Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

On Apr 14, 2023, at 8:37 PM, Dotzero wrote:On Fri, Apr 14, 2023 at 2:00 PM Laura Atkins wrote:On 14 Apr 2023, at 18:38, Alessandro Vesely wrote:On Wed 12/Apr/2023 13:41:16 +0200 Laura Atkins wrote:On 12 Apr 2023, at 12:21, Douglas Foster

Re: [dmarc-ietf] Example of Indirect Mail Flow Breakage with p=reject?

Perfect. The goal is working towards consensus is to find something we can live with, so that's exactly what I was hoping for. I don't think it's ideal either, but I can live with it. Scott K On Friday, April 14, 2023 10:43:24 PM EDT Mark Alley wrote: > Its not ideal, but I could live with

Re: [dmarc-ietf] Signaling MLMs

On Friday, April 14, 2023 10:31:33 PM EDT Jesse Thompson wrote: > On Fri, Apr 14, 2023, at 7:17 PM, Murray S. Kucherawy wrote: > > The Sender's users being denied the ability to participate in a list due > > to its policies seems to me like it puts this customer service problem > > where it

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

On Fri, Apr 14, 2023 at 9:47 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote: > These decisions are made in the light of ransomware attacks that have shut > down critical social infrastructure like city governments and hospital > systems. > > The proceeds from Internet-based fraud

Re: [dmarc-ietf] Signaling MLMs

On Fri, Apr 14, 2023 at 7:32 PM Jesse Thompson wrote: > On Fri, Apr 14, 2023, at 7:17 PM, Murray S. Kucherawy wrote: > > The Sender's users being denied the ability to participate in a list due > to its policies seems to me like it puts this customer service problem > where it belongs. > > >

Re: [dmarc-ietf] Example of Indirect Mail Flow Breakage with p=reject?

Its not ideal, but I could live with that. That's somewhat less ambiguous than [general purpose] domains, but still ambiguous; the Appendix or the same section could easily clarify "unrestrictive usage policies", and then maybe the appendix, as you say, could cover the known issues and

Re: [dmarc-ietf] Signaling MLMs

On Fri, Apr 14, 2023, at 7:17 PM, Murray S. Kucherawy wrote: > The Sender's users being denied the ability to participate in a list due to > its policies seems to me like it puts this customer service problem where it > belongs. Let's say, tomorrow, IETF configures this list to reject Todd's

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

On Fri, Apr 14, 2023 at 6:47 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote: > Unless a mailing list has controls in place to ensure that EVERY post > comes from the asserted participant, it is the height of hypocrisy to ask > an evaluator to assume that the post is from the

Re: [dmarc-ietf] Author vs Signer Domains

If you meant "external ESPs are applying DMARC per spec according to RFC7489 6.6.2 step #5" that would be more accurate. The prescribed method is, "If *one or more of the Authenticated Identifiers* align with the RFC5322.From domain, the message is considered to pass the DMARC mechanism check."

Re: [dmarc-ietf] Author vs Signer Domains

> On Apr 14, 2023, at 6:42 PM, Hector Santos > wrote: > > On 4/14/2023 7:31 PM, Dotzero wrote: >> On Fri, Apr 14, 2023 at 5:55 PM Hector Santos >> mailto:40isdg@dmarc.ietf.org>> wrote: >> >>Yes, it is simple DeMorgan’s Theorem where you use >>short-circuiting logic. >> >>

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

These decisions are made in the light of ransomware attacks that have shut down critical social infrastructure like city governments and hospital systems. The proceeds from Internet-based fraud are funding groups like Boko Haram that kidnaps girls into sex slavery, boys into child soldiering, and

[dmarc-ietf] Author vs Signer Domains

On 4/14/2023 7:31 PM, Dotzero wrote: On Fri, Apr 14, 2023 at 5:55 PM Hector Santos > wrote: Yes, it is simple DeMorgan’s Theorem where you use short-circuiting logic. DMARC says that any FAIL calculated via SPF or DKIM is an overall DMARC

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

On Fri, Apr 14, 2023 at 12:37 PM Dotzero wrote: > While the you part of "we" may not see any advantages, quite a few > financials, greeting card sites, retailers AND many receivers have seen the > advantages, including p=reject. One thing I've learned over the years is > that it is presumptuous

Re: [dmarc-ietf] Signaling MLMs

On Fri, Apr 14, 2023, 14:51 Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote: > Interoperability problems occur because MLMs believe they are exempt from > the security problems that lesser mortals face. > This isn't true. Interoperability problems started when senders posted a

Re: [dmarc-ietf] Example of Indirect Mail Flow Breakage with p=reject?

