Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-21 Thread Scott Kitterman
On January 21, 2015 5:20:42 PM EST, Anne Bennett wrote: > >Scott Kitterman writes: > >> DMARC takes the SPF result and the Mail From as an input >> (which in the case of a null Mail From is a synthetic Mail From >> built using HELO, but that's just a coincidence). SPF isn't >> just a result (pas

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-21 Thread Scott Kitterman
On January 21, 2015 5:01:53 PM EST, Franck Martin wrote: > > > > >- Original Message - >> From: "Scott Kitterman" >> To: dmarc@ietf.org >> Sent: Tuesday, January 20, 2015 9:36:57 PM >> Subject: Re: [dmarc-ietf] ... and two more tiny nits,

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-21 Thread Anne Bennett
Scott Kitterman writes: > DMARC takes the SPF result and the Mail From as an input > (which in the case of a null Mail From is a synthetic Mail From > built using HELO, but that's just a coincidence). SPF isn't > just a result (pass, fail, etc), it also has a domain and a > related identity. .

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-21 Thread Franck Martin
- Original Message - > From: "Scott Kitterman" > To: dmarc@ietf.org > Sent: Tuesday, January 20, 2015 9:36:57 PM > Subject: Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it > > On January 21, 2015 12:31:45 AM EST, Franck Martin >

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-21 Thread Hector Santos
On 1/20/2015 5:54 PM, Anne Bennett wrote: Franck Martin writes: Yes, RFC7208 says evaluate both in parallel, but the result of an spf=pass/fail is highly constrained on the success or failure of the MAIL FROM spf test. Actually, it recommends checking the HELO identity first, because if you

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-21 Thread Hector Santos
On 1/21/2015 10:50 AM, Michael Jack Assels wrote: On Tue, 20 Jan 2015 16:14:32 CST, Franck Martin wrote: [...] Your confusion on HELO is may be related to the fact that the HELO string is only used when the MAIL-FROM: is empty? There is some text here: http://trac.tools.ietf.org/html/rfc7208#

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-21 Thread Michael Jack Assels
On Tue, 20 Jan 2015 16:14:32 CST, Franck Martin wrote: > [...] > Your confusion on HELO is may be related to the fact that the > HELO string is only used when the MAIL-FROM: is empty? > > There is some text here: > http://trac.tools.ietf.org/html/rfc7208#section-10.1.3 > > The HELO string is no

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Scott Kitterman
On January 21, 2015 12:31:45 AM EST, Franck Martin wrote: > >- Original Message - >> From: "Scott Kitterman" >> To: dmarc@ietf.org >> Sent: Tuesday, January 20, 2015 9:02:26 PM >> Subject: Re: [dmarc-ietf] ... and two more tiny nits, while I

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Franck Martin
- Original Message - > From: "Scott Kitterman" > To: dmarc@ietf.org > Sent: Tuesday, January 20, 2015 9:02:26 PM > Subject: Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it > > On Tuesday, January 20, 2015 17:40:39 Franck Martin

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Scott Kitterman
On Tuesday, January 20, 2015 17:40:39 Franck Martin wrote: > - Original Message - > > > From: "Scott Kitterman" > > To: dmarc@ietf.org > > Sent: Tuesday, January 20, 2015 2:49:01 PM > > Subject: Re: [dmarc-ietf] ... and two more tiny nits, whil

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Scott Kitterman
On Tuesday, January 20, 2015 22:57:34 John Levine wrote: > >HELO results are unrelated to DMARC. > > Is that still true when the bounce address is empty? It's fairly common > to have an NDR with an empty bounce address and > > From: MAILER-DAEMON@flaky.example > > Assuming it's not DKIM signed

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Scott Kitterman
On Tuesday, January 20, 2015 22:55:58 Terry Zink wrote: > >7208 actually recommends that the HELO string be evaluated every time. > > > > http://trac.tools.ietf.org/html/rfc7208#section-2.3 > > They do say to check it both times but I don't agree with the rationale > provided. Expanding on the exc

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Murray S. Kucherawy
On Tue, Jan 20, 2015 at 1:44 PM, Anne Bennett wrote: > I apologize for my inadvertently poor timing; I was catapulted > into all this last week when my parent domain (also my > Organizational Domain) published an SPF record and a DKIM > record, and we became concerned that they might implement DM

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Franck Martin
- Original Message - > From: "John Levine" > To: dmarc@ietf.org > Cc: skl...@kitterman.com > Sent: Tuesday, January 20, 2015 2:57:34 PM > Subject: Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it > > >HELO results are unrelated to

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Franck Martin
- Original Message - > From: "Scott Kitterman" > To: dmarc@ietf.org > Sent: Tuesday, January 20, 2015 2:49:01 PM > Subject: Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it > > > Last time I had stats, it was about 10% as common as Mail

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread John Levine
>HELO results are unrelated to DMARC. Is that still true when the bounce address is empty? It's fairly common to have an NDR with an empty bounce address and From: MAILER-DAEMON@flaky.example Assuming it's not DKIM signed (most NDRs aren't) what's a DMARC user supposed to do? R's, John

