About discarding From alignment: DMARC has been sold to big corporations as essential to defending their brand identity. In response, they pay serious money to keep Valimail and its competitors in business. I see no way that we can put forward a proposal that will put Valimail and its friends out of business, while incurring the wrath of C-Level executives and legal teams at Fortune 500 companies. Not that I have any of those people on speed dial, so maybe someone can prove me wrong. But I have been surprised that one of the DMARC reporting companies is not listening to this part of the discussion and having alarm bells.
About credible mediators: You are right that if an inbound email gateway believes a Mediator is credible, then all that is necessary is for the Mediator to prove his own identity. But what is the mechanism by which a Mediator obtains the trust of the email gateway? And by what mechanism does the Mediator know that the email gateway has determined it to be credible? One option is to provide so much information in the email message that the email gateway will grant trust on the fly. Murray's approach has appeal because, especially when coupled with appropriate LIST-* and RESENT-* headers, it provides all of the information needed for a decision to be made. ARC has less appeal because it provides just enough information for the email gateway to detect that something deliberate was done, but not much more. Researching the credibility of the list would need to occur out-of-band using LIST-* headers as a starting point. But there is a larger problem. Even after the gateway decides the Mediator is credible, the Mediator is ignorant of the gateway's decision, so the Mediator is unable to take advantage of that decision. The other option is for the MLM and the Email gateway administration to negotiate credibility in advance, with the subscriber acting as sponsor for the discussion. DF ---------------------------------------- From: Jim Fenton <[email protected]> Sent: 7/6/20 2:33 PM To: [email protected] Subject: Re: [dmarc-ietf] Fwd: New Version Notification for draft-kucherawy-dkim-transform-01.txt On 7/6/20 10:41 AM, John R Levine wrote: > On Mon, 6 Jul 2020, Dave Crocker wrote: >>> I don't understand this scenario at all. Why would I want to show >>> my user a message forwarded by a spammer? If the original sender >>> wanted me to see it, she could have sent it to me directly, or >>> through a legit mailing list. >> >> Perhaps, like some others, I'm not understanding this correctly, but >> I think the proposal has nothing at all to do with what the recipient >> sees. Rather, I've understood this as an attempt to reverse >> additions made by a Mediator, with the goal of validating the >> origination DKIM signature. Presumably that is so as to use the >> origination domain's reputation and even permit DMARC to validate. > > But why would I want to do that? ARC lets a credible mediator say > this message was OK before I munged it. This proposal lets a sleazy > mediator say the same thing, with advice on how to verify mechanically. Your use of "credible mediator" and "sleazy mediator" emphasizes that we're depending on the mediator behaving responsibly. Given that's the case, why not just expect a responsible mediator to verify the DKIM signature (or maybe SPF) on the incoming message, check its alignment with the From: domain, then make whatever modifications it wants to make, then re-sign the message with the mediator's DKIM signature containing a tag that says it did all of the above? Yes, this is a "get out of DMARC free" card for mediators to use. But we're already dependent on being able to distinguish between credible mediators and sleazy mediators, and this tag simply says, "if you trust that I'm a credible mediator and this message has a valid signature from me, you should accept the message even if my signature doesn't align with the From: domain." This gets us out of the business of trying to define what acceptable and unacceptable transformations are. If the transformation was done by a credible mediator, it's acceptable. Many (most?) mediators do not currently require authentication (+alignment) on incoming messages. They could continue to forward the unauthenticated messages, but without the new tag. -Jim P.S. I'm still not sold on the value of From: domain alignment, but left that in here to avoid conflating too many different ideas. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
