archived-At: X-Mailman-Approved-At: Tue, 09 Jun 2015 03:34:29 -0700 Cc: dmarc@ietf.org Subject: [dmarc-ietf] I-D Action: draft-ietf-dmarc-interoperability-04.txt X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.15 List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2015 10:30:47 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain-based Message Authentication, Reporting & Conformance Working Group of the IETF. Title : Interoperability Issues Between DMARC and Indirect Email Flows Authors : Franck Martin Eliot Lear Tim Draegen Elizabeth Zwicky Filename : draft-ietf-dmarc-interoperability-04.txt Pages : 20 Date : 2015-06-09 Abstract: DMARC introduces a mechanism for expressing domain-level policies and preferences for email message validation, disposition, and reporting. The DMARC mechanism can encounter interoperability issues when messages do not flow directly from the author's administrative domain to the final recipients. Collectively these email flows are referred to as indirect email flows. This document describes interoperability issues between DMARC and indirect email flows. Possible methods for addressing interoperability issues are presented. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dmarc-interoperability/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-dmarc-interoperability-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dmarc-interoperability-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Tue Jun 9 03:44:55 2015 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F9611B2BAC for ; Tue, 9 Jun 2015 03:44:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R5F8ZBREjkqY for ; Tue, 9 Jun 2015 03:44:53 -0700 (PDT) Received: from mx-out-1.zmailcloud.com (01.zmailcloud.com [192.198.85.104]) by ietfa.amsl.com (Postfix) with ESMTP id 163D81AD481 for ; Tue, 9 Jun 2015 03:44:53 -0700 (PDT) Received: from smtp.01.com (smtp.01.com [10.10.0.43]) by mx-out-1.zmailcloud.com (Postfix) with ESMTP id A0BC756462F for ; Tue, 9 Jun 2015 05:44:52 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by smtp-out-2.01.com (Postfix) with ESMTP id 993BF60236 for ; Tue, 9 Jun 2015 05:44:52 -0500 (CDT) X-Virus-Scanned: amavisd-new at smtp-out-2.01.com Received: from smtp.01.com ([127.0.0.1]) by localhost (smtp-out-2.01.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DbBILcyWsxB4 for ; Tue, 9 Jun 2015 05:44:52 -0500 (CDT) Received: from smtp.01.com (localhost [127.0.0.1]) by smtp-out-2.01.com (Postfix) with ESMTP id 6417D6023D for ; Tue, 9 Jun 2015 05:44:52 -0500 (CDT) DKIM-Filter: OpenDKIM Filter v2.8.4 smtp-out-2.01.com 6417D6023D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=peachymango.org; s=61F775A4-4A7F-11E4-A6BB-61E3068E35F6; t=1433846692; bh=sdsdkwMaHamw68wm3sQdedlmeCBc1PbrsokIFI5KrQI=; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type: Content-Transfer-Encoding; b=Rgf8ppBSuHzx2fMvfcxhyEcPKAEa5wlGmu8cbYYS1VrHsYd75di1rj3neE/1SWHMY uukl7u2zlX9t+f+HfyvL0bMmSqvRXcK7573+7R7ZKYTgBHv/FIbWyB+sBXXnmtkhJg YluyihqM8dWprG8ek2tWUsWQrH4ogV8MQ4jCgeZ4= Received: from localhost (localhost [127.0.0.1]) by smtp-out-2.01.com (Postfix) with ESMTP id 4D5B160237 for ; Tue, 9 Jun 2015 05:44:52 -0500 (CDT) X-Virus-Scanned: amavisd-new at smtp-out-2.01.com Received: from smtp.01.com ([127.0.0.1]) by localhost (smtp-out-2.01.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id jB7TV7uB49j9 for ; Tue, 9 Jun 2015 05:44:52 -0500 (CDT) Received: from mail-2.01.com (mail.01.com [10.10.0.41]) by smtp-out-2.01.com (Postfix) with ESMTP id 2BDB860236 for ; Tue, 9 Jun 2015 05:44:52 -0500 (CDT) Date: Tue, 9 Jun 2015 05:44:52 -0500 (CDT) From: Franck Martin To: dmarc@ietf.org Message-ID: <1600967904.25091.1433846692003.JavaMail.zimbra@peachymango.org> In-Reply-To: References: <20150609103045.6723.29678.idtracker@ietfa.amsl.