Better a correct answer slowly than an incorrect answer quickly.
For the existing PSL, it is not just the accuracy of the document itself, but
also the accuracy of the parsing process. Is there a well-trusted parser
floating around?
DF
From: dmarc [mailto:dmarc-boun...@ietf.org] On
fix, so I don't know that mimicking a public suffix
is a problem. The only caveat is that we need a maximum depth to limit
malicious DNS structures intended to waste search effort by evaluators.
Doug Foster
-Original Message-
From: dmarc [mailto:dmarc-boun...@ietf.org] On Be
slightly less problematic.
Doug Foster
From: Tim Wicinski [mailto:tjw.i...@gmail.com]
Sent: Thursday, November 19, 2020 11:04 PM
To: fost...@bayviewphysicians.com
Cc: IETF DMARC WG
Subject: Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc-psd: Definition of NP
Doug
In looking for
My wishlist for ARC:
ARC tells me that somebody changed some data, but it does not tell me which MTA
performed the forwarding operation, added content, or performed address
rewriting. If we could get HELO names into the ARC data, then those names
could be correlated with the Received header
To return briefly to the muddy waters that I created. John is correct that
"mail enabled" is not useful for the RFC5322.From address, and my last note
expanded on reasons why that is correct.
However, spoofing of non-existent subdomains is a potential problem for the
RFC5321.MailFrom domain, w
because it seems to be moving us closer to the performance
implications of a scope-limited tree walk.
Doug Foster
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
DMARC clearly intends for the NP policy to be a general solution to a
general problem.If there are still objections to it becoming a general
solution, this should be addressed soon.
Doug Foster
From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of Tim Wicinski
Sent: Friday, November
It appears that these tickets are all related to this issue:
#24 objection to maintaining registry for all participating public
suffixes
#34 Define the term "Public Suffix" referencing RFC8499
#46 Separate org domain definition from core DMARC
#58 Add third l
more sustainable than
what we have right now.
DF
From: Murray S. Kucherawy [mailto:superu...@gmail.com]
Sent: Wednesday, November 11, 2020 12:02 PM
To: Doug Foster
Cc: IETF DMARC WG
Subject: Re: [dmarc-ietf] On splitting documents and DBOUND
On Wed, Nov 11, 2020 at 6:01 AM Douglas E
I would be content with language that says:
If an evaluator detects a DMARC record without a policy tag, it MAY reject the
record as invalid or it MAY treat the record as equivalent to p=none.
Consequently, domain owners SHOULD include a p= tag, as the recipient action is
otherwise unpredictabl
It appeared to me that adoption had the plurality of votes, by my estimate
something like 6 to 3. But the objections to the document were substantial
and the proponents of proceeding said nothing during the call to indicate that
those objections can be mitigated.
One of those problems is “
and AOL was
not willing to create exceptions.
I understand the perceived inconvenience of a rewritten From address.
But I see the network of trust only enhanced, not diminished, by the DMARC
mechanism.
Doug Foster
-Original Message-
From: dmarc [mailto:dmarc-boun...@ietf.org] On
,
actual spoofing of the From address is not a huge part of my problem at
present. This is largely because spammers have easy enough tools in Friendly
Name spoofing and corporate logo misuse. But I also attribute that low volume
to the existence of SPF and DMARC.
Doug Foster
From
n administrator to disable all forwarding from any account.
I do not think I have seen admin-controlled selective forwarding, but others
have more product experience than I do.
Doug Foster
-Original Message-
From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of Jesse Thompson
Sent: Thur
Are the weak signatures vulnerable to a replay attack?I thought that one of
the reasons that DKIM signatures included the whole body was to prevent the
signature from being reused.
DF
From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of Dotzero
Sent: Tuesday, August 25, 2020 1:51
If I followed Neil’s discussion of MajorCRM:
The current DMARC architecture supports authorizing a vendor to mail on behalf
of their clients if the client includes them in their SPF policy or delegates a
DKIM scope to them and they use it.
I agree that SPF is too limiting (including hard
In brief:
My thinking is based on these foundations:
- the incoming email gateway is an AAA server which conditionally allows
anonymous logins
- The NIST framework for digital identity. https://pages.nist.gov/800-63-3/
In that regard, digital identity is the focus, not human headcount.
