Related: there are known problems with DKIM, and there's a DKIM2 effort:
* https://datatracker.ietf.org/doc/draft-gondwana-dkim2-motiva...
* https://datatracker.ietf.org/wg/dkim/about/
* https://blog.redsift.com/email/dkim/first-look-at-dkim2-the-...
The recently-held IETF 122 had a session on it:
I'd also like to see an update to DMARC so you can require both SPF and DKIM in your policy, instead of just one out of the two.
Terrible idea, SPF is very hostile to (legitimate) forwarding. In general SPF should actually die.
If you have trusted forwarders, you just add them to the SPF policy (which can be recursive, though there is a pretty low limit on how many records can be looked up). I've not had an issue with this, personally. However, assuming DKIM can be tightened up as proposed above, I'm not sure SPF would be necessary anymore.
There are quite a few problems with that. Biggest issue is that it would require the domain owner's explicit cooperation with each forwarder. It would also allow more than just forwarding existing letters. Real-life shows that SPF really doesn't work with forwarders and it probably never will.
What does forwarder mean to you here? Because, from my perspective, a forwarder that I don't trust--or even know about--should not be allowed to deliver legitimate-looking mail from my domain. DKIM alone is weak to replay and payload extension so I don't think, as it stands right now, it is sufficient on its own.
So it seems, to me, that SPF is working exactly as it ought to. Just to be clear, this isn't pure theory or ignorant preference on my part, I've set up SPF for trusted forwarders before.
Yes, they should be able to deliver such email. Forwarding messages is absolutely vital for a lot of use-cases, starting from trivial one-to-one forwards but also mailing lists. DKIM signatures can also expire and length extension attacks are not possible unless both the signer and assessor are badly configured. In any case a theoretical replay is significantly less dangerous than unauthorised mail being sent because of SPF's inherit looseness.
In the end once the letter has left your server, it is _not_ up to you to decide what they do with it. We already have ARC to basically bypass SPF when DKIM is missing. Letters _will_ be forwarded.
SPF is obsolete and weak in other ways as well. A mere IP address is not the proper way to authenticate or authorize anything.
> SPF is obsolete and weak in other ways as well.
Maybe so! But if I create the SPF record, it should be enforced. If I don't want it enforced, then I wouldn't have created it! I think, though, where we're converging is that, if you have DKIM at all, then you shouldn't even use SPF. Supporting both in DMARC was a hack.
Nevertheless, I think a lot of time and effort is getting expended to slap security on top of the email system of the 1980s but the practical reality is that email cannot possibly work like it did in the 1980s and we need to stop pretending like it can. If I send an email to a mailing list, it shouldn't be passed off as mine when forwarded. Just as hubs have been replaced with switches in Ethernet, so too should blind repeaters be replaced with smart forwarders (this analogy is not perfect). An email coming from a mailing list is a product of the mailing list, not the original sender. It's not like we don't have the Reply-To header! Moreover, internal forwarders for things like spam filtering and virus scanning and corporate domain forests are internal infrastructure problems that shouldn't be treated as something which the sender has to prepare for. Maybe that's too idealistic, but it's not like I'm dying on the hill that we should have rolled out global S/MIME!
As regards DKIM and length extension, I'm not aware of any way to force it off. Yes, its use may be down to "badly configured" servers (ironically, the whole point of it was to handle forwarders), but nearly everything wrong with email is down to "badly configured" servers in the first place!
> If I send an email to a mailing list, it shouldn't be passed off as mine when forwarded.
I think it's actually the exact opposite, it should be possible to keep origin information intact. This lets everyone verify that it's "x through mailing list y" instead of "mailing list y saying it was x". It's a massive difference and lets the mailing list operate separate from the reputation of the content (from some other domain).
> Moreover, internal forwarders for things like spam filtering and virus scanning and corporate domain forests are internal infrastructure problems that shouldn't be treated as something which the sender has to prepare for.
And it isn't. But wanting it to be more difficult is simply not viable.
With DKIM2 coming, that kind-of combines DKIM and ARC, SPF will become even more useless and a hindrance. And signatures will be much more resilient to forwarding even with (some) modifications. This is what the industry wants, not the opposite.
> Maybe that's too idealistic, but it's not like I'm dying on the hill that we should have rolled out global S/MIME!
S/MIME is being revived as well right now. So who knows how it'll go, maybe that's an another thing we'll be getting.
> As regards DKIM and length extension, I'm not aware of any way to force it off.
Just don't use the length tag, then it's off.
What I mean is, I cannot set a policy that emails with DKIM signatures that allow length extension should not be trusted.
That's up to your MTA though. I know Stalwart has an option for it for example, but there are others.
Thinking about it, I guess you're right. While I'd like some way to say "never trust a DKIM signature claiming to be from me if it allows extension", the reality is that the only way for somebody to get their hands on such a message is if my MTA produced one in the first place.