Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-09.txt
Hector Santos <hsantos@isdg.net> Fri, 28 April 2023 21:30 UTC
Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DBB7C1519A7 for <dmarc@ietfa.amsl.com>; Fri, 28 Apr 2023 14:30:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b="M8Eq1bQp"; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b="PU8EbUTa"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k3-Ot_XKolrc for <dmarc@ietfa.amsl.com>; Fri, 28 Apr 2023 14:30:19 -0700 (PDT)
Received: from mail.winserver.com (mail.winserver.com [3.137.120.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2799EC1519A4 for <dmarc@ietf.org>; Fri, 28 Apr 2023 14:30:18 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1592; t=1682717416; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Subject:From:Date: Message-Id:To:Organization:List-ID; bh=lVNP6v1VCUGcaklKvc3wXyIll FOYUDVxCEk2NHshuWU=; b=M8Eq1bQpjym4hhItr/pHj7xZPh7kK7ec27LSviAPO Jxd2ZVsesLUQ5e1V/snFjJ/vHXyqkDpBBYwRhiR3B6GViwWoRT0uzmd3haIDaGBt f1j+q7TxBMaHfjZcvrlhtJ/M3uorFQSz2asJ4YJI3j4gI3O6wDJvLxybPVQ64jbm dk=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.13) for dmarc@ietf.org; Fri, 28 Apr 2023 17:30:16 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=none author.d=isdg.net signer.d=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([3.132.92.116]) by winserver.com (Wildcat! SMTP v8.0.454.13) with ESMTP id 3110190332.1.8080; Fri, 28 Apr 2023 17:30:14 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1592; t=1682717412; h=Received:Received: Subject:From:Date:Message-Id:To:Organization:List-ID; bh=lVNP6v1 VCUGcaklKvc3wXyIllFOYUDVxCEk2NHshuWU=; b=PU8EbUTaziOKxjcKiXMszUZ e2RAsZAqoBAyLG5PhEP3trbzwQFSaAoGzXkJ8F626InWwSsT/akXdVJPTrSAudDB J+SH8AS8Cdt8KguOBsFk/N+28dPXna9f/KKAQ+XYSiNWHy65YKSYP9TrC8krep3X /i7Guf1PIKLei9ou7I6M=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.12) for dmarc@ietf.org; Fri, 28 Apr 2023 17:30:12 -0400
Received: from smtpclient.apple ([99.122.210.89]) by beta.winserver.com (Wildcat! SMTP v8.0.454.12) with ESMTP id 3556229270.1.8116; Fri, 28 Apr 2023 17:30:11 -0400
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\))
From: Hector Santos <hsantos@isdg.net>
In-Reply-To: <CAH48Zfy_tjzJzrpA_-ifZUSQN_oQtahSAjnARMxd=J1vmKd9WQ@mail.gmail.com>
Date: Fri, 28 Apr 2023 17:30:00 -0400
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <02B35043-8EE8-4666-89DD-251722AEB054@isdg.net>
References: <168237954548.59430.5667500092734033047@ietfa.amsl.com> <MN2PR11MB4351A122FFE05229D0A5A493F7679@MN2PR11MB4351.namprd11.prod.outlook.com> <cd906cf7-187b-4c8d-8aee-aa9e1990d8b4@iecc.com> <CAJ4XoYeVH9JHc=03PkaR_btJ8oBk1YtBvwfY6wKMhUjC1qzC0g@mail.gmail.com> <1f0147d2-26e1-36cb-d3d7-2e669d3f95e3@iecc.com> <CAH48Zfy_tjzJzrpA_-ifZUSQN_oQtahSAjnARMxd=J1vmKd9WQ@mail.gmail.com>
To: Douglas Foster <dougfoster.emailstandards@gmail.com>
X-Mailer: Apple Mail (2.3731.400.51.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/4mIz-ycZ0MD-BUGYgArO-rDvOyg>
Subject: Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-09.txt
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Apr 2023 21:30:23 -0000
Douglas, In general, you can’t impose or mandate TLS under PORT 25 unsolicited, unauthenticated sessions. You can do this with ESMTP AUTH a.k.a SUBMISSION Protocol (RFC6409) which is Port 587. Under this port, you can mandate more Authentication/Authorization and mail format correctness than with Port 25 and not using ESMTP AUTH. So for example, for PCI, you must use A/A mechanisms probably under Port 587 because it can be mandated. But not under Port 25. — HLS > On Apr 27, 2023, at 7:04 AM, Douglas Foster <dougfoster.emailstandards@gmail.com> wrote: > > There are options on TLS failure. > > Mandatory TLS is actually pretty common, since PCI DSS, HIPAA and GDBR have all been interpreted as requiring TLS on email. For outbound mail, our MTA is configured to drop the connection if encryption cannot be established. I think this configuration option has become pretty common in commercial products. Domains that cannot accept encrypted traffic are handled with secure web relay (Zixmail or one of its many imitators.) In the case of a report recipient that cannot accept TLS traffic, we would simply drop the destination. > > For inbound mail, my organization has concluded that data security is the responsibility of the sender, so we do accept unencrypted messages. > > By and large, mandatory TLS will be implemented consistently, rather than on a specific message like a DMARC report, so I don't know how much needs to be said in this document. > > Doug >
- [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggrega… internet-drafts
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Brotman, Alex
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Scott Kitterman
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… John R. Levine
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Brotman, Alex
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Dotzero
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… John R. Levine
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Scott Kitterman
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Alessandro Vesely
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Scott Kitterman
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Benny Pedersen
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Brotman, Alex
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Scott Kitterman
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Scott Kitterman
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Matthäus Wander
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… John R Levine
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Alessandro Vesely
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Matthäus Wander
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Hector Santos
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Douglas Foster