IETF Logo Mail Archive

Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result

Douglas Foster <dougfoster.emailstandards@gmail.com> Wed, 05 October 2022 01:13 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08FD8C14CE36 for <dmarc@ietfa.amsl.com>; Tue, 4 Oct 2022 18:13:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o6YXWqqc3Grt for <dmarc@ietfa.amsl.com>; Tue, 4 Oct 2022 18:13:43 -0700 (PDT)
Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4078CC14F731 for <dmarc@ietf.org>; Tue, 4 Oct 2022 18:13:43 -0700 (PDT)
Received: by mail-lf1-x12c.google.com with SMTP id 25so13241549lft.9 for <dmarc@ietf.org>; Tue, 04 Oct 2022 18:13:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date; bh=EeVIzxBSz6sKHGsJ56rL7S8P9q8uVvQmbMQzDJt63Lc=; b=m23n19m/epqAVeMXcYG4QreTJG7MZI7uV3Tq2MbXG0oT2w8ywDQphTrgoaeUCp2Vk6 wwTTDQoimh0QFrTntJoCzZMltBQDKsBW3DRZHzMWPgp4R72iCbjJ6pqXGmaAjQeKL5cZ k2acbN9sMBSqhbL+VthvJcy67haeWaEwto+C/uIkOoRFPeYLiAFRNklO3qGi9uYJy3Eg fzuvcZWOhjeK3UNp5MWwgYNt80dmDB9fhTv3NkPD/PVIY+MzEkXfCvYIYOL7xbMZ9kEF bEewu+qMdYeZUnhde6icNLq8Pb8DgeATdEhApQZMISFaA8qXjXWDllEVuu2g42A8kx60 DMyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date; bh=EeVIzxBSz6sKHGsJ56rL7S8P9q8uVvQmbMQzDJt63Lc=; b=4UvS+cxdA0OQcy11jFHllKkk6Ls/Z5EtTdq16BYzVg+x/Wa3bEitBuw+YVFn/hgYMK X2kj2dhrqFXGHdUR0XS0YzS4m67kmVrSzAeCWwm2o+xp1VzrnH+CE4UXj4eNnYGWqGgS sD9yWUn3OM3M3+Iq7ghEtin12SzzUDmoNhktLxmYBkPXaq6OSTw56F6Sl2lV29w/eXl5 9HIapZ7bG3RTkxzyFVFFhW0wjzpZ1QcFO4ruQ8InIQKxxJaxbxl3WCmYU3tmU4tMtmj1 UIcMkRrF9Jo2QV2iP7bPIrMCqUkJ1UXQdwhRWcJf0/u183KjMx2I2zgdSAD3RZVhxrlz s+gg==
X-Gm-Message-State: ACrzQf1nHKebxjAZQe4wUGzdirdpulVDKcrA/vHV8dktOTN1azHECbb8 F+1PgV0NEEmc5iy2SVhh+OuSGw3NHiTM1I09tULlLxJu
X-Google-Smtp-Source: AMsMyM4LNmjBnVb/frUDD5OzW8081V7FkxDoj7kQVX2GxY+R4/rK2gaJTX0p7mnM87bR6DkHHWgIX0NtrMgA6kISKHw=
X-Received: by 2002:a05:6512:4db:b0:4a2:15ee:af03 with SMTP id w27-20020a05651204db00b004a215eeaf03mr7013516lfq.14.1664932420199; Tue, 04 Oct 2022 18:13:40 -0700 (PDT)
MIME-Version: 1.0
References: <165046214335.10055.16398898629460366752@ietfa.amsl.com> <CAH48ZfxZOq68=P-Qxjvjk1c8PxWAWDvaBPPQcb4DWmd6cL=u4Q@mail.gmail.com> <CAJ4XoYen6n06L1UBqzu9nr2jCC7v_-GOAdJXMzCks6d-AaKqUA@mail.gmail.com> <CAH48ZfzVt=+yoj280VxL_SV+YM4C7eqMWhL=41YpVybaPmLcLg@mail.gmail.com> <CAHej_8mgKjpo6DDbOS9bBdTarThKOa9F55QBtrM6G-oq1YfX+w@mail.gmail.com> <CAL0qLwYjYY4OvShqACWPz0vdJcAubdU1csFFVSkqzsReZSZxuw@mail.gmail.com> <MN2PR11MB43514940B87730CC9D476AACF75B9@MN2PR11MB4351.namprd11.prod.outlook.com> <CAL0qLwb=1CZN6s2QzWJGFeO3=iPWZ-eS=7hvi4B6jhuh+hLJ0w@mail.gmail.com> <8ab0943b-9805-1a0e-528d-9cf45f2eaf9c@tana.it> <CAH48ZfzM2J0_RizqESbFSm3ASfc2x6nsdxUXWEWO+4g2vXsz+g@mail.gmail.com> <38BC22D3-3A29-47E0-9E51-DD862FDD4947@wordtothewise.com>
In-Reply-To: <38BC22D3-3A29-47E0-9E51-DD862FDD4947@wordtothewise.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Tue, 04 Oct 2022 21:13:28 -0400
Message-ID: <CAH48Zfxf8X+77xnBe2Ah8WCZ9vHxt5--tN4wwO5YBDkJXUguAQ@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007b293005ea3f49d9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/3o37wh4Q5uM72mchbJ1hTrfYqTw>
Subject: Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2022 01:13:47 -0000