On Friday, April 14, 2023 5:54:06 PM EDT Dotzero wrote: > Barry wrote: > > " The idea is MUST NOT because it harms interop with long-standing > deployments. If you decide you're more important than that, you do > what you want and there it is. It's as simple as that" > > I could live with the

Re: [dmarc-ietf] Signaling MLMs

On Fri, Apr 14, 2023 at 5:55 PM Hector Santos wrote: > Yes, it is simple DeMorgan’s Theorem where you use short-circuiting logic. > > DMARC says that any FAIL calculated via SPF or DKIM is an overall DMARC > failure. In standard boolean logic is it an OR condition: > > IF SPF FAILS or DKIM

Re: [dmarc-ietf] Example of Indirect Mail Flow Breakage with p=reject?

On Apr 14, 2023, at 2:54 PM, Dotzero wrote:On Thu, Apr 13, 2023 at 9:52 PM Barry Leiba wrote:> I don’t think folks are objecting to cautionary language.  I think > folks are objecting to a blanket MUST NOT.  If we're going to qualify > the MUST NOT with a bunch of

Re: [dmarc-ietf] Signaling MLMs

Yes, it is simple DeMorgan’s Theorem where you use short-circuiting logic. DMARC says that any FAIL calculated via SPF or DKIM is an overall DMARC failure. In standard boolean logic is it an OR condition: IF SPF FAILS or DKIM FAILS Then Reject. I hope you can understand this technical

Re: [dmarc-ietf] Example of Indirect Mail Flow Breakage with p=reject?

On Thu, Apr 13, 2023 at 9:52 PM Barry Leiba wrote: > > I don’t think folks are objecting to cautionary language. I think > > folks are objecting to a blanket MUST NOT. If we're going to qualify > > the MUST NOT with a bunch of language, that's a bit different. The > > original proposal was:

Re: [dmarc-ietf] Signaling MLMs

Interoperability problems occur because MLMs believe they are exempt from the security problems that lesser mortals face. I am not obligated to deliver every message that arrives for my users. If DMARC causes an evaluator to block a message that his user wants, they have a customer service

Re: [dmarc-ietf] Signaling MLMs

Hector, it sounds like you are saying that SPF is all we need, so scrap DMARC. If it is something else please clarify. Doug On Fri, Apr 14, 2023, 4:44 PM Hector Santos wrote: > > > On Apr 14, 2023, at 3:20 PM, Murray S. Kucherawy > wrote: > > On Fri, Apr 14, 2023 at 10:20 AM Alessandro

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

On Fri, Apr 14, 2023 at 4:25 PM John Levine wrote: > It appears that Dotzero said: > >While the you part of "we" may not see any advantages, quite a few > >financials, greeting card sites, retailers AND many receivers have seen > the > >advantages, including p=reject. ... > > The advantages

Re: [dmarc-ietf] Signaling MLMs

> On Apr 14, 2023, at 3:20 PM, Murray S. Kucherawy wrote: > > On Fri, Apr 14, 2023 at 10:20 AM Alessandro Vesely > wrote: >> On Fri 14/Apr/2023 15:47:12 +0200 Scott Kitterman wrote: >> > On April 14, 2023 1:29:58 PM UTC, "Murray S. Kucherawy" >> >

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

It appears that Dotzero said: >While the you part of "we" may not see any advantages, quite a few >financials, greeting card sites, retailers AND many receivers have seen the >advantages, including p=reject. ... The advantages you see are certainly real but they're not about interoperability.

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

On Fri, Apr 14, 2023 at 2:00 PM Laura Atkins wrote: > > > On 14 Apr 2023, at 18:38, Alessandro Vesely wrote: > > On Wed 12/Apr/2023 13:41:16 +0200 Laura Atkins wrote: > > On 12 Apr 2023, at 12:21, Douglas Foster < > dougfoster.emailstanda...@gmail.com> wrote: > Any form of security creates

Re: [dmarc-ietf] Signaling MLMs

On Fri, Apr 14, 2023 at 10:20 AM Alessandro Vesely wrote: > On Fri 14/Apr/2023 15:47:12 +0200 Scott Kitterman wrote: > > On April 14, 2023 1:29:58 PM UTC, "Murray S. Kucherawy" < > superu...@gmail.com> wrote: > >> On Fri, Apr 14, 2023 at 4:31 AM Alessandro Vesely > wrote: > >> > >>> Heck, MLMs

Re: [dmarc-ietf] Signaling MLMs

The solution to move forward is: - Recommend MUST NOT publish if domain wants to allow users to use domain in public list systems, - Warn MLS/MLS to avoid From Rewrite and recommend to honor p=reject by rejecting subscription, submissions. This is already in practice since 2011. - Update

