On Wed, Aug 10, 2022 at 10:44 AM Douglas Foster < [email protected]> wrote:
> "Breaking long-standing practice" is not the fault of the domain owner > policy, it is the fault of DMARC being oversold and the DMARC result being > applied by the evaluator in a way that undermines the interest of his own > recipients. > It's worse than that: It also sabotages normal operation of third parties. RFC 6377 describes the damage we're talking about here, although the tool was called ADSP back then. > However, the domain owner has no reliable way of knowing whether > conditions 4-5 will ever apply, and applicability will be different for > different recipients. Therefore, the burden falls on the recipient's > evaluator to determine whether "p=reject" is caused by condition 6 or by > one of the other conditions. Telling domain owners not to use p=reject is > not the solution; the real solution is for evaluators to act wisely, and to > review other available evidence carefully. Our document can provide > guidance on wise use, starting with a discussion of possible failure modes. > I think you're suggesting that we need a way to identify a failure that's caused by, say, MLMs altering messages (your case 4), and handle those differently -- perhaps with less severity -- to avoid the collateral damage DMARC causes. But that gives attackers a recipe for creating a message that falls in your cases 5 or 6 yet will get less severe treatment than it deserves. Similarly, creating a de-munging strategy presents a cookbook that might be able to construct a message that will fail DKIM in a way that something later in the processing order will forgive. Moreover, we would have to be sure of being able to describe a very high percentage of all mutations MLMs do in a manner that's hard for receivers to reverse incorrectly. But those mutations range from simple (subject tagging) to quite complex (MIME wrapping or restructuring). We've considered both of these approaches before, and have never managed to convince ourselves we could achieve an acceptable level of success. There was, so far as I know, not even a single experimental implementation of any of the proposals. We seem to be left with the idea of telling domain owners that "p=reject" causes damage at a level that does not justify the protection it provides. Domain owners wishing to protect themselves obviously have disagreed with that value judgement, but the community for which the IETF speaks, I would argue, is larger than that. -MSK, no hat
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
