Re: [dmarc-ietf] Example of Indirect Mail Flow Breakage with p=reject?

> On Apr 14, 2023, at 7:43 PM, Mark Alley > wrote: > >  > Its not ideal, but I could live with that. That's somewhat less ambiguous > than [general purpose] domains, but still ambiguous; the Appendix or the same > section could easily clarify "unrestrictive usage policies", and then maybe

Re: [dmarc-ietf] Example of Indirect Mail Flow Breakage with p=reject?

> On Apr 15, 2023, at 4:21 PM, Scott Kitterman wrote: > >  > >> On April 15, 2023 10:58:06 PM UTC, Neil Anuskiewicz >> wrote: >> >> On Apr 14, 2023, at 8:26 PM, Scott Kitterman wrote: >>> >>> Perfect. The goal is working towards consensus is to find something we >>> can >>> liv

Re: [dmarc-ietf] Example of Indirect Mail Flow Breakage with p=reject?

On April 15, 2023 10:58:06 PM UTC, Neil Anuskiewicz wrote: > > >> On Apr 14, 2023, at 8:26 PM, Scott Kitterman wrote: >> >> Perfect. The goal is working towards consensus is to find something we can >> live with, so that's exactly what I was hoping for. I don't think it's >> ideal >> ei

Re: [dmarc-ietf] Example of Indirect Mail Flow Breakage with p=reject?

> On Apr 14, 2023, at 8:26 PM, Scott Kitterman wrote: > > Perfect. The goal is working towards consensus is to find something we can > live with, so that's exactly what I was hoping for. I don't think it's ideal > either, but I can live with it. > > Scott K Yes sir, that’s it. However, I

Re: [dmarc-ietf] Give up on SPF alone

On 4/15/2023 11:27 AM, Douglas Foster wrote: Sorry Hector, but you are wrong on the theory and off topic. DMARC and SPF authenticate different things. DMARC is designed to override SPF Fail to handle the case of forwarding without SRS, which would be optimal if all messages were signed. SP

Re: [dmarc-ietf] list history, Signaling MLMs

On Sat, Apr 15, 2023 at 1:40 PM Scott Kitterman wrote: > > > On April 15, 2023 8:17:41 PM UTC, John R Levine wrote: > >> I'm assuming that the "long list of stinky possible workarounds" are > the existing "whatever" mitigations, and rewriting seems to be acceptable > enough as a mitigation to co

Re: [dmarc-ietf] list history, Signaling MLMs

On 4/15/2023 4:39 PM, Scott Kitterman wrote: On April 15, 2023 8:17:41 PM UTC, John R Levine wrote: I would like a pony, too. But ARC is as good as we have now and after a decade of beating our heads against the wall, I don't think we're going to find anything better. I've suggested a bunch of

Re: [dmarc-ietf] list history, Signaling MLMs

On April 15, 2023 8:17:41 PM UTC, John R Levine wrote: >> I'm assuming that the "long list of stinky possible workarounds" are the >> existing "whatever" mitigations, and rewriting seems to be acceptable enough >> as a mitigation to convince large [enterprise] mail systems to move forward >>

Re: [dmarc-ietf] list history, Signaling MLMs

I'm assuming that the "long list of stinky possible workarounds" are the existing "whatever" mitigations, and rewriting seems to be acceptable enough as a mitigation to convince large [enterprise] mail systems to move forward with restrictive policies. ... I think you are greatly overestimatin

Re: [dmarc-ietf] list history, Signaling MLMs

On Sat, Apr 15, 2023, at 12:07 PM, John Levine wrote: > It appears that Jesse Thompson said: > >Why not turn off rewriting on this list, as an experiment? The hypothesis is > >that everyone will switch to Gmail and not tilt > >at IETF, but instead they will tilt at their domain owners. > > That

Re: [dmarc-ietf] list history, Signaling MLMs

It appears that Jesse Thompson said: >Why not turn off rewriting on this list, as an experiment? The hypothesis is >that everyone will switch to Gmail and not tilt >at IETF, but instead they will tilt at their domain owners. That's how we got here. A lot of IETF participants use mail systems th

Re: [dmarc-ietf] Signaling MLMs

It appears that Scott Kitterman said: > > >On April 15, 2023 12:26:16 PM UTC, Laura Atkins >wrote: >>On Apr 15, 2023, at 4:25 AM, Scott Kitterman wrote: >>It seems to me that there is zero harm in actively documenting the problems >>with DMARC and making interoperability >recommendations abou

Re: [dmarc-ietf] Signaling MLMs

RFC 5321 restrictions on forwarding cease to be applicable when the message is modified. Once the MLM changes the message, the ML domain owns it, which is why the MLM-created message SHOULD use the ML domain on the new message. Additionally: - The recipient may not trust the author domain, for a

