Re: [dmarc-ietf] Section 4.7 - NP test is wrong

2022-08-08 Thread Douglas Foster
You misconstrue. This is not about guesswork. SPF PASS and DKIM VERIFIED provide proxy verification of the From address, comparable to a badge reader authenticating an employee, or perhaps more closely, a notary seal with attestation validating a document signature. DMARC policy primarily provi

Re: [dmarc-ietf] Section 4.7 - NP test is wrong

2022-08-08 Thread Scott Kitterman
On Monday, August 8, 2022 9:10:22 AM EDT Barry Leiba wrote: > > What I am hearing is: > > > > "DMARC permits evaluators to meet the needs of certain domain owners, > > specifically domain owners who publish a DMARC policy." > > > > I am disappointed with the perceived indifference to the needs of

Re: [dmarc-ietf] Girl Scout troops vs MLM problems (#70)

2022-08-08 Thread Douglas Foster
Laura's faith in developers exceeds mine. Having just completed a second survey of commercial products, I found very few that could handle all of the most needed exception conditions. For mailing lists, the exception rule is easy: If SMTP address = List address (or list domain) and SPF PASS, th

Re: [dmarc-ietf] Section 4.7 - NP test is wrong

2022-08-08 Thread Barry Leiba
> What I am hearing is: > > "DMARC permits evaluators to meet the needs of certain domain owners, > specifically domain owners who > publish a DMARC policy." > > I am disappointed with the perceived indifference to the needs of evaluators. There's a reason for that: DMARC was designed for senders

Re: [dmarc-ietf] Girl Scout troops vs MLM problems (#70)

2022-08-08 Thread John R Levine
Actually, small receivers can simply trust selected, DMARC-aligned mailing lists and restore the original From: in the cases where MLM saved it (w/o ARC). This kind of hack could be set up really quick. > Please please can we stop doing this.  Trying to unmunge rewritten From: headers is totall

Re: [dmarc-ietf] Collecting message metadata, was Time to work on failure reporting

2022-08-08 Thread John R Levine
On Mon, 8 Aug 2022, Alessandro Vesely wrote: It also misses the fact that "already reported characteristics" is undefined. Right, that's to be defined. Clearly, the criteria differ between SPF and DKIM. We could also define fuzzy criteria. Mike and I just provided separate reasons why that

Re: [dmarc-ietf] Girl Scout troops vs MLM problems (#70)

2022-08-08 Thread Alessandro Vesely
On Mon 08/Aug/2022 00:40:47 +0200 John Levine wrote: On Sun, 7 Aug 2022, Alessandro Vesely wrote: Actually, small receivers can simply trust selected, DMARC-aligned mailing lists and restore the original From: in the cases where MLM saved it (w/o ARC). This kind of hack could be set up really

Re: [dmarc-ietf] Collecting message metadata, was Time to work on failure reporting

2022-08-08 Thread Alessandro Vesely
On Sun 07/Aug/2022 19:20:12 +0200 John Levine wrote: By remembering failure reports issued in the past, new failures having already reported characteristics (e.g. same forwarder) can be silently ignored.  That would greatly reduce noise. This is a horrible idea. It presupposes that failures fro

Re: [dmarc-ietf] Girl Scout troops vs MLM problems (#70)

2022-08-08 Thread Laura Atkins
> On 8 Aug 2022, at 05:10, Murray S. Kucherawy wrote: > > On Sun, Aug 7, 2022 at 4:07 PM Douglas Foster > > wrote: > Evaluators need to use much more sophistication, when applying DMARC, than > simply applying the formula and doing whatever the pol