Re: [dmarc-ietf] Proposal for auth policy tag in draft-ietf-dmarc-dmarcbis

On August 4, 2023 4:16:39 PM UTC, Wei Chuang wrote: >At IETF-117, I restarted the proposal for a policy "auth=" tag based on the >proposal here >. >The "auth=" policy allows for restriction of SPF in scenarios where it

Re: [dmarc-ietf] Proposal for additional Security Considerations for SPF Upgrade in draft-ietf-dmarc-dmarcbis

On August 4, 2023 4:15:35 PM UTC, Wei Chuang wrote: >I noted at the DMARC session -117, that with the p=reject downgrade to >quarantine language, this increases the risk of SPF upgrade attacks due to >forwarding. The reply was to propose language for this and below is the >suggested text for

[dmarc-ietf] Proposals for tolerating mailing list modifications

Hi all, I just wanted to mention two proposals for tolerating mailing list modifications as suggested in person IETF-117. They both use ARC headers as infrastructure, but go about tolerating mailing list modifications in different ways. 1) Disclose and reverse mailing list transforms so that we

Re: [dmarc-ietf] Reflections on IETF 117 Conference and DMARC Meeting

On Fri, Aug 4, 2023 at 2:28 AM Alessandro Vesely wrote: > > Collecting some data and doing some experimentation would be really > helpful > > toward determining the right path here, if any. > > Evaluating Sender: doesn't help whitelisting rejection before DATA. > Huh? I didn't say anything

[dmarc-ietf] Proposal for auth policy tag in draft-ietf-dmarc-dmarcbis

At IETF-117, I restarted the proposal for a policy "auth=" tag based on the proposal here . The "auth=" policy allows for restriction of SPF in scenarios where it might be problematic but still retains its availability in

[dmarc-ietf] Proposal for additional Security Considerations for SPF Upgrade in draft-ietf-dmarc-dmarcbis

I noted at the DMARC session -117, that with the p=reject downgrade to quarantine language, this increases the risk of SPF upgrade attacks due to forwarding. The reply was to propose language for this and below is the suggested text for the proposed "11.9 Quarantined Forwarded Mail Security Risk"

Re: [dmarc-ietf] Reflections on IETF 117 Conference and DMARC Meeting

PRA was not donated to anyone. Licensing terms for it was what blew up MARID. It's not helpful here, let's move on. Scott K On August 4, 2023 2:01:14 PM UTC, Hector Santos wrote: >Overall, DMARCbis has a “SPF comes before DMARC” conflict where SPF can >“preempt” DMARC. > >The

Re: [dmarc-ietf] Reflections on IETF 117 Conference and DMARC Meeting

Overall, DMARCbis has a “SPF comes before DMARC” conflict where SPF can “preempt” DMARC. The implementation suggestion is leveraging an existing ESMTP extension capability to obtain the DMARC policy at SMTP for one reason - to help DMARC fit better with SMTP-level SPF processing. Otherwise

Re: [dmarc-ietf] Reflections on IETF 117 Conference and DMARC Meeting

On Thu 03/Aug/2023 21:15:57 + Murray S. Kucherawy wrote: On Thu, Aug 3, 2023 at 10:39 AM Hector Santos wrote: [...] However, at present, the most plausible use-case appears to be the addition of delayed SPF rejection scenarios through DMARC evaluation. Essentially, SUBMITTER/PRA serves