Time for some data collection:

Who has a reporting implementation in use which is designed and tested to
support at least 100 DKIM signatures?

What are the maximum number of signatures ever observed on a single
message?
What can you tell us about the curve of signature count vs. message
volume?   How common are messages with 5, 10, 25, or 50+ signatures?

Doug

Doug

On Tue, Oct 4, 2022 at 5:23 AM Laura Atkins <laura@wordtothewise.com> wrote:

>
>
> On 3 Oct 2022, at 23:31, Douglas Foster <
> dougfoster.emailstandards@gmail.com> wrote:
>
> The primary key for aggregation is the SMTP domain (up to 255 characters),
> plus each DKIM domain (up to 255 characters) and its DKIM scope (up to 64
> characters).    For 100 DKIM domains to be included, the primary key
> becomes up to 201 fields with up to 25,919 characters.  This is
> unmanageable with readily available tools like a SQL database.
>
> I suggest that we start simplifying the scope, by limiting the items of
> interest to:
> (a) SPF whether pass or fail,
> (b) aligned DKIM domains, whether pass or fail, and
> (c) non-aligned DKIM domains that pass.
>
> I don't see any value in knowing about failed DKIM signatures for
> non-aligned domains.   Perhaps someone with a sophisticated report parsing
> capability will be kind enough to correct me and explain.
>
>
> Knowing what domain is signing is important if you think things should be
> signed but they’re not aligning. Knowing what they’re being signed with
> helps treat the problem.
>
> A very simple case is: if you have 2 domains you’re using at Google
> Workspace sometimes Google will pick the wrong one to sign. So your mail
> fails DKIM alignment. Without knowing the domain, it’s impossible to
> troubleshoot what’s going on here.
>
> Then I suggest that the DKIM upper limit by 10, not 100.   At some point,
> an excess of domains becomes a DDoS attack on the evaluator, and to a much
> lesser extent, the report recipient.
>
>
> This is the type of suggestion that has broken SPF. I do not support it.
>
> laura
>
>
> Doug Foster
>
>
> On Mon, Oct 3, 2022 at 2:17 PM Alessandro Vesely <vesely@tana.it> wrote:
>
>> On Mon 03/Oct/2022 18:01:06 +0200 Murray S. Kucherawy wrote:
>> > On Mon, Oct 3, 2022 at 10:26 AM Brotman, Alex <Alex_Brotman@comcast.com>
>> wrote:
>> >
>> >> So we would likely need a section in the core document with a SHOULD
>> for
>> >> evaluation (if it’s not already there), and then a section in the
>> aggregate
>> >> reporting for a MUST for reporting on evaluated information (if they
>> choose
>> >> to send reports at all), correct?
>> >
>> > [...]
>> >
>> > From the actual protocol standpoint, the filtering part of DMARC
>> operates
>> > just fine if you make the shortcut Doug is proposing, so the first
>> SHOULD
>> > is probably apt but the MUST is moot because it doesn't change
>> > interoperability.
>>
>>
>> Let me add that reporting /all/ identifiers can be unfeasible.  (I, for
>> example, collect identifiers to be reported using SQL left join of
>> various
>> copies of the table, which delivers results as just that many columns,
>> although
>> more might have been evaluated at reception time.)
>>
>> Reporting just the "most important" identifiers could be an option.
>>
>>
>> Best
>> Ale
>> --
>>
>>
>>
>>
>>
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>
>
> --
> The Delivery Experts
>
> Laura Atkins
> Word to the Wise
> laura@wordtothewise.com
>
> Email Delivery Blog: http://wordtothewise.com/blog
>
>
>
>
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email