IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports

Todd Herr <todd.herr@valimail.com> Mon, 28 December 2020 21:21 UTC

Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9DF03A0DE6 for <dmarc@ietfa.amsl.com>; Mon, 28 Dec 2020 13:21:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xlDX45jKcxv7 for <dmarc@ietfa.amsl.com>; Mon, 28 Dec 2020 13:21:13 -0800 (PST)
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D78A53A0DE2 for <dmarc@ietf.org>; Mon, 28 Dec 2020 13:21:12 -0800 (PST)
Received: by mail-qt1-x832.google.com with SMTP id b9so7811479qtr.2 for <dmarc@ietf.org>; Mon, 28 Dec 2020 13:21:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JpEHC2bKZhO7hHdEav13SpnhDLgt75CByz9nJk7bRzo=; b=YjKxsMYOZkD7ww2ZSuZtgKX69CZLJ0kkAenlizxXTtVaYtAu7rOlbVtxBWlrRQpsmR zzG3jRKlWG6ZCrKMCWXFxNB70xlJqv9syPjBWs8iEHN3igiwGLd5q1GL8+SEZ/6frmEp hL6KhwvJn39ayjurLk4v91jF2cYCcJjGEkax8uRfOhY/lsn8zYdvrczXfhbgZtJioaaZ /PtI13aB1O5uXA5lhFx58hqE3TqrQoD+/JXE7XYrmyfOCbOtLeyPIIfdZ0opqEdRckZi xGRyN6KqmvRLMywURSZsgFiRXmwU+k8I/RrpBGi5RQA4fN+wFLU4DYKhwXcAHijn1Bx1 jZdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JpEHC2bKZhO7hHdEav13SpnhDLgt75CByz9nJk7bRzo=; b=KzRUEDuPlvslGmQI2mYu5gY1gzHq/VAwu0/Ob+RIo0DUPYlj3dRVNX5QR2ehcsPSUX 1KHNadP5AP6Vz0LEGZ73wuLBNKT40GzJwHxtPevcFCy/l87ePUC75obkLWpGdp2sJPvs EihR2bRBMFKoDZRjMCogsI+SaJw1RellwBl83m8e94T34WcfmJhh8k8u9XlFMKLSj4JA hAWiETjlGCGhV2xVS150nCyjvS3JmeSuSZ29iPGa81ChXejsS1S4zeiesq3OwOYW89L2 RhXoSxUoH0TPywSY9TPyeVGV2KYaXGRGbb/nH0Q6RTFXqmdg/vWi6tI8xYBOpGGweqCm ClqQ==
X-Gm-Message-State: AOAM531WD4OTJeKkKTzq0oPVf5cIf0QFz1ZngDeJEupyeqySDcblwlQl STZ7G7HgyGPwmgZUgGde2j045cZsT/MTI0dFcXK3eRaLYpY=
X-Google-Smtp-Source: ABdhPJwij3hruay+jhkQyOTdIiH4fH1XulcW2oKc5RMUsdNfo5lsxgA0cNsb8S8Uhck6PKVCvpNt4OySvoq6QoHy6e4=
X-Received: by 2002:ac8:6b0a:: with SMTP id w10mr46685415qts.224.1609190471924; Mon, 28 Dec 2020 13:21:11 -0800 (PST)
MIME-Version: 1.0
References: <20201218023900.E73B82ACBB2B@ary.qy> <3997c81d-3b30-0823-a752-fb1d60a44593@tana.it> <74a5c37-19a6-6f6f-a51d-6e5cca5b29e8@taugh.com> <CAJ4XoYdXWTgADpdL1eJuYGnpSY038vj-FW_x1f2rEp1JL0r2oA@mail.gmail.com> <01RTICXKLL3E0085YQ@mauve.mrochek.com> <c5f7413e-52c1-6710-16e5-63f59d2c24b9@taugh.com> <CAL0qLwYDeV9CmFg9qCCGPse00JV30WRiSC4orC-EitK=hiahgA@mail.gmail.com> <a79dd75-4d73-d1dc-d6b1-272de866b950@taugh.com> <CAL0qLwZXu3FxH7QGBS7PGbeDwfDTGmC=rbPEQidVV4eDJNHLUA@mail.gmail.com> <CAJ4XoYeK2cJb+easc=mqCi4ap1932LmbDdfxM1dFZKrdo2a2mw@mail.gmail.com> <acfe3d9e-97eb-50ee-26a2-568fdd8359dd@taugh.com> <CADyWQ+GJ62jt=dL9Gzuw_O7USNbS=86BqAzu8Rdv9sCb5OpCdw@mail.gmail.com> <d4a00be5-bd61-0c05-3431-8d56b39a3550@tana.it> <8813331f-f5e4-faa5-c6d-11212fc25797@taugh.com> <CAHej_8kpT2ooFoJdsj1X+AV90HEA29yABJVp+EhrpJNXxWpnOA@mail.gmail.com> <CAJ4XoYdFHZEras4JC5K04i+PAukWCTBBnwr0zw_CYwDOAe6Sng@mail.gmail.com> <CAHej_8kw6JV-wQKOs1yd_z0RsZe=wuew2+ZSJrmY35j-VCcwFw@mail.gmail.com> <dc3140ef-dcb6-05e2-71c3-d449f0e76f1f@tana.it>
In-Reply-To: <dc3140ef-dcb6-05e2-71c3-d449f0e76f1f@tana.it>
From: Todd Herr <todd.herr@valimail.com>
Date: Mon, 28 Dec 2020 16:20:55 -0500
Message-ID: <CAHej_8n=ofqBN_6v2VYJ9vKfefcZO1+jWNPPY9vrcK4Jc_gH_A@mail.gmail.com>
To: Alessandro Vesely <vesely@tana.it>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000074908805b78cda08"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/6cSLsHR8sjFes6xRIhHF8KrvKyA>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2020 21:21:15 -0000

