Re: [dmarc-ietf] Server Controls
On Tue, Nov 14, 2023 at 5:33 AM Seth Blank wrote: > As Chair, Douglas, again, what operational issue per charter are you > trying to address, and where is your suggested text to address? > I agree, this far exceeds DMARC's charter. None of this to say the topic is not one worth exploring, but it is simply (and very clearly) outside of the remit of this working group. There are some rumblings afoot to push for creation of a working group with a broader email authentication scope. Wei has also advocated for such. At IETF 118 in Prague there were other ideas floated for working groups of broader scope. But until such a venue becomes a reality, this sort of discussion is yet another distraction from an already strained (nine years and counting!) set of deliverables. Please stay on target. -MSK, ART Area Director ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] Server Controls
As an individual, I concur with Richard As Chair, Douglas, again, what operational issue per charter are you trying to address, and where is your suggested text to address? Seth On Tue, Nov 14, 2023 at 07:41 Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote: > A server is anything with an IP address and the potential to send mail > using unauthenticated mail on port 25. > > Our most important server control is the foundation of SPF: a > multi-tenant server will only allow tenants to originate messages using > their own domain. Without that control, SPF collapses as useless. > > Most messages come from legitimate servers that implement controls. This > allows us to accept some unauthenticated messages because the perceived > risk is low. Server controls make this happen. > > Preventing malicious impersonation is more effective than detecting it. > Consequently, server operators are the most important part of this > protocol. > > Doug > > On Tue, Nov 14, 2023, 7:07 AM Richard Clayton > wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> In message > j...@mail.gmail.com>, Douglas Foster > > writes >> >> >Our document needs a section on server controls. >> >> what is a "server" ? did you mean an MTA ?? >> >> >Impersonation prevention begins with enrollment controls that prevent >> >service accounts from being created using false identities. >> >> Many countries have controls on Internet access that require Government >> issued identification ... and many take the view that this is >> inappropriate. >> >> > I do not >> >perceive this as a significant problem, but the NIST documents on digital >> >identity are a very good resource and could be referenced. >> >> I think you may have the wrong mailing list. I don't believe DMARC has >> any relevance to (or interest in) identifying individual email senders >> rather than detecting unauthorised use of domains. >> >> - -- >> richard Richard Clayton >> >> Those who would give up essential Liberty, to purchase a little temporary >> Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 >> >> -BEGIN PGP SIGNATURE- >> Version: PGPsdk version 1.7.1 >> >> iQA/AwUBZVNipd2nQQHFxEViEQKdUACgr9/X23quPDNpMPDc+ewuAvHg0coAn1Qp >> ZwwQWcSZajg40q4MOi8ajZuH >> =3GOC >> -END PGP SIGNATURE- >> > ___ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] Server Controls
A server is anything with an IP address and the potential to send mail using unauthenticated mail on port 25. Our most important server control is the foundation of SPF: a multi-tenant server will only allow tenants to originate messages using their own domain. Without that control, SPF collapses as useless. Most messages come from legitimate servers that implement controls. This allows us to accept some unauthenticated messages because the perceived risk is low. Server controls make this happen. Preventing malicious impersonation is more effective than detecting it. Consequently, server operators are the most important part of this protocol. Doug On Tue, Nov 14, 2023, 7:07 AM Richard Clayton wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > In message j...@mail.gmail.com>, Douglas Foster > writes > > >Our document needs a section on server controls. > > what is a "server" ? did you mean an MTA ?? > > >Impersonation prevention begins with enrollment controls that prevent > >service accounts from being created using false identities. > > Many countries have controls on Internet access that require Government > issued identification ... and many take the view that this is > inappropriate. > > > I do not > >perceive this as a significant problem, but the NIST documents on digital > >identity are a very good resource and could be referenced. > > I think you may have the wrong mailing list. I don't believe DMARC has > any relevance to (or interest in) identifying individual email senders > rather than detecting unauthorised use of domains. > > - -- > richard Richard Clayton > > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 > > -BEGIN PGP SIGNATURE- > Version: PGPsdk version 1.7.1 > > iQA/AwUBZVNipd2nQQHFxEViEQKdUACgr9/X23quPDNpMPDc+ewuAvHg0coAn1Qp > ZwwQWcSZajg40q4MOi8ajZuH > =3GOC > -END PGP SIGNATURE- > ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] Server Controls
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In message , Douglas Foster writes >Our document needs a section on server controls. what is a "server" ? did you mean an MTA ?? >Impersonation prevention begins with enrollment controls that prevent >service accounts from being created using false identities. Many countries have controls on Internet access that require Government issued identification ... and many take the view that this is inappropriate. > I do not >perceive this as a significant problem, but the NIST documents on digital >identity are a very good resource and could be referenced. I think you may have the wrong mailing list. I don't believe DMARC has any relevance to (or interest in) identifying individual email senders rather than detecting unauthorised use of domains. - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.7.1 iQA/AwUBZVNipd2nQQHFxEViEQKdUACgr9/X23quPDNpMPDc+ewuAvHg0coAn1Qp ZwwQWcSZajg40q4MOi8ajZuH =3GOC -END PGP SIGNATURE- ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
