Re: [dmarc-ietf] auth-res vs. dmarc
Michael Thomas <mike@mtcc.com> Tue, 29 December 2020 20:00 UTC
Return-Path: <mike@fresheez.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 487FC3A0978 for <dmarc@ietfa.amsl.com>; Tue, 29 Dec 2020 12:00:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UqmG512-6C3O for <dmarc@ietfa.amsl.com>; Tue, 29 Dec 2020 12:00:57 -0800 (PST)
Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3BEE3A0C1F for <dmarc@ietf.org>; Tue, 29 Dec 2020 12:00:46 -0800 (PST)
Received: by mail-pj1-x1031.google.com with SMTP id lj6so1972890pjb.0 for <dmarc@ietf.org>; Tue, 29 Dec 2020 12:00:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc.com; s=fluffulence; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=oCHVQ+61ou/B/Kd1Zao0JO0u6LPihiOfHQPfj+1MIsA=; b=APDBMCBABruOoRvBIFMfvXqWKm6pctUzVagVCgFtTkkciNYMi2QQeubS4BpAgd2/tT HGk8SP96/DgBPyY2LxfU6Wtb6ERSbdYdDTM/YgbZN/fXLteB8yZ/XMS++7sj3FuzYgLO WH2HEvq4uJ2NnLHkFayyqBmjpa11Hq/8ESFBaXp+/O0df0Pn+FUXo7soY0cB3KLTog2T WpT5rUHO86aVw/1sfmN1XYSMWPkOLF+IzVo778gHje7/jgh5VtY4KdD8ZBIaC5KmzJAs vzpjBMjUQlXGQpqhCTMzdx/DKpTaambke72QQlNjWco/BiwQc/wGA/Kj+jSxRYRarzcA 6vqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=oCHVQ+61ou/B/Kd1Zao0JO0u6LPihiOfHQPfj+1MIsA=; b=Jso6ibi/kNEC6eRqBlmB+5+aZUqCDXtNNtGuKHLF69EQEI97Vq4fiz40ZGQu7LJrHp tcke+8LYAWeW0xCiVqA4Wj5GXTGgcdDxVZyQutnttC3AYGxKUaeG7zzbqpikZgyIB+p8 xgnELAzLAc0j9Qqpo2m7GFp+l1L2B3pVMKBAk4PaQSK802BebhHJNTOOWurnTbV1K1KD A2/2Wlo38WByIjoMLrGdiPX2P8Nva3Pue34mKHnjUEwIfU51Sqyistt/gEdCgNY9ADOl YxImkcVZLt9uVRu/+KUMq9hszVJmVCrugn8Jk+0tj28wVmrl2SbN1nTvYfpxm9MKzeK/ wmdQ==
X-Gm-Message-State: AOAM530vkb5ON7gL00aHhfpQ13wWFrAojje105Es7uw2RL9EssegUAnA dZU7R51aT/Hq3o9rLRxn+rXyIGHuS+6b2A==
X-Google-Smtp-Source: ABdhPJzQk0ixjjgy0cRZnCYNmIyHkGulcioOZhZvjKFgEx2JzO+DJXMxRugmuQxN81fOeMIVI9mkMA==
X-Received: by 2002:a17:902:b406:b029:db:3c3:e4cd with SMTP id x6-20020a170902b406b02900db03c3e4cdmr50142657plr.79.1609272045613; Tue, 29 Dec 2020 12:00:45 -0800 (PST)
Received: from mike-mac.lan ([107.182.37.0]) by smtp.gmail.com with ESMTPSA id g11sm3810647pjb.35.2020.12.29.12.00.44 for <dmarc@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 29 Dec 2020 12:00:45 -0800 (PST)
To: dmarc@ietf.org
References: <9f6782b1-e85b-1a9c-9151-98feff7e18ea@mtcc.com> <CAHej_8m0OWsTt+tcSgUh+Fxu=HH_57nsb2O1Q_fgA2453ceh4g@mail.gmail.com> <140485eb-020f-4406-3f2f-e2c475ea51e5@mtcc.com> <CAHej_8mApfoF2ORgL+DoYTanrdhMjvT9H27kORwLKCQc1C9sRw@mail.gmail.com> <5588dbbe-b876-ed80-c80f-792380e3718f@mtcc.com> <CAHej_8=kW_t_JkOxUud1Uz8+PrbMh5CfwfxZK=mhe0wjW8wQpw@mail.gmail.com> <54dd9978-bcd1-6757-ad27-dcef6db6e5f7@mtcc.com> <CAHej_8kCi=7oqojDH_rbjn7kRg-PTDJWLgcKTGK9z-baUnKeMw@mail.gmail.com>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <ef32de1e-d47e-1d0f-3cec-5994c7fdb7ae@mtcc.com>
Date: Tue, 29 Dec 2020 12:00:43 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <CAHej_8kCi=7oqojDH_rbjn7kRg-PTDJWLgcKTGK9z-baUnKeMw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------09425AEBD9B1A062DB773D2A"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/-LZIISYzUmPKXCBMsZVdN389GvY>
Subject: Re: [dmarc-ietf] auth-res vs. dmarc
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Dec 2020 20:00:59 -0000
On 12/29/20 11:35 AM, Todd Herr wrote: > None of the validation checks bothered with the p= value in the > mrochek.com <http://mrochek.com> DMARC policy record, because the p= > value is immaterial to the validation check. Whether DMARC passes or > fails is based on whether SPF or DKIM passes or fails with an aligned > domain, full stop. > Once the DMARC validation result is determined, then the mailbox > provider or entity performing the DMARC validation check can refer to > the p= value in determining how to dispose of the message, but it > doesn't have to. It's worth noting perhaps that Google does record > message disposition in the auth-res header, though: > > dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mrochek.com > <http://mrochek.com/> > Unless those values in parens are a MUST requirement, the dmarc=fail is highly misleading. I haven't even seen any specification for the dmarc part of auth res in rfc 7601, which may be part of the problem. I don't see any normative language which would update rfc7601 in dmarc with the syntax and semantics of the dmarc field. At the very least this needs to be straightened out because auth-res, to Ned's earlier point, can have consumers in the form of MUA's. Mike
- [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Hector Santos
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Laura Atkins
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Douglas Foster
- Re: [dmarc-ietf] auth-res vs. dmarc Kurt Andersen (b)
- Re: [dmarc-ietf] auth-res vs. dmarc Douglas Foster
- Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
- Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Dotzero
- Re: [dmarc-ietf] auth-res vs. dmarc Laura Atkins
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Dotzero
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Dotzero
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Seth Blank
- Re: [dmarc-ietf] auth-res vs. dmarc Hector Santos
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Seth Blank
- Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Seth Blank
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Seth Blank
- Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
- Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
- Re: [dmarc-ietf] auth-res vs. dmarc John Levine
- Re: [dmarc-ietf] auth-res vs. dmarc Murray S. Kucherawy