"customer
iable
upon delivery, whether submitted by a DMARC-participating domain or not.
There are several options for identifying the originator despite using the
list domain in the From address. Some of these have been discussed in the
Working Group.
Summary
The proposal is without merit.
Doug Foster
Hector, I do not understand this comment:
"The DKIM Policy Model since ADSP lacked the ability to authorize 3rd party
domains. DMARC did not address the problem and reason ADSP was abandoned. Hence
the on-going dilemma."
Domains that participate with a mailing list have the option of including
Since the conflict between DMARC and Mailing Lists is related to the changes
that Mailing List apply to a received message, it may be useful to review the
purposes that each of those changes serve, with a goal of eliminating
unnecessary changes.
Specifically, this list adds a footer to every me
ewrite. And
the whole thing may be too complicated to implement in a way that is upward
compatible with the present architecture. But it would be a better model
of reality.
Doug Foster
-Original Message-
From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of Hector Santos
Sent: Fr
Gmail specifies quarantine.
Verizon.com, aol.com, and yahoo.com (common ownership) specify reject,
reject, and quarantine respectively.
Microsoft (live and Hotmail) specify none.
Embarqmail specifies none.
Which services did you check?
-Original Message-
From: dmarc [mailto:dmarc-boun
This is a beautiful proposal if one assumes that domain owners will want to
change.Since we do not have them well represented in this discussion, it
is a conclusion that needs to be tested.
I have pressed Dave on the issue of how good ML domains are to be
distinguished from criminal domains, a
Is not the whole point of your proposal to allow the MLM to authenticate the
message based on the MLM domain signature alone, while presenting the document
as originating from another domain?
That is the very behavior that DMARC is trying to prevent.
But since MLM editing is so important to you
Let's clarify the purpose of DMARC and the problem of MLM edits:
Modifying in-transit messages is a threat vector for both sender and
recipient.
The ability to constructively modify a message is also the ability to
maliciously modify a message.
And the ability to maliciously modify a message is al
If MLM changes are not reversible, we still have the problem of convincing the
recipient gateway to trust the modified message.
At first glance, this is an internal issue between the user who created the
subscription and his email security administrator, and that communication is
not obvious
I like the idea of making signatures recoverable wherever possible.
For mailing lists, I wonder if this approach is sufficient to solve the whole
problem. If the MLM transformation is for security rather than informational
purposes, I expect that the transformations will be (even should b
You were partially right. Outlook allows me to pick columns, but I forgot
that the feature was available.
I don't see the feature on two web MUAs or two phone MUAs that I checked.
Doug Foster
-Original Message-
From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of Aless
it probably does not sufficiently solve the user interface need.
Which also suggests why I have not seen spammers try to manipulate that
field.
Doug Foster
-Original Message-
From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of Alessandro Vesely
Sent: Monday, June 29, 2020 5:19 AM
To
e your own organization's signatures onto the internet when you can
or should know that they will fail validation.
Doug Foster
-Original Message-
From: Dave Crocker [mailto:d...@dcrocker.net]
Sent: Friday, May 31, 2019 12:41 AM
To: fost...@bayviewphysicians.com
Cc: IETF DMARC WG
Subj
our outbound traffic. I will be working with the vendor on that.
Doug Foster
-Original Message-
From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of Dave Crocker
Sent: Wednesday, April 10, 2019 3:37 PM
To: IETF DMARC WG
Subject: [dmarc-ietf] DNS library queries for DKIM and
: Neutral, Softfail, Syntax errors, or
Excessive nesting
Do you handle SPF any differently between senders with DMARC enforcement and
those without?
Doug Foster
From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of Ken Simpson
Sent: Thursday, March 21, 2019 1:01 PM
To: John R Levine
Can one of you elaborate on the potential connection between PeP and DMARC,
or more generally, the connection beteen PeP and spam filtering?
-Original Message-
From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of DAMY gustavo
Sent: Tuesday, March 19, 2019 2:03 PM
To: dmarc@ietf.org
Cc
33 matches
Mail list logo