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Mailer: Zimbra 8.0.5_GA_5839 (ZimbraWebClient - FF38 (Mac)/8.0.5_GA_5839) Thread-Topic: I-D Action: draft-ietf-dmarc-interoperability-04.txt Thread-Index: /WIDNV5qVg00DxgELPk4oNuoe3/TGA== Archived-At: Subject: Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-interoperability-04.txt X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2015 10:44:54 -0000 Not much changes in this one, EAI is out and just an addition on rewriting from EAI removal was planed for a bit, so this round brings really one change. As comments are dying out, are we close to a last call? Please state yes, otherwise send reviews. ----- Original Message ----- From: internet-drafts@ietf.org To: i-d-announce@ietf.org Cc: dmarc@ietf.org Sent: Tuesday, June 9, 2015 3:30:45 AM Subject: [dmarc-ietf] I-D Action: draft-ietf-dmarc-interoperability-04.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain-based Message Authentication, Reporting & Conformance Working Group of the IETF. Title : Interoperability Issues Between DMARC and Indirect Email Flows Authors : Franck Martin Eliot Lear Tim Draegen Elizabeth Zwicky Filename : draft-ietf-dmarc-interoperability-04.txt Pages : 20 Date : 2015-06-09 Abstract: DMARC introduces a mechanism for expressing domain-level policies and preferences for email message validation, disposition, and reporting. The DMARC mechanism can encounter interoperability issues when messages do not flow directly from the author's administrative domain to the final recipients. Collectively these email flows are referred to as indirect email flows. This document describes interoperability issues between DMARC and indirect email flows. Possible methods for addressing interoperability issues are presented. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dmarc-interoperability/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-dmarc-interoperability-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dmarc-interoperability-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc From nobody Tue Jun 9 06:20:02 2015 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3CD51A8728 for ; Tue, 9 Jun 2015 06:20:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.013 X-Spam-Level: X-Spam-Status: No, score=-0.013 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PRSbz7CMg4VC for ; Tue, 9 Jun 2015 06:19:59 -0700 (PDT) Received: from pie.eudaemon.net (pie.eudaemon.net [72.250.241.194]) by ietfa.amsl.com (Postfix) with ESMTP id 39B461A8709 for ; Tue, 9 Jun 2015 06:19:59 -0700 (PDT) Received: from [172.16.16.99] (62-50-200-74.client.stsn.net [62.50.200.74]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pie.eudaemon.net (Postfix) with ESMTPSA id BE37CCB46; Tue, 9 Jun 2015 09:19:35 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) From: Tim Draegen In-Reply-To: <1600967904.25091.1433846692003.JavaMail.zimbra@peachymango.org> Date: Tue, 9 Jun 2015 14:19:55 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <65FEECB9-905B-4B41-A35E-F85D1344986E@eudaemon.net> References: <20150609103045.6723.29678.idtracker@ietfa.amsl.com> <1600967904.25091.1433846692003.JavaMail.zimbra@peachymango.org> To: Franck Martin X-Mailer: Apple Mail (2.2098) Archived-At: Cc: dmarc@ietf.org Subject: Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-interoperability-04.txt X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2015 13:20:01 -0000 > On Jun 9, 2015, at 11:44 AM, Franck Martin = wrote: >=20 > As comments are dying out, are we close to a last call? There will be another revision to pick up a small batch of grammar nits. = Reviews now are appreciated but if you're keen on grammar nits, you = might hold off. =3D- Tim From