Re: [dmarc-ietf] Best Guess SPF is a dead hack from 18 years ago

2021-12-06 Thread Scott Kitterman
On Monday, December 6, 2021 4:22:16 PM EST Dave Crocker wrote: > On 12/6/2021 1:18 PM, John Levine wrote: > > Please can we all pretend it never existed, we never heard of it, > > and we certainly are not going to say anything about it. > > My best guess is that you are referencing something that

Re: [dmarc-ietf] PSD Flag

2021-12-06 Thread Tim Wicinski
On Mon, Dec 6, 2021 at 8:57 AM Scott Kitterman wrote: > > > Unless there's a valid reason for someone to publish PSD=no, I don't think > it should exist and I can't think of a reason. If you give people a knob, > someone will turn it [if we leave it in, I guarantee you there will be > things

Re: [dmarc-ietf] Best Guess SPF is a dead hack from 18 years ago

2021-12-06 Thread Dave Crocker
On 12/6/2021 1:18 PM, John Levine wrote: Please can we all pretend it never existed, we never heard of it, and we certainly are not going to say anything about it. My best guess is that you are referencing something that has no business even being referenced in an IETF specification. d/

Re: [dmarc-ietf] Best Guess SPF is a dead hack from 18 years ago

2021-12-06 Thread John Levine
It appears that Scott Kitterman said: >No. The so called best guess is no part of SPF. The "best guess" was a short term hack around 2003 when SPF was new and not widely deployed. It is now 18 years later, anyone who can run a mail server can publish SPF and that hack is totally dead.

Re: [dmarc-ietf] Best Guess SPF should not be deprecated.

2021-12-06 Thread Scott Kitterman
On Monday, December 6, 2021 3:04:37 PM EST Dave Crocker wrote: > On 12/6/2021 11:56 AM, Scott Kitterman wrote: > > Somewhere we need to explain about how ARC related to DMARC. If it's > > going to be in the protocol specification, this is the place. Otherwise > > it would go in the appendix I

Re: [dmarc-ietf] Best Guess SPF should not be deprecated.

2021-12-06 Thread Dave Crocker
On 12/6/2021 11:56 AM, Scott Kitterman wrote: Somewhere we need to explain about how ARC related to DMARC. If it's going to be in the protocol specification, this is the place. Otherwise it would go in the appendix I keep mentioning that we need which explains options senders,

[dmarc-ietf] Ticket #120 - Unique IDs

2021-12-06 Thread Brotman, Alex
Hello folks, We received a ticket about the unique IDs that are included with reporting: -- unique-id, msg-id, and report_id are loosely defined. The spec needs to say that they are semantically the same thing and must have the same content. In addition:

Re: [dmarc-ietf] Best Guess SPF should not be deprecated.

2021-12-06 Thread Scott Kitterman
On December 6, 2021 7:16:06 PM UTC, Dave Crocker wrote: >On 12/6/2021 5:29 AM, Scott Kitterman wrote: >> I think what better goes in this spot is a more general comment about local >> policy (it doesn't seem to be discussed elsewhere). > > >"Local policy" is just another way of saying "doing

Re: [dmarc-ietf] dmarcbis-04, 5.7.1. Extract Author Domain

2021-12-06 Thread John Levine
It appears that Alessandro Vesely said: >Hi, > >The domain in the RFC5322.From header field is extracted as the >domain to be evaluated by DMARC. If the domain is encoded with UTF- >8, the domain name must be converted to an A-label, as described in >Section 2.3 of [RFC5890],

Re: [dmarc-ietf] Best Guess SPF should not be deprecated.

2021-12-06 Thread Dave Crocker
On 12/6/2021 5:29 AM, Scott Kitterman wrote: I think what better goes in this spot is a more general comment about local policy (it doesn't seem to be discussed elsewhere). "Local policy" is just another way of saying "doing something outside of the specification".  People are always

Re: [dmarc-ietf] dmarcbis-04, 5.5. Domain Owner Actions

2021-12-06 Thread Scott Kitterman
On Monday, December 6, 2021 1:59:19 PM EST Dave Crocker wrote: > On 12/6/2021 10:48 AM, Scott Kitterman wrote: > > I understand you don't like what's there, but not how you think it should > > be changed. The proposed revision addresses the concern I had raised. > If a sentence or a paragraph is

Re: [dmarc-ietf] Best Guess SPF should not be deprecated.

