Re: [dmarc-ietf] DMARC'ed reports, was Forensic report loops are a problem

Dave Crocker <> Tue, 02 February 2021 02:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 68CEC3A166E for <>; Mon, 1 Feb 2021 18:05:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Djqt6nvFp4QU for <>; Mon, 1 Feb 2021 18:05:11 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::334]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EFE163A166C for <>; Mon, 1 Feb 2021 18:05:10 -0800 (PST)
Received: by with SMTP id i20so18387683otl.7 for <>; Mon, 01 Feb 2021 18:05:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=ftHH+5RgQ9m19Mv6zYYCCVhKczF61QjpNGu2wFxnRhE=; b=mjDnYoYTww8I6efgtsQGlz1CEmPyc1vllcFnVmUkeF0eJUF+T8wT+bzlgprZzaV5wi VeAC1BIDfFxvNHjCDdNNyAEZuyR+k0KZnocXp2km4MwCiXZOYElQKn3vo0ImU6QHIcjL 9lqhGrobSge+AqU8kzKXQj9QN9qTZjXD7WpBLI/gIdWGrUwxxtdE6U9yZ++0Ox94z2S6 EStOh0O0LT5/4+LK9He1UA3PqkIWIYdVl66Ly2m6yX0hb7MzyK0rQ4YCl8Br78KXR+DD gxIgVW2Hw59Llj/Al8svdlTWzz048h4FbnDi7vS1DQW67ONh21Z885KKTOQjjpEuaYmO IKnw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=ftHH+5RgQ9m19Mv6zYYCCVhKczF61QjpNGu2wFxnRhE=; b=dtbIyEWiupwbzXE8K+byAtfjOclBVoz+Hk0QHSUgbYKZFMejAQVjFM5fweaMPNl9AR G0R8i2No6ajHTGD8+kXbD5EJ/6dk83DZ5j4YnI+O11tJT6zHwy6OnhOki52I1aNCqplt tLrVMmgvXPrinbg2QvpY4px47/1GJWY1jqX3mFl/3MPA5SydtyVPXkYkpg60PsWYchYi YbRGh6y5zwQlQ5i0p2VkWqnw1S7TmyH5atxvmaH44UXR35u5uU/LPZOrxcinK10wGTaL Iat/Pgn7AnHQI8lUAjkKb7FMvL0yTKORLrbMAiFKAGUF+8LhlnBozho4ZtiHLuQKEbUu iA3A==
X-Gm-Message-State: AOAM530GYPu7NQDDT6CI7eenubYs9ovtlpm8fPhuQraWFjQSpDaIl6H1 /I5W8/65NkAPfAoUBhXlhitixahhxXrbBw==
X-Google-Smtp-Source: ABdhPJy8pVVG23bHTSUyYhM7pHDpsHLppVAhnZkjKpt0kBcnmmORZr8HyjxknnBYAZ1zI1a2Ao/wqw==
X-Received: by 2002:a9d:2c2:: with SMTP id 60mr13337922otl.70.1612231509669; Mon, 01 Feb 2021 18:05:09 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id u191sm4828544oif.6.2021. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 01 Feb 2021 18:05:09 -0800 (PST)
To: Michael Thomas <>,
References: <20210201232105.1931D6D20971@ary.qy> <> <> <> <>
From: Dave Crocker <>
Message-ID: <>
Date: Mon, 1 Feb 2021 18:05:06 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------C21544E30582F55CD967A66F"
Content-Language: en-US
Archived-At: <>
Subject: Re: [dmarc-ietf] DMARC'ed reports, was Forensic report loops are a problem
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Feb 2021 02:05:12 -0000

On 2/1/2021 5:58 PM, Michael Thomas wrote:
> This, on the other hand, should be measurable. Saying that we should 
> ignore authentication requirements should require extraordinary proof 
> that it is needed for practical as well as security reasons. The 
> burden of proof is on the nay-sayers, especially since it is so 
> trivial to implement these days. 

Or perhaps:

    1. Barrier to adoption, for something that supposedly needs a lot
    more adoption

    2. Doesn't seem to make much difference.

I'd class those as suggesting rather strongly that the burden is on 
those that want to impose the barrier, rather than those who don't.

The problem with arbitrarily claiming a requirement, without justify it 
carefully and in a balanced matter is that it is, well, arbitrary.


Dave Crocker

Volunteer, Silicon Valley Chapter
American Red Cross