nobody Tue Jun 9 09:49:12 2015 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 934EE1A0BE8 for ; Tue, 9 Jun 2015 09:49:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.612 X-Spam-Level: X-Spam-Status: No, score=-0.612 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aUeA4buZr0CL for ; Tue, 9 Jun 2015 09:49:09 -0700 (PDT) Received: from mauve.mrochek.com (mauve.mrochek.com [66.159.242.17]) by ietfa.amsl.com (Postfix) with ESMTP id 6457E1A03A3 for ; Tue, 9 Jun 2015 09:49:09 -0700 (PDT) Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01PMYWBG5TIO00W0TB@mauve.mrochek.com> for dmarc@ietf.org; Tue, 9 Jun 2015 09:44:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mrochek.com; s=mauve; t=1433868248; bh=DtP+8iYww2pkBZdlS7H7dVby31gpDcxZ28zFCHVGWcg=; h=From:Cc:Date:Subject:In-reply-to:References:To; b=Eh+g8+ZgbMDXb3tI3acxfSQEYR+ipiui1dQVXcZAm8S5l9ykKSI3+1CVzRfO4UwP2 et9pOLkcaqg0Sgu/7NU5PI+4vafoMhyZWTAy/+LpEqO2r5Fsa2lVvUnCoMOr4M9aa6 gYvfpCFPpA/x8V+6ztNGD+bmUkoqPUplzh2+Yavs= MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: TEXT/PLAIN; CHARSET=us-ascii Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01PMAA9D0GIO0000AQ@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for dmarc@ietf.org; Tue, 09 Jun 2015 09:44:02 -0700 (PDT) From: ned+dmarc@mrochek.com Message-id: <01PMYWBC8P6O0000AQ@mauve.mrochek.com> Date: Tue, 09 Jun 2015 09:40:08 -0700 (PDT) In-reply-to: "Your message dated Tue, 09 Jun 2015 05:16:33 -0500 (CDT)" <2093626059.24963.1433844993858.JavaMail.zimbra@peachymango.org> References: <65726159.97984.1432334680529.JavaMail.zimbra@peachymango.org> <20150522231626.76111.qmail@ary.lan> <01PMB2QF7BNI0000AQ@mauve.mrochek.com> <2093626059.24963.1433844993858.JavaMail.zimbra@peachymango.org> To: Franck Martin Archived-At: Cc: dmarc@ietf.org, John Levine , ned+dmarc@mrochek.com Subject: Re: [dmarc-ietf] draft-ietf-dmarc-interoperability-02.txt X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2015 16:49:10 -0000 > > > If an EAI/SMTPUTF8-aware MTA needs to transmit a message to a non- > > > aware MTA, the EAI/SMTPUTF8-aware system may transform the > > > RFC5322.From header field of the message to include group syntax to > > > allow the non-aware MTA to receive the email. > > > > Specifically, this sort of downgrading is only defined in the context of an > > EAI-aware POP or IMAP server returning a message to a non-EAI-aware client. > > While it's true that such a message can be resubmitted to the transport > > infrastructure, at that point its a new message, with all that implies. > > > > An MTA performing such a downgrade in the context of handling EAI mail is > > engaging in an egregious standards violation. Talking about such standards > > violations is an interoperability document is fine, but (1) The standards > > violation aspect needs to be made clear and (2) There needs to at least some > > evidence that such things are happening on a wide enough scale to care about. > > > > As such, I agree with John: This section needs to be deleted. > I may not have read everything EAI, but I think the above is not necessarily > spelled out in the EAI protocol, In regards to addresses, it's spelled out very explicitly. RFC 6530, section 9: 9. Downgrading in Transit The base SMTP specification (Section 2.3.11 of RFC 5321 [RFC5321]) states that "due to a long history of problems when intermediate hosts have attempted to optimize transport by modifying them, the local-part MUST be interpreted and assigned semantics only by the host specified in the domain part of the address". This is not a new requirement; equivalent statements appeared in specifications in 2001 [RFC2821] and even in 1989 [RFC1123]. Adherence to this rule means that a downgrade mechanism that transforms the