IETF Logo Mail Archive

Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help

Seth Blank <seth@valimail.com> Mon, 25 January 2021 21:59 UTC

Return-Path: <seth@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A04783A197C for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 13:59:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yswEn4eP2H_c for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 13:59:23 -0800 (PST)
Received: from mail-vk1-xa33.google.com (mail-vk1-xa33.google.com [IPv6:2607:f8b0:4864:20::a33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A14D43A197B for <dmarc@ietf.org>; Mon, 25 Jan 2021 13:59:23 -0800 (PST)
Received: by mail-vk1-xa33.google.com with SMTP id e10so794860vkm.2 for <dmarc@ietf.org>; Mon, 25 Jan 2021 13:59:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=20XNU3AteZsV+g3cZx+AJpXB9WN00/nGu29Wmqj8LZU=; b=Y0nyjIinr7Rf3NlOYeKZldCloEKVYjKF25AQn47+NpIRsnJAI4nw6FaPc4VtlTaw2Z ozDvtw7cSzCU3DhVJQWG6wfpXF5v8zfCOTWFGsfU1UPjzgbV/gGLMU0889nE8K5QjQq2 Fi04BVVelbrv+UpXQiOrk/eksgJk+kCQQwg+kz87ZAGvL/K2afF9B/RTGxXUpSMnLJjK 9+8SlkaVpClkxGY382jM5vbbZdD7mgJh61zA558WD1tNYXkTY5AAKFgC1z9qDLankLE2 XpHi2YYTKoInfyy/sm8O2XGwZ0ARNX0hg4oha/SfPXC7UIg02RFjfQHLQkVMhtzm++fK eOfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=20XNU3AteZsV+g3cZx+AJpXB9WN00/nGu29Wmqj8LZU=; b=lnWyi3EFznz0LU33UfeZxPrCKY+JMzzUV3ntlkYVfukrxq8VpninegC3bKXBmdrFaj lgsqh/m6bxzM9RwBbramEtEkfqha5OhshiCTYf2idCesPiQQ9els0meK3Y12kqqKiNPb JKxt6bCWcXwkfE7fZE8H8hPFRURXn8Zorji87la8bF2dsuP0617xlo9Sqn11IbXtpV4u 6HMjzc/MXoP/0GVQSFUUiSJKx4xtOBsJMOvtLXhgpcK7tv5UGHejHicw/JejjXD4qWC4 WYncoAYPvU8pU0rY+mlRKont/8gL6IjzoRDFgCF7QqZnuMoRtXvIYqKulVE29G17YAs9 UL7g==
X-Gm-Message-State: AOAM532epLAj5OWTvCjISeVxSAgYxnRgIVmIVjQAUc91kjeT7U4qKsUn HJ6/XDCRDpZWApCsgHSRSsJjKoapeVyzWFG+yF4ceDYlbBA=
X-Google-Smtp-Source: ABdhPJxOHP5k/xnnoQ4hTYzc2UMUsngTEM/cuy4d0SKa+z00cgnKwOOV1NbKPE1dQdDXH0t7qDFwRjc2jJ/0mpvIKJM=
X-Received: by 2002:a1f:9705:: with SMTP id z5mr2400198vkd.3.1611611962504; Mon, 25 Jan 2021 13:59:22 -0800 (PST)
MIME-Version: 1.0
References: <20210125195231.E0DE16C13E26@ary.qy> <12abca41-4420-37c7-c903-7decc012027a@mtcc.com> <CAHej_8nr=SOuk0eUR481xMWhQ8JC5fjhHeE64w++Ltf0XM9TQw@mail.gmail.com> <84ffcfcd-d391-4382-6a23-dfe100407476@mtcc.com> <3ff74c76-9ac9-d4ce-32aa-96fea9a8b0e3@crash.com> <1767db9a-ce8a-7c85-0aec-7ebda4680ab2@mtcc.com>
In-Reply-To: <1767db9a-ce8a-7c85-0aec-7ebda4680ab2@mtcc.com>
From: Seth Blank <seth@valimail.com>
Date: Mon, 25 Jan 2021 13:59:11 -0800
Message-ID: <CAOZAAfMc8YO0ON581N3LwFqXnEBu5+QnUNDB6TAaNuYYnEEkJQ@mail.gmail.com>
To: Michael Thomas <mike@mtcc.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008a8b8505b9c0a6ac"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/61hgaF9KO676PZuDjFz7i5fPf3I>
Subject: Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2021 21:59:26 -0000

This thread is now counterproductive and needs to come to a close.

Michael, your continued assertion has been that unauthenticated reports are
an issue. But so far no evidence has been presented that reports are sent
without authentication, or that the text of the document is the cause.

This thread is going in circles. It's now official CLOSED, unless someone
returns with evidence of an actual problem here.

Move on to other tickets.

Seth, as Chair

On Mon, Jan 25, 2021 at 1:55 PM Michael Thomas <mike@mtcc.com> wrote:

>
> On 1/25/21 1:26 PM, Steven M Jones wrote:
>
> On 1/25/21 12:18 PM, Michael Thomas wrote:
>
>
> On 1/25/21 12:08 PM, Todd Herr wrote:
>
> On Mon, Jan 25, 2021 at 2:56 PM Michael Thomas <mike@mtcc.com> wrote:
>
>>
>> Sounds like a bug to me and an issue should be opened. Just because it's
>> a 10 year old bug doesn't mean it's not a bug.
>>
>
> I disagree.
>
> Authentication results should not differ at a given provider based solely
> on the destination domain, so there is no reason to report results
> separately for each destination domain. Further, there's no value to the
> report generators, especially at large sites like Google, to expend the
> resources necessary to generate and send X reports when one will do.
>
> So you're saying I should be free to spoof any domain I want because
> Google might be inconvenienced?
>
>
> If the language in 7.2.1.1 that Seth cited is "working," then report
> generators are sending reports that pass DMARC and the report receivers are
> validating that before ingesting the attached reports. However this only
> provides some degree of attribution for the report itself...
>
> Yes, if that were enforced that would solve the problem. Given the
> confusion my guess that it is not. That paragraph could be a lot more
> specific about the mechanisms and motivations which I suggested in #98. It
> probably requires even more than my suggestion after seeing all of the list
> traffic going by. If gsuite is aggregating reports from all of their
> domains they host into one report, there is clearly a problem both with the
> text and with implementations.
>
> And of course, any proposed http method would have to provide equivalent
> protection.
>
> Mike
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>


-- 

*Seth Blank* | VP, Standards and New Technologies
*e:* seth@valimail.com
*p:* 415.273.8818


This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.

v2.23.0 | Report a Bug | By Email