Re: [dmarc-ietf] Signaling MLMs

On Sat 15/Apr/2023 18:10:08 +0200 Scott Kitterman wrote: On Saturday, April 15, 2023 11:45:34 AM EDT Alessandro Vesely wrote: On Sat 15/Apr/2023 16:42:32 +0200 Scott Kitterman wrote: On April 15, 2023 1:55:59 PM UTC, Jesse Thompson wrote: And the "If a mailing list would like to provide the be

Re: [dmarc-ietf] Signaling MLMs

On Sat 15/Apr/2023 04:57:13 +0200 Murray S. Kucherawy wrote: On Fri, Apr 14, 2023 at 7:32 PM Jesse Thompson wrote: On Fri, Apr 14, 2023, at 7:17 PM, Murray S. Kucherawy wrote: The Sender's users being denied the ability to participate in a list due to its policies seems to me like it puts thi

Re: [dmarc-ietf] Signaling MLMs

On Saturday, April 15, 2023 11:45:34 AM EDT Alessandro Vesely wrote: > On Sat 15/Apr/2023 16:42:32 +0200 Scott Kitterman wrote: > > On April 15, 2023 1:55:59 PM UTC, Jesse Thompson wrote: > >>And the "If a mailing list would like to provide the best customer > >>experience...MUST rewrite" suggesti

Re: [dmarc-ietf] Signaling MLMs

On Sat 15/Apr/2023 16:42:32 +0200 Scott Kitterman wrote: On April 15, 2023 1:55:59 PM UTC, Jesse Thompson wrote: And the "If a mailing list would like to provide the best customer experience...MUST rewrite" suggestion seems like a reasonable way out of this "interoperability vs reality" standof

Re: [dmarc-ietf] Give up on SPF alone

Sorry Hector, but you are wrong on the theory and off topic. DMARC and SPF authenticate different things. DMARC is designed to override SPF Fail to handle the case of forwarding without SRS, which would be optimal if all messages were signed. Bandwidth optimization was an issue when we were on

Re: [dmarc-ietf] Signaling MLMs

> On Apr 14, 2023, at 7:31 PM, Dotzero wrote: > > On Fri, Apr 14, 2023 at 5:55 PM Hector Santos > wrote: >> Yes, it is simple DeMorgan’s Theorem where you use short-circuiting logic. >> >> DMARC says that any FAIL calculated via SPF or DKIM is an overall DMAR

Re: [dmarc-ietf] Signaling MLMs

On April 15, 2023 1:55:59 PM UTC, Jesse Thompson wrote: >On Fri, Apr 14, 2023, at 10:24 PM, Scott Kitterman wrote: >> On Friday, April 14, 2023 10:31:33 PM EDT Jesse Thompson wrote: >> > On Fri, Apr 14, 2023, at 7:17 PM, Murray S. Kucherawy wrote: >> > > The Sender's users being denied the abil

Re: [dmarc-ietf] Signaling MLMs

On April 15, 2023 12:26:16 PM UTC, Laura Atkins wrote: >On Apr 15, 2023, at 4:25 AM, Scott Kitterman wrote: ... >> Or [person] gets a Gmail account for his IETF work and doesn't bother >> tilting at >> windmills. > >That solution only works until gmail publishes p=reject. At one point they

Re: [dmarc-ietf] Signaling MLMs

I can support Todd's language: "Domain Owner MUST provide a domain with p=none for mailing list participants" because it presupposes participation with a mailing list, in particular a mailing list that presumes a right to modify content in transit. Mailing lists are not the only cause of non-mal

Re: [dmarc-ietf] Signaling MLMs

On Fri, Apr 14, 2023, at 10:24 PM, Scott Kitterman wrote: > On Friday, April 14, 2023 10:31:33 PM EDT Jesse Thompson wrote: > > On Fri, Apr 14, 2023, at 7:17 PM, Murray S. Kucherawy wrote: > > > The Sender's users being denied the ability to participate in a list due > > > to its policies seems to

Re: [dmarc-ietf] Signaling MLMs

On Apr 15, 2023, at 4:25 AM, Scott Kitterman wrote: > > On Friday, April 14, 2023 10:31:33 PM EDT Jesse Thompson wrote: >>> On Fri, Apr 14, 2023, at 7:17 PM, Murray S. Kucherawy wrote: >>> The Sender's users being denied the ability to participate in a list due >>> to its policies seems to me li

Re: [dmarc-ietf] Proposed text for p=reject and indirect mail flows

On Fri 14/Apr/2023 21:36:54 +0200 Dotzero wrote: On Fri, Apr 14, 2023 at 2:00 PM Laura Atkins wrote: On 14 Apr 2023, at 18:38, Alessandro Vesely wrote: On Wed 12/Apr/2023 13:41:16 +0200 Laura Atkins wrote: On 12 Apr 2023, at 12:21, Douglas Foster wrote: Any form of security creates inconve