Re: Yahoo breaks every mailing list in the world including the IETF's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, May 15, 2014 at 5:12 PM, Eric Dynamic <ecsd@xxxxxxxxxxxx> wrote:
> Responding to John Levine, Brian Carpenter, Sabahattin Gucukoglu and S
> Moonesamy:
>
> The Problem
>
> I have not read the DMARC protocol in detail, nor looked at any software
> provided for implementing it.
> What I have done is looked at the DNS record DMARC uses to "advertise" a
> site's DMARC policy,
> and the commentary surrounding that.
>
> >From what I can tell, DMARC is not a very clever protocol.
> What it appears to do, relative to a sending site X, is say
>
> "Sending site X uses SPF or DKIM or both or neither, in order for you the
> recipient to verify whether X
> actually sent the email you're currently inspecting."
>
> If that is ALL that DMARC does, I would suggest DMARC is a worthless
> protocol and that it should be
> suppressed and rescinded as an IETF-recognized protocol.
>
> Why? If a receiving site cares to combat spam, it will be using SPF and DKIM
> already; there is no
> point for an extra protocol on top to say simply "yes, I the sender did
> implement SPF and/or DKIM,
> so /you should/ proceed to use those methods to validate email claiming to
> come from my domain."

Well you don't understand the problem then.

The receiver can verify SPF or DKIM but has no way to know if the
reason that those marks are not present is because

1) The legitimate sender never uses them
2) The legitimate site sometimes does not use them
3) The legitimate site uses them but the mail went through a remailer
that stripped them
4) An authorized user of the legitimate site sent their mail another way
5) The mail was sent by a malicious actor

DMARC gives the receiver more information, that is all. Specifically
it allows cases 1 or 2 to be distinguished from 3, 4, 5.

That isn't breaking anything. Things will only break if recipients
behave cluelessly and fail to account for the possibilities 3, 4,5.


Now I for one don't actually care about 4. I know that many people in
the IETF think it is their right to send any mail they like from any
mail on the Internet without the domain name owner being involved. But
as with the folk who think that you can be part of a high technology
movement and use 1980s technology I laugh at them when their messages
get thrown into the bit bucket.

The general principle for interpreting DMARC records should be the following:

IF mail is sent from a domain that advertises DMARC policy, then the
message MUST either

* Have authentication from the purported sender establishing that it
is legitimate
* Have some other form of authentication that establishes it is not spam.

I don't think it an imposition for every mailing list to be required to

1) Use the standard indication that it is a mailing list remailer
-RFC2919 came out 13 years ago

2) Authenticate all its messages

And note that 2 is simply a corollary of the existing fact that that
if your messages are not authenticated then they are going in the bit
bucket.


Now as with all security policy, there are two reasons people complain

1) They don't understand the purpose of the policy
2) They want to continue to do the thing the policy prohibits

So we have always had a lot of chatter about anti-spam technologies
that comes from spammers and scum that they pay to shill on lists.
Quite a few of the nastiest people on the old ASRG list were being
paid by spammers to disrupt.

But there are also people who want to be able to send mail from their
home connection without going through their employer's email relay.
Well tough nouggies. That is what the publishers of the DMARC policy
want to prevent so take it up with your employer or find a new
employer or do your IETF mail on another email account.


The fact that spammers pay people to disrupt anti-spam work makes that
type of effort incompatible with a consensus based standards process.
So I really don't fault people for going outside IETF when their work
has been disrupted.

The only way to proceed with work in a consensus based process that
might be subject to that type of obstruction is to keep open the
option of proceeding outside the consensus process if disruption
occurs.

You have to be prepared to sometime bang the shoe on the table.

My understanding of the original decision to kill the IETF mail sender
authentication policy was that it was not being used. I therefore
backed the proposal to clear the ground for a proposal that might
succeed.





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]