[dmarc-ietf] Reports helping spammers? (#81)

"Brotman, Alex" <Alex_Brotman@comcast.com> Thu, 21 January 2021 21:00 UTC

Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A8143A0C8A for <dmarc@ietfa.amsl.com>; Thu, 21 Jan 2021 13:00:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xmYOUHpDk7ik for <dmarc@ietfa.amsl.com>; Thu, 21 Jan 2021 13:00:00 -0800 (PST)
Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C94F3A0C40 for <dmarc@ietf.org>; Thu, 21 Jan 2021 13:00:00 -0800 (PST)
Received: from pps.filterd (m0184894.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 10LKu4QT022517 for <dmarc@ietf.org>; Thu, 21 Jan 2021 15:59:59 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=20190412; bh=ynqYXG/sCMjFuyUNLbzSc5TGvTUezbUO7mboFDf5/yA=; b=zezC31kPF72T9cS7GEBn/JJlEmYQ3bLCDXz4MOjJtDAZpe9bBKu+gB0TdXZs41TcIkpH FWKcje48xSiveSi6JKU4fdkoGt0ADchgR7iTYqwoVp0ICTj7IrPuFswNnIKCo37O2emS 1Qx45zm98+JIuKsyzQpE/ybQjuSLb3YY3MdYRjj+R4gbOlegbs3VK7lFUXxjfwX6M+fw qMF8vZsdPX5dal48kVze9nxlUWKLlwWP2/iAO/8jB+vhhSLd4J22EZ6j8t7l31r+zJke v3kxLWALehQ0Df7431X8bK9B7n5J6b5GSA6TPA6q4YWdCozmPyVpLcwN4oxEk3PXBOc8 CQ==
Received: from copdcexc36.cable.comcast.com (dlppfpt-po-1p.slb.comcast.com [96.99.226.137]) by mx0a-00143702.pphosted.com with ESMTP id 3668pxx0rd-18 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <dmarc@ietf.org>; Thu, 21 Jan 2021 15:59:59 -0500
Received: from copdcexc33.cable.comcast.com (147.191.125.132) by COPDCEXC36.cable.comcast.com (147.191.125.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Thu, 21 Jan 2021 13:59:55 -0700
Received: from COPDCEXEDGE01.cable.comcast.com (96.114.158.213) by copdcexc33.cable.comcast.com (147.191.125.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5 via Frontend Transport; Thu, 21 Jan 2021 13:59:55 -0700
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.45) by webmail.comcast.com (96.114.158.213) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 21 Jan 2021 15:59:56 -0500
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by MN2PR11MB4080.namprd11.prod.outlook.com (2603:10b6:208:137::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3784.13; Thu, 21 Jan 2021 20:59:41 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::7ca6:b482:a6b0:4d42]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::7ca6:b482:a6b0:4d42%7]) with mapi id 15.20.3784.013; Thu, 21 Jan 2021 20:59:41 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: Reports helping spammers? (#81)
Thread-Index: AdbwN7eHzVTBNYjVTlSst7HV1ZiSWA==
Date: Thu, 21 Jan 2021 20:59:41 +0000
Message-ID: <MN2PR11MB43515A1079F57BD6F6EE0A80F7A19@MN2PR11MB4351.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=comcast.com;
x-originating-ip: [2601:43:101:380:cc0c:4516:4bee:da79]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6b1996a5-931f-471d-0982-08d8be4f78de