On Mon, Dec 28, 2020 at 3:14 PM Alessandro Vesely <vesely@tana.it> wrote:

> On Mon 28/Dec/2020 16:48:10 +0100 Todd Herr wrote:
> >
> > I am not opposed to the generic warning, but the following sentence in
> the
> > proposed warning gives me pause:
> >
> >     "They are meant to aid domain owners to detect why failures reported
> >     in aggregate form occurred."
> >
> > The implication, to me, in that sentence is that the failure report will
> be
> > sent to the party that originated the message,
>
>
> How do you derive that?  To me, the sentence seems to implicate that
> failure
> reports go to the same entity which receives aggregate reports.  That's
> not
> always going to be true either.  The point should be that the authority
> who
> decides where either kind of reports go is the same who publishes the
> public
> keys.  "Domain owners" is meant to indicate such authority.
>
>
Forgive me, as my words weren't clear here.

"[Failure reports] are meant to aid domain owners to detect why failures
reported in aggregate form occurred" says to me that the idea behind
failure reports is to put them in the hands of a party that can address the
failures.

DMARC validation failures can be caused either due to legitimate mail
(i.e., mail originated by or on behalf of the publisher of the DMARC
policy, a.k.a., the domain owner) failing authentication checks due to a
shortcoming in the authentication practices of the domain owner or some
other hiccup that occurs in transit, OR by illegitimate mail (i.e., mail
not originated by or on behalf of the domain owner, so mail intended to
fraudulently impersonate the domain), specifically the kind of mail that
DMARC is purported to be designed to stop.

All reports will go to the domain owner, and they should all go to the
domain owner, but the domain owner will have no interest in fixing the
authentication practices of the illegitimate mail streams identified by
failure reports, nor would it have the ability to do so even if it wanted
to.

I believe at one time long ago there was an idea that a second possible
usage for failure reports showing illegitimate mail was to give the domain
owner evidence to present to an abuse desk or takedown vendor to get the
illegitimate mail cut off at its source, but I don't know that for certain.
Without such a use case, failure reports regarding mail that the domain
owner didn't cause to be originated are just noise, because there's no
action that the domain owner can take.

-- 

*Todd Herr* | Sr. Technical Program Manager
*e:* todd.herr@valimail.com
*p:* 703.220.4153


This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.

v2.23.0 | Report a Bug | By Email