2021-12-06 Thread Scott Kitterman
On Monday, December 6, 2021 2:01:10 PM EST Alessandro Vesely wrote: > On Mon 06/Dec/2021 14:29:02 +0100 Scott Kitterman wrote: > > On December 6, 2021 1:04:44 PM UTC, Todd Herr wrote: > >>On Sat, Dec 4, 2021 at 5:35 PM Douglas Foster wrote: > >>> I have multiple objections to this paragraph in

Re: [dmarc-ietf] Best Guess SPF should not be deprecated.

2021-12-06 Thread Alessandro Vesely
On Mon 06/Dec/2021 14:29:02 +0100 Scott Kitterman wrote: On December 6, 2021 1:04:44 PM UTC, Todd Herr wrote: On Sat, Dec 4, 2021 at 5:35 PM Douglas Foster wrote: I have multiple objections to this paragraph in section 5.7.2 "Heuristics applied in the absence of use by a Domain Owner of

Re: [dmarc-ietf] dmarcbis-04, 5.5. Domain Owner Actions

2021-12-06 Thread Dave Crocker
On 12/6/2021 10:48 AM, Scott Kitterman wrote: I understand you don't like what's there, but not how you think it should be changed. The proposed revision addresses the concern I had raised. If a sentence or a paragraph is not providing necessary specification and is not providing necessary

Re: [dmarc-ietf] Experiments

2021-12-06 Thread Scott Kitterman
On Monday, December 6, 2021 1:53:13 PM EST Murray S. Kucherawy wrote: > To those who said they're collecting data and hope to have some stuff to > share soon, is there anything interesting to report? > > The topic of ARC's efficacy came up in another IETF context today (tools) > and I'm wondering

Re: [dmarc-ietf] Experiments

2021-12-06 Thread Murray S. Kucherawy
To those who said they're collecting data and hope to have some stuff to share soon, is there anything interesting to report? The topic of ARC's efficacy came up in another IETF context today (tools) and I'm wondering if we have anything new here. -MSK On Thu, Sep 23, 2021 at 2:08 PM Brotman,

Re: [dmarc-ietf] dmarcbis-04, 5.5. Domain Owner Actions

2021-12-06 Thread Scott Kitterman
On December 6, 2021 6:39:17 PM UTC, Dave Crocker wrote: >On 12/6/2021 10:06 AM, Scott Kitterman wrote: >> OK. What's your recommendation then? > >Scott, > >I think my note contained a series of very basic recommendations.  I'm >not sure what else you are looking for. What text (if any) would

Re: [dmarc-ietf] dmarcbis-04, 5.5. Domain Owner Actions

2021-12-06 Thread Dave Crocker
On 12/6/2021 10:06 AM, Scott Kitterman wrote: OK. What's your recommendation then? Scott, I think my note contained a series of very basic recommendations.  I'm not sure what else you are looking for. d/ -- Dave Crocker dcroc...@gmail.com 408.329.0791 Volunteer, Silicon Valley Chapter

Re: [dmarc-ietf] dmarcbis-04, 5.5. Domain Owner Actions

2021-12-06 Thread Scott Kitterman
On Monday, December 6, 2021 1:01:51 PM EST Dave Crocker wrote: > On 12/6/2021 9:38 AM, Scott Kitterman wrote: > >> In the interests of future-proofing, should there ever be additional > >> underlying authentication protocols, I propose this: > >> > >> Should any authentication failures for

Re: [dmarc-ietf] dmarcbis-04, 5.5. Domain Owner Actions

2021-12-06 Thread Dave Crocker
On 12/6/2021 9:38 AM, Scott Kitterman wrote: In the interests of future-proofing, should there ever be additional underlying authentication protocols, I propose this: Should any authentication failures for systems under the Domain Owner's control be found in the reports, in cases where the

Re: [dmarc-ietf] dmarcbis-04, 5.5. Domain Owner Actions

2021-12-06 Thread Scott Kitterman
On Monday, December 6, 2021 11:40:47 AM EST Todd Herr wrote: > On Mon, Dec 6, 2021 at 9:08 AM Scott Kitterman wrote: > > On December 6, 2021 1:35:10 PM UTC, Todd Herr > > > 40valimail@dmarc.ietf.org> wrote: > > >On Mon, Dec 6, 2021 at 7:45 AM Alessandro Vesely wrote: > > ... > > > > >>

Re: [dmarc-ietf] dmarcbis-04, 5.5. Domain Owner Actions

2021-12-06 Thread Alessandro Vesely
On Mon 06/Dec/2021 17:40:47 +0100 Todd Herr wrote: On Mon, Dec 6, 2021 at 9:08 AM Scott Kitterman wrote: On December 6, 2021 1:35:10 PM UTC, Todd Herr wrote: On Mon, Dec 6, 2021 at 7:45 AM Alessandro Vesely wrote: ... Should any overlooked systems be found in the