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Terry Zink
>7208 actually recommends that the HELO string be evaluated every time. > http://trac.tools.ietf.org/html/rfc7208#section-2.3 They do say to check it both times but I don't agree with the rationale provided. Expanding on the excerpt that Laura provided: 2.3. The "HELO" Identity It is RECOM

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Anne Bennett
Franck Martin writes: > Yes, RFC7208 says evaluate both in parallel, but the result > of an spf=pass/fail is highly constrained on the success or > failure of the MAIL FROM spf test. Actually, it recommends checking the HELO identity first, because if you get a definite result from that, you ma

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Scott Kitterman
On Tuesday, January 20, 2015 16:38:43 Franck Martin wrote: > - Original Message - > > > From: "Scott Kitterman" > > To: dmarc@ietf.org > > Sent: Tuesday, January 20, 2015 2:29:10 PM > > Subject: Re: [dmarc-ietf] ... and two more tiny nits, while I

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Scott Kitterman
On Tuesday, January 20, 2015 14:34:22 Laura Atkins wrote: > On Jan 20, 2015, at 2:14 PM, Franck Martin wrote: > >> But on the off-chance that it's not impossible to clarify > >> this now, and assuming that my growing suspicion that HELO is > > > >> ignored is correct, then I would propose: > > Yo

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Franck Martin
- Original Message - > From: "Scott Kitterman" > To: dmarc@ietf.org > Sent: Tuesday, January 20, 2015 2:29:10 PM > Subject: Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it > > On Tuesday, January 20, 2015 16:14:32 Franck Martin

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Laura Atkins
On Jan 20, 2015, at 2:14 PM, Franck Martin wrote: > >> But on the off-chance that it's not impossible to clarify >> this now, and assuming that my growing suspicion that HELO is >> ignored is correct, then I would propose: >> > > Your confusion on HELO is may be related to the fact that the H

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Scott Kitterman
On Tuesday, January 20, 2015 16:14:32 Franck Martin wrote: > - Original Message - > > > From: "Anne Bennett" > > To: "DMARC list" > > Sent: Tuesday, January 20, 2015 1:44:16 PM > > Subject: Re: [dmarc-ietf] ... and two more t

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Franck Martin
- Original Message - > From: "Anne Bennett" > To: "DMARC list" > Sent: Tuesday, January 20, 2015 1:44:16 PM > Subject: Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it > > > Hi, Murray. > > MK> I think all of

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-20 Thread Anne Bennett
Hi, Murray. MK> I think all of the points in your three messages are good input for a more MK> solid specification, but the timing is unfortunate as we just got MK> publication approval for -12 a week ago. I apologize for my inadvertently poor timing; I was catapulted into all this last week whe

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-19 Thread Murray S. Kucherawy
On Mon, Jan 19, 2015 at 6:30 AM, Tim Draegen wrote: > No objection — please do use the WG’s tracker for these items. Anne’s > thorough review will be picked up (and not rediscovered!) if we’ve got an > obvious place to start from. > Done for Anne's points, and I'll do so for Jim Fenton's remain

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-19 Thread Murray S. Kucherawy
On Mon, Jan 19, 2015 at 6:43 AM, Tim Draegen wrote: > DMARC implementations are already in the wild and deployed. Input to the > existing specification will be largely based on working implementations. > You might have your own reasons for waiting for this WG to review the DMARC > base draft, bu

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-19 Thread Tim Draegen
> On Jan 17, 2015, at 12:00 PM, Hector Santos wrote: > > I have two concerns. > > It seems you "jumped the gun" to accept the RFC 4408 obsolete idea. Is 7208 > backward compatible or not? Does DMARC require 7208 operations or 4408 > operations? > > And is this -12 publication "worthy" of eve

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-19 Thread Tim Draegen
> On Jan 16, 2015, at 11:08 PM, Murray S. Kucherawy wrote: > > Would the co-chairs object to beginning to track these items using the WG's > tracker? If and when we do decide to crack open the base document for a > Proposed Standard revision, we'd already have an inventory of topics to > cons

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-17 Thread Hector Santos
I have two concerns. It seems you "jumped the gun" to accept the RFC 4408 obsolete idea. Is 7208 backward compatible or not? Does DMARC require 7208 operations or 4408 operations? And is this -12 publication "worthy" of even considering for implementation? Or should we wait for the more "s

Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-16 Thread Murray S. Kucherawy
Hello Anne, On Fri, Jan 16, 2015 at 4:41 PM, Anne Bennett wrote: > Having just spent several hours poring over this document > (-12), I might as well send my additional minor observations. > I suspect that some of you will consider these items trivial, > but they gave me pause as I went back and

[dmarc-ietf] ... and two more tiny nits, while I'm at it

2015-01-16 Thread Anne Bennett
Having just spent several hours poring over this document (-12), I might as well send my additional minor observations. I suspect that some of you will consider these items trivial, but they gave me pause as I went back and forth through several sections of the text to make sure I understood corre