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

> On 14 Apr 2023, at 18:38, Alessandro Vesely wrote: > > On Wed 12/Apr/2023 13:41:16 +0200 Laura Atkins wrote: >>> On 12 Apr 2023, at 12:21, Douglas Foster >>> wrote: >>> Any form of security creates inconvenience. >> Yes. And we make tradeoffs between that. In this case, the security is >>

Re: [dmarc-ietf] Signaling MLMs

On Friday, April 14, 2023 1:20:28 PM EDT Alessandro Vesely wrote: > On Fri 14/Apr/2023 15:47:12 +0200 Scott Kitterman wrote: > > On April 14, 2023 1:29:58 PM UTC, "Murray S. Kucherawy" wrote: > >> On Fri, Apr 14, 2023 at 4:31 AM Alessandro Vesely wrote: > >>> Heck, MLMs should start rejecting

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

On Friday, April 14, 2023 1:38:42 PM EDT Alessandro Vesely wrote: > On Wed 12/Apr/2023 13:41:16 +0200 Laura Atkins wrote: > >> On 12 Apr 2023, at 12:21, Douglas Foster > >> wrote: > >> > >> Any form of security creates inconvenience. > > > > Yes. And we make tradeoffs between that. In this

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

On Wed 12/Apr/2023 13:41:16 +0200 Laura Atkins wrote: On 12 Apr 2023, at 12:21, Douglas Foster wrote: Any form of security creates inconvenience. Yes. And we make tradeoffs between that. In this case, the security is ensuring that users at specific domains can and should only send mail

Re: [dmarc-ietf] Signaling MLMs

On Fri 14/Apr/2023 15:47:12 +0200 Scott Kitterman wrote: On April 14, 2023 1:29:58 PM UTC, "Murray S. Kucherawy" wrote: On Fri, Apr 14, 2023 at 4:31 AM Alessandro Vesely wrote: Heck, MLMs should start rejecting messages sent from domains that publish a blocking policy *when they fail

Re: [dmarc-ietf] Signaling MLMs

The situation will converge to two separate but unequal environments, those that prioritize security, and those that require insecurity. As people get burned, the pro-security segment will grow and the insecure segment will find more and more restrictions on their ability to connect to their

Re: [dmarc-ietf] Signaling MLMs

On April 14, 2023 1:29:58 PM UTC, "Murray S. Kucherawy" wrote: >On Fri, Apr 14, 2023 at 4:31 AM Alessandro Vesely wrote: > >> Heck, MLMs should start rejecting messages sent from domains that publish >> a >> blocking policy *when they fail authentication on entry*!! >> > >That's not enough to

Re: [dmarc-ietf] Signaling MLMs

On Fri, Apr 14, 2023 at 4:31 AM Alessandro Vesely wrote: > Heck, MLMs should start rejecting messages sent from domains that publish > a > blocking policy *when they fail authentication on entry*!! > That's not enough to avoid the damage we're talking about. > From: rewriting is the de-facto

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

On 4/14/2023 7:43 AM, Alessandro Vesely wrote: On Thu 13/Apr/2023 18:01:40 +0200 John R Levine wrote: In ADSP I made the equivalent policy "discardable" to reinforce this point. My co-authors weren't happy about it, but they couldn't disagree. ADSP was different from DMARC. ADSP

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

On Thu 13/Apr/2023 17:21:30 +0200 Barry Leiba wrote: Anyone who does forwarding is damaged by DMARC because there are a lot of people who do DMARC on the cheap with SPF only. This brings up another issue, I think: that there should also be stronger advice that using DKIM is critical to DMARC

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

On Thu 13/Apr/2023 18:01:40 +0200 John R Levine wrote: I'm trying to figure out where best to say this, but when you say p=reject, you are saying your mail is *not* important, and if there is any doubt about it, you want recipients to throw it away, even though some of your real mail will

Re: [dmarc-ietf] General-purpose domains with users from the general public MUST NOT use p=reject

I can agree with the premise of this version. This expanded definition of "general purpose" domains makes it somewhat more clear what/who the intended target for the language is. - Mark Alley On Fri, Apr 14, 2023, 4:16 AM Matthäus Wander wrote: > Barry Leiba wrote on 2023-04-14 03:52: > > As

Re: [dmarc-ietf] Signaling MLMs

On Thu 13/Apr/2023 17:57:55 +0200 Dotzero wrote: On Wed, Apr 12, 2023 at 11:38 PM Murray S. Kucherawy wrote: On Wed, Apr 12, 2023 at 12:45 PM Steven M Jones wrote: In any case, are we really going to start suggesting that list operators start rejecting messages sent from domains that

[dmarc-ietf] General-purpose domains with users from the general public MUST NOT use p=reject

Barry Leiba wrote on 2023-04-14 03:52: As to "what constitutes general purpose", if you are providing email addresses to the general public, that qualifies. If your domain is sending email only from employees, and you have policies about employees using their email addresses to conduct