Re: [dmarc-ietf] dmarcbis-04, 5.5. Domain Owner Actions

2021-12-06 Thread Todd Herr
On Mon, Dec 6, 2021 at 9:08 AM Scott Kitterman wrote: > > > On December 6, 2021 1:35:10 PM UTC, Todd Herr 40valimail@dmarc.ietf.org> wrote: > >On Mon, Dec 6, 2021 at 7:45 AM Alessandro Vesely wrote: > ... > >>Should any overlooked systems be found in the > >>

Re: [dmarc-ietf] 3.2.6. Non-existent Domains

2021-12-06 Thread Scott Kitterman
On Sunday, December 5, 2021 9:35:15 PM EST John Levine wrote: > It appears that Scott Kitterman said: > >> For your #2 you seem to be saying that if I send no-reply transactional > >> mail, my DNS would look like this: > >> > >> notifiy.bigcorp.com. IN MX 0 . /* we don't receive replies /* >

Re: [dmarc-ietf] dmarcbis-04, 5.5. Domain Owner Actions

2021-12-06 Thread Scott Kitterman
On December 6, 2021 1:35:10 PM UTC, Todd Herr wrote: >On Mon, Dec 6, 2021 at 7:45 AM Alessandro Vesely wrote: ... >>Should any overlooked systems be found in the >> reports, the Domain Owner can adjust the SPF record and/or configure >> DKIM signing for

Re: [dmarc-ietf] PSD Flag

2021-12-06 Thread Scott Kitterman
On December 6, 2021 1:10:02 PM UTC, Todd Herr wrote: >On Sat, Dec 4, 2021 at 11:28 PM Scott Kitterman >wrote: > >> I think the addition of the PSD flag to support organizational domain >> determination is a good change. I have some quibbles about the exact >> definition though: >> >> >

Re: [dmarc-ietf] dmarcbis-04, 5.5. Domain Owner Actions

2021-12-06 Thread Todd Herr
On Mon, Dec 6, 2021 at 7:45 AM Alessandro Vesely wrote: > Hi, > > I have a few nits about this section: > > This section describes Domain Owner actions to fully implement the > DMARC mechanism. > > Actually, the section doesn't mention DMARC checking, adhering to policies > found in

Re: [dmarc-ietf] Best Guess SPF should not be deprecated.

2021-12-06 Thread Todd Herr
On Sat, Dec 4, 2021 at 5:35 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote: > I have multiple objections to this paragraph in section 5.7.2 > > "Heuristics applied in the absence of use by a Domain Owner of either SPF > or DKIM (e.g., [Best-Guess-SPF >

[dmarc-ietf] dmarcbis-04, 5.5. Domain Owner Actions

2021-12-06 Thread Alessandro Vesely
Hi, I have a few nits about this section: This section describes Domain Owner actions to fully implement the DMARC mechanism. Actually, the section doesn't mention DMARC checking, adhering to policies found in DMARC records, and sending feedback reports. Hence I'd strike "fully". It

Re: [dmarc-ietf] 3.2.6. Non-existent Domains

2021-12-06 Thread Douglas Foster
Scot raises a valid concern, which calls for a counterproposal, not an end to discussion.I can propose one, but I wonder what the group thinks. Building on other comments, the strict needs this additional logic: DMARC Policy and the NP test --

Re: [dmarc-ietf] Reversing modifications from mailing lists

2021-12-06 Thread Alessandro Vesely
On Sun 05/Dec/2021 20:55:30 +0100 Wei Chuang wrote: On Wed, Dec 1, 2021 at 3:45 AM Alessandro Vesely wrote: On Tue 30/Nov/2021 18:30:39 +0100 John R Levine wrote: On Tue, 30 Nov 2021, Wei Chuang wrote: What about adding a footer to some html mime part is poorly handled when using "l="?

Re: [dmarc-ietf] dmarcbis-04, 5.3. General Record Format 5/5

2021-12-06 Thread Alessandro Vesely
On Sat 04/Dec/2021 22:30:30 +0100 Murray S. Kucherawy wrote: On Fri, Dec 3, 2021 at 10:38 AM Todd Herr The sentence should read something like this: Percentage of messages using the Domain Owner's domain and failing DMARC authentication checks to which the DMARC policy is to be applied. I'd

Re: [dmarc-ietf] Reversing modifications from mailing lists

2021-12-06 Thread Murray S. Kucherawy
On Sun, Dec 5, 2021 at 12:24 PM John R Levine wrote: > I'm pretty sure that changing DKIM is very out of scope for this working > group. > As I read the charter, I don't agree. It says in at least two places that this could be in scope. Whether the chairs want the WG to engage in such work