There are many issues with DMARC. I’m trying it out now, but having looked at IETF documents (https://datatracker.ietf.org/wg/dmarc/documents/ <https://datatracker.ietf.org/wg/dmarc/documents/>) especially RFC 7960 <https://datatracker.ietf.org/doc/rfc7960/> ("Interoperability Issues between Domain-based Message Authentication, Reporting, and Conformance (DMARC) and Indirect Email Flows" which has a catalog of many issues) has made me less than optimistic.
Gerben Wierda Chess and the Art of Enterprise Architecture <http://enterprisechess.com/> Mastering ArchiMate <http://masteringarchimate.com/> Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ > On 21 May 2018, at 17:29, Pete Holzmann via dmarc-discuss > <dmarc-discuss@dmarc.org> wrote: > > I'm seeing a growing number of bounce-back errors from major players who have > DMARC fully implemented. > > I have some observations, questions and a suggestion. > > Blessings, > Pete > > OBSERVATIONS > > There's a pattern here that I suspect is only going to grow: > > * User R with SomeCo creates an email filter rule to auto-forward some subset > of incoming emails to their smart phone or other alternate mailbox (gmail, > apple, etc) > > * From 'R's perspective, they simply want those emails to show up in their > "other inbox" > > * From Google/Apple/etc perspective, those emails get the full treatment for: > - SPF/DKIM/DMARC validity > - Anti-spam filtering > - Etc. > > The result (with varying details): > > a) Originator "O" of the email may get a DMARC bounceback (see example below) > indicating that gmail (or whoever) would not accept the message. > b) User "R" with the forwarding rule may find messages not showing up on > their phone. > c) Google/Apple/etc may start treating SomeCo as a source of spam > > ...and the hard part: from Originator and User perspective, everybody's doing > what is "normal" but the email systems are causing grief. Only an expert > examining headers and server logs can get a clue about what is happening. > > In a perfect world all software will perfectly implement DMARC. In the > meantime, users get frustrated and email gets blocked. > > QUESTIONS: > 1) Is anyone working to solve these issues? > 2) Has there been consideration of a forwarding token that could validate all > such emails? > > SUGGESTION: > a) Since user+al...@dom.ain is a valid alias for u...@dom.ain ... > b) Why not create a standard for personal forwarding authentication tokens? > I.e. > * A typical mechanism is used to create token asd!_4521Zxy > * asd!_4521Zxy is stored as PrivateForwardToken in gmail box or ??? > * User forwards their email to user+asd!_4521...@gmail.com instead > of > u...@gmail.com > * Google auto-approves all such email as if it were internal > rather than > externally sourced. > > [Probably needs modifying so such messages are rapidly recognized during > transport... but I want to make sure end users can easily implement this on > ANY email client, ANY email service, without help.] > > > EXAMPLE > > I sent email to a friend. I received this bounceback. I was surprised to hear > that my friend received the message... until on questioning he realized he > also was auto-copying to a gmail box. > > > Sorry. Your message could not be delivered to: > > gmail.com > DATA > Received: 5.7.1 Unauthenticated email from icta.net is not > accepted due to domain's > 5.7.1 DMARC policy. Please contact the > administrator of icta.net domain if > 5.7.1 this was a legitimate mail. > Please visit > 5.7.1 > https://support.google.com/mail/answer/2451690 to learn about the > 5.7.1 DMARC initiative. > s4-v6si8436056ita.127 - gsmtp > > [end] > > _______________________________________________ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html)
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
