IETF Logo Mail Archive

Re: [dmarc-ietf] Reporting DMARC policy in A-R header fields

Scott Kitterman <sklist@kitterman.com> Mon, 29 July 2019 19:59 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BCF712004D for <dmarc@ietfa.amsl.com>; Mon, 29 Jul 2019 12:59:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=8JXHwK+5; dkim=pass (2048-bit key) header.d=kitterman.com header.b=SCu8i8Ba
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uwEU0Q8Aod3h for <dmarc@ietfa.amsl.com>; Mon, 29 Jul 2019 12:59:32 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F628120045 for <dmarc@ietf.org>; Mon, 29 Jul 2019 12:59:32 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 47F64F806FC for <dmarc@ietf.org>; Mon, 29 Jul 2019 15:59:31 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1564430371; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=ecwbqBhVYp71GMVXYrK4mKc5gtuViP4q5ISdHZcRQEw=; b=8JXHwK+5jn3gGgZX4O+IpurdUopExHIOubK+TDAj73ZTlpX9wge8OrvQ Pu37XC15FCvQIBDLh+7QBeryIK+9BA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1564430371; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=ecwbqBhVYp71GMVXYrK4mKc5gtuViP4q5ISdHZcRQEw=; b=SCu8i8Bavm+FZ6Kg7+1rOEEn58YJoOcguZ/Ag+riLqVODM5IgFZRk2tx wdJWyn/cLX2Nz3cFJpsKndI7FgKmfckM58/qu1Htww8FmrFgNqxnNwEPAb 5w1/Mx+oCWFxgHicPXYkERunpsmIkogDLZbcNzO+WSY6jd1CAJmWHyvmqH FZi/hfCJvZaDYi11N7a/kGLP+NSszsW9okrtk5CQbBxfT2nL9Ko0C/HHfw RG3Sd6U34YdzGLaCtI/kFd8Khkrvi4s7rV105ZQgnaV18wwYXZMQ75T+75 3dC/vSw1rKdWQlJ83iXukn7Hw3eJ9+ZDfNWkYYWilE6HWnJGWBPP3g==
Received: from l5580.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id 155C1F80096 for <dmarc@ietf.org>; Mon, 29 Jul 2019 15:59:31 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Mon, 29 Jul 2019 15:59:30 -0400
Message-ID: <2267305.yL6gokGGJv@l5580>
In-Reply-To: <9ef6b312a93d2b5542194539bd99e31e8451d7ba.camel@aegee.org>
References: <2577720.3ZthdXZjm2@l5580> <9ef6b312a93d2b5542194539bd99e31e8451d7ba.camel@aegee.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/-ce2JtGQ-jiI-3htCzaHH-RPxs0>
Subject: Re: [dmarc-ietf] Reporting DMARC policy in A-R header fields
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jul 2019 19:59:34 -0000

On Monday, July 29, 2019 3:50:34 PM EDT Дилян Палаузов wrote:
> Hello Scott,
> 
> You want to add the option to record the DMARC policy in the A-R header.  I
> add it as comment:
> 
> Authentication-Results: mail.example.org/x551xr2q019874; dmarc=pass
>  (p=quarantine dis=none) header.from=example.com; spf=pass
>  smtp.mailfrom=uuuu@example.com
> 
> with dis being the disposition.
> 
> What will a downstream processor do with the information?

It would execute the policy (e.g. reject or quarantine).  I would rather 
enforce reject in the MTA and leave quarantine to the MDA since that's just a 
question of which folder the mail lands in, not really an MTA function.  If 
you don't do all the policy enforcement in the MTA, then there needs to be 
some way to record it.

Scott K

> On Mon, 2019-07-29 at 15:37 -0400, Scott Kitterman wrote:
> > I'd like to add the option to record DMARC results in an A-R header field
> > for consumption by a downstream processor.  I think it would be something
> > like this:
> > 
> > Authentication-Results: mail-router.example.net; dmarc=pass
> > header.from=example.com policy.dmarc=none
> > 
> > That would take adding an entry in the Email Authentication Methods
> > registry for:
> > 
> > method: dmarc
> > ptype: policy
> > value: dmarc
> > 
> > Does that make sense as a way to do it?  Does anyone have alternative
> > suggestions?
> > 
> > Scott K
> 
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email