x-ms-traffictypediagnostic: MN2PR11MB4080:
x-microsoft-antispam-prvs: <MN2PR11MB4080226DD256916BFDFB3213F7A19@MN2PR11MB4080.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: V/utwQxC7y0D/5TNvd2xzFYhre1zmHGsdLtS4wRZDpspmXf/Otox0r9Pc/irxw91Wzj59cOHFDZhADTdjxyA+cm/ggied8GUdwj6DGY8o9s1RUYs3GKEcnDUeMda5SoFyC4E/YL8mK/tHywW4un/Qr83Jkq+IrJT/ayjlfO7UkotGaI422tRujfg/22yjidHAQPn57F8BZLrG4LUWQJakEYKogdGvRzCgwCRXYXWoAIq03E+Vy8FliL9SonYkqV0+MPSadS7rqyE3XjtGKQvOmCwPWDoPjwWPBrdWneJ+m3iYFuXvalOLUyTWSucvkIt9MRdNT4iVLXHML1oPuNXcc/LUxdY8pluM2z0/TTHTi5KYVgvk8v2P/e7ioWpgDlfGL3Hh0LrJlpZIqDcbZ7B+Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(136003)(376002)(396003)(366004)(346002)(6916009)(66476007)(33656002)(8676002)(66946007)(6506007)(64756008)(186003)(66446008)(66556008)(7696005)(76116006)(316002)(5660300002)(8936002)(2906002)(52536014)(86362001)(83380400001)(9686003)(71200400001)(55016002)(478600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?FitFLPZs64lozMKFWmZp26b9k7UKOYB3zp6JV51Vr+uBJF7W4N0Jy9g3KoZX?= =?us-ascii?Q?Fw+Lr87dTBZOVUDQwquc3mWWDFY185ii9lJY0QIxqRVulXKz6aS+AuRdrcEK?= =?us-ascii?Q?PjVU/5stuKgDfd4T9XWDWD3wUhvYlvjpPMRpjRYUiDc7UaQpchtEpYwRfDa5?= =?us-ascii?Q?T9Eo4rKJdn+Fq+qC9Ij2M58ldlIDO37XVZefi7K6IJAD+gvT6/4cU6dR36U2?= =?us-ascii?Q?VT6cBG7aJtbaXaTh8BMnbtfLsE8lUKnHDulL9sJZvVrNv6Vbu0Y172vuWy3A?= =?us-ascii?Q?8ycNPEHlqOnNgLO8Y3GZoocPAfOGoV6ZCJGt8CGnqHV1eHqCgJcA+9NDksQY?= =?us-ascii?Q?/tkwzXWpmT/hJtUXXgmLid38AzHrWVnxi9HD/J9nrtvSa8mj+7ygREa4AMIF?= =?us-ascii?Q?2ZKP41CEvtpzMzndT9FYOYXRdyZcadLNL4JG4sBX7AM5qrnK2q7QvB9PZYx1?= =?us-ascii?Q?z1pGu2/B2n+PycOWSLjZn/J1kp/xCVo7nh+dQ8boupJYZ/i6fKFyWDco+jen?= =?us-ascii?Q?RIR8cfyLxfnDy2RE+tIl9y4Kxw3vyWmNeuI2jVJundppCR7PnJU4EVVHEF+y?= =?us-ascii?Q?dxPf8zyb5NJjRnxjM2y3aaSdOCRLdvkkDKn6zAzDBRnm4G4n/aJe9MtPrAHT?= =?us-ascii?Q?izv0tnGqt++BcbanguF60Dmy4qxcCbGnjRY18zYFTo1IIv2Lf/lzAUJPMsgL?= =?us-ascii?Q?yR99OaRDmNCpSaMHEhw7gEEs14TDQgrY9dVj9v7udxsBIZa/bCDqorTSmLHv?= =?us-ascii?Q?f9+EMWRLHDrurUNs+YQBHZ615w2RBaqHZR7+hXppcy6hIEPRFwvDwrruUYX/?= =?us-ascii?Q?JYSDdABBB5RfUDYbCbwisfMEcs0dK8hVuKVo7dsYeaE91SsqHqhKk8Ig3h9S?= =?us-ascii?Q?8wqFxf3rstmL5XQiz7QjDTjsVgImSbKLaMVS6qjhN53TuZm5yR1AOAtKwGpI?= =?us-ascii?Q?o7tb9SCdYM5w3IjI09UYZTff8LkQcjzexA4I6IgTOpyVI+qFrRbfzQypT+po?= =?us-ascii?Q?XiaX3ktMhf1CaskkHiS7SBSlAQ7+7zulWOV7WDqR4dGH1pM=3D?=