local part of an email address cannot be utilized in transit. It can only be applied at the endpoints, specifically by the MUA or submission server or by the final delivery MTA. There's probably text elsewhere that further emphasizes the point, but I didn't bother to look. > and someone not knowing the history of EAI may interpret the spec quite > differently. This is why I guess you have operational testing before an RFC get > the standard status... I don't think "cannot be transformed" is in any way ambiguous. Ned From nobody Wed Jun 10 05:06:49 2015 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A76E51AD190 for ; Wed, 10 Jun 2015 05:06:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -99.302 X-Spam-Level: X-Spam-Status: No, score=-99.302 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dSjovB2lm8rR for ; Wed, 10 Jun 2015 05:06:44 -0700 (PDT) Received: from mail.winserver.com (news.winserver.com [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id 9E8F91AD186 for ; Wed, 10 Jun 2015 05:06:44 -0700 (PDT) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=734; t=1433937994; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=D1rQ9EN7BzF9Et1NbEv+n9s9Cms=; b=rAD53b5yWlNhpsK7w6AaM5zAhEOxXugUsXtsSipUZdwsJ6FwNP032hqTNBZlVf gBQZAOi53oNV8ppkdjBQ3PPrRH0cTvBvL5n3h6ymZti10PInJaT4roXIUIL12YBp 7wrjX12z5xOVVibpTlytNJq8BzauB6vn2Fj1S0rwk8eKc= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for dmarc@ietf.org; Wed, 10 Jun 2015 08:06:34 -0400 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; dmarc=pass policy=none author.d=isdg.net signer.d=beta.winserver.com (atps signer); Received: from hector.wildcatblog.com (opensite.winserver.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 3352986377.1.5864; Wed, 10 Jun 2015 08:06:33 -0400 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=734; t=1433937663; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=BnzH9Vu gzukbFrBOJ+Rqk3M7ER7F0ygkWtSYi+jGih8=; b=UT8tmaDErsbr5E3Bt94uj2q TDO4RF2I1WGdhQbmKAd2BSO8vfbS+kVYEe8aTWYh1qaZiPK4+/PmeW5D4GZ/8qlj wYjJsmAVv9AEi3J31QfNFjxKUVEpp17OBnIloWehJDFeb+XhKydByb8fvI67Oewh xmcujcnYLq3wVjKFOERQ= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for dmarc@ietf.org; Wed, 10 Jun 2015 08:01:03 -0400 Received: from [192.168.1.2] ([99.121.4.27]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1945231380.9.44096; Wed, 10 Jun 2015 08:01:02 -0400 Message-ID: <55782848.1090603@isdg.net> Date: Wed, 10 Jun 2015 08:06:32 -0400 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: Franck Martin References: <65726159.97984.1432334680529.JavaMail.zimbra@peachymango.org> <20150522231626.76111.qmail@ary.lan> <01PMB2QF7BNI0000AQ@mauve.mrochek.com> <55648BF8.6080205@isdg.net> <1317364682.24974.1433845205216.JavaMail.zimbra@peachymango.org> In-Reply-To: <1317364682.24974.1433845205216.JavaMail.zimbra@peachymango.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Cc: dmarc@ietf.org Subject: Re: [dmarc-ietf] draft-ietf-dmarc-interoperability-02.txt X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2015 12:06:47 -0000 On 6/9/2015 6:20 AM, Franck Martin wrote: >> The reports should outline all the related issues that a current and >> future MARC implementation may run into. >> > Future is hard to predict Serious? Frank, This is an INTEROP report. It includes the future in the sense of an existing or perhaps NEW system that MAY want to IMPLEMENT this junk, in the future, and they need/wish/desire to find out the kind of implementation issues that currently exist and will mostly run into it. If EAI (or anything else) is one of those possible messy issues, then you need to talk about it. Don't be intimidated by Levine and Ned. If there is a ESMTP vs SMTP conflict that shows up with DMARC, then describe it. -- HLS