Re: [dmarc-ietf] Signaling MLMs

2023-04-17 Thread Benny Pedersen
Hector Santos skrev den 2023-04-17 20:55: One solution is for the junc.eu domain to add an ATPS authorization record for ietf.org [1] to the junc.eu [2] zone: pq6xadozsi47rluiq5yohg2hy3mvjyoo._atps TXT ("v=atps01; d=ietf.org;") retest [3] https://winserver.com/public/wcDmarc

Re: [dmarc-ietf] Signaling MLMs

2023-04-17 Thread Benny Pedersen
Hector Santos skrev den 2023-04-17 20:55: Just consider your message source. The header overhead is massively complex to read. It is really a waste on receivers. Apr 17 22:53:28.015 [22350] dbg: authres: parsing Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)

Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?

2023-04-17 Thread Dotzero
On Mon, Apr 17, 2023 at 12:05 PM John Levine wrote: > It appears that Laura Atkins said: > >Is this another issue we should document and make recommendations about? > I was thinking along the line that transactional SaaS > >providers should fully support DMARC and should not allow companies

Re: [dmarc-ietf] Signaling MLMs

2023-04-17 Thread Hector Santos
> On Apr 16, 2023, at 11:31 PM, Benny Pedersen wrote: > > Hector Santos skrev den 2023-04-17 05:06: > >> Anyway, there are far too much waste in electronic mail, ADSP/DMARC >> and this quest to resolve its issues, creating more junk, ARC, is not >> getting anywhere. > > ?, spamassassin 4, do

Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?

2023-04-17 Thread John Levine
It appears that Laura Atkins said: >Is this another issue we should document and make recommendations about? I was >thinking along the line that transactional SaaS >providers should fully support DMARC and should not allow companies using >p=reject in their business mail to access the

Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?

2023-04-17 Thread Hector Santos
On 4/17/2023 9:43 AM, Scott Kitterman wrote: OK. The discussion of the 5322.From comment through me off, I guess. I think there's probably room for the IETF to document Bext Current Practices (BCP) around DMARC usage. I think it's a step beyond the interoperability discussion we need for the

Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?

2023-04-17 Thread Scott Kitterman
On Monday, April 17, 2023 9:37:55 AM EDT Laura Atkins wrote: > > On 17 Apr 2023, at 14:15, Scott Kitterman wrote: > > > > On Monday, April 17, 2023 4:29:45 AM EDT Laura Atkins wrote: > >> Reading through the various discussions about how to document the harm > >> DMARC causes for general purpose

Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?

2023-04-17 Thread Laura Atkins
> On 17 Apr 2023, at 14:15, Scott Kitterman wrote: > > On Monday, April 17, 2023 4:29:45 AM EDT Laura Atkins wrote: >> Reading through the various discussions about how to document the harm DMARC >> causes for general purpose domains, I started thinking.One way that a lot >> of major SaaS

Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?

2023-04-17 Thread Laura Atkins
> On 17 Apr 2023, at 14:01, Dotzero wrote: > > > > On Mon, Apr 17, 2023 at 4:30 AM Laura Atkins > wrote: >> Reading through the various discussions about how to document the harm DMARC >> causes for general purpose domains, I started thinking.One way that a

Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?

2023-04-17 Thread Douglas Foster
The only real fix for Friendly Name fraud is to strip it away, except for trusted domains that have been verified with DMARC PASS. Major vendors are trying lesser solutions by preventing friendly name impersonation of key executives, but the problem is much greater. This topic is material for a

Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?

2023-04-17 Thread Scott Kitterman
On Monday, April 17, 2023 4:29:45 AM EDT Laura Atkins wrote: > Reading through the various discussions about how to document the harm DMARC > causes for general purpose domains, I started thinking.One way that a lot > of major SaaS providers have chose to deal with DMARC is spoofing their >

Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?

2023-04-17 Thread Dotzero
On Mon, Apr 17, 2023 at 4:30 AM Laura Atkins wrote: > Reading through the various discussions about how to document the harm > DMARC causes for general purpose domains, I started thinking.One way that a > lot of major SaaS providers have chose to deal with DMARC is spoofing their > customer’s in

Re: [dmarc-ietf] Example of Indirect Mail Flow Breakage with p=reject?

2023-04-17 Thread Alessandro Vesely
On Mon 17/Apr/2023 07:05:47 +0200 Murray S. Kucherawy wrote: On Sat, Apr 15, 2023 at 3:58 PM Neil Anuskiewicz wrote: 1. Cousin domains. We all get that dmarc doesn’t touch those. Dmarc is to stop spoofing of exact domains. There are other technologies and methods whose responsibility it is to

[dmarc-ietf] Is From spoofing an interoperability issue or not?

2023-04-17 Thread Laura Atkins
Reading through the various discussions about how to document the harm DMARC causes for general purpose domains, I started thinking.One way that a lot of major SaaS providers have chose to deal with DMARC is spoofing their customer’s in the 5322.from Comment string. There are numerous examples