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bCcjFzYC7Tw95TcD13IheBaCaA3YDj6GgmV4tO9GS704t7nBGxhsOfEyQWI3rgwDlFhB+HwAB32D3iUuAPLNOApFJuLTqtYTUdB708sCr2Tt6V8Ln0db5Jodt7UVRalMITJPDw8SKB0knT37oS2/dJl4yzYBw9UcA6ZEN0ttan1LBL5XMECBMwT42vdAEB2gNQHszWeb9Mn5WNewkpRHB5qvtIp9rIzKtibRcBPFn/8DWdFmuKJeycXzoE6N6P0h7Dfj9x3hpvXEa7fvweTSr2Ugh9Jcoi6e9M28Jbj3DKLjG76YbcjV5KfDkM9UZrwEPtgPAayUkmyyN8e0YG4ZPg==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Fnwhv3ne5Oy0UY2fMtcPpCEmbuqj+uYX78rfAbV03XA=; b=PCxhZYjJaH9OoajHMgA7KVX9SbUZO+/B6/PxtKKX4uBYwqIsK5xVwn0keWMUBrSOOXPGFVP0fnTYCYc+UKj92hVrZyYxp085YWbFC0adPwAMSdR4m7wZBlYIRMoftTZLJWsh7kAzPThHP3TucY51OvQPshQU50xXd4RLzOUed341YeXj4hXVE7hdGJX6Flk6YTpBT1YQlGqej/fpGmVjJcIh29NdE+XhwLRqOqzfAYj99cO/8IQ0mgt8JyiFW2mIol6S/5LdDwvrOJ8+z57U3JKqSntXgLWWN2wUy7hN9BOP3vxHutklSpfg2MMFz/9fUfLVgMkn50891rQ5UqzSow==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4351.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 6b1996a5-931f-471d-0982-08d8be4f78de
x-ms-exchange-crosstenant-originalarrivaltime: 21 Jan 2021 20:59:41.2106 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: Et2QyZSfKyWUI+OT+F7ZOD5XxlGYJjMcdBVRrPxU/5r5VLvJB9YKBZ7h9/1vGoKKkhG6KRlNT9tVzstgPQGLEr+yLx+BYk2epnpFnLiA1/A=
x-ms-exchange-transport-crosstenantheadersstamped: MN2PR11MB4080
x-originatororg: comcast.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWO
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2021-01-21_10:2021-01-21, 2021-01-21 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/1y0c4xG7bN0rHR1Fi2Kuv5MxlGQ>
Subject: [dmarc-ietf] Reports helping spammers? (#81)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2021 21:00:01 -0000

Hello folks,

Thought I'd see if we could come to a conclusion on this ticket.  The gist is that the reporter believes that (aggregate?) reports can help spammers to determine some effectiveness of their message attempts.

Full Text:
-------------
Spammers could use DMARC reports to monitor the effectiveness of their campaigns, and we do not want to help them. Do existing implementations send reports to any domain that requests them, or only to those domains that are considered "acceptable"? If reports are only sent to acceptable domains, what sort of criteria have been useful?

System administrators will appreciate such advice. Product developers will need guidance about the features they should provide so that a system administrator can control which domains do not receive reports.
-------------

>From an operator side, I don't agree with this assessment.  The reports do not show if/why a MBP may place a message in the Junk folder.  Could it be DMARC quarantine?  Sure.  It could also be any number of things from a large matrix of decisions, none of which are shown in a DMARC report.  Also, the reports are typically sent once per day (seems like most ignore the 'ri'), quite likely some time after the end of the reporting period.  Additionally, they probably have more efficient/immediate methods of evaluating their success rate.

If you believe something has been overlooked, please feel free to share.

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast