[dmarc-ietf] Missing report elements and dmarc.org information based on deprecated drafs

"Freddie Leeman" <freddie@leemankuiper.nl> Wed, 07 August 2019 13:46 UTC

Return-Path: <freddie@leemankuiper.nl>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3311F120052 for <dmarc@ietfa.amsl.com>; Wed, 7 Aug 2019 06:46:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=leemankuiper.nl
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id pyoVjcIvQtXe for <dmarc@ietfa.amsl.com>; Wed, 7 Aug 2019 06:46:39 -0700 (PDT)
Received: from srv01.leeman-automatisering.nl (srv01.leeman-automatisering.nl []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5911612004F for <dmarc@ietf.org>; Wed, 7 Aug 2019 06:46:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=leemankuiper.nl; s=mta1; h=Content-Transfer-Encoding:Content-Type: MIME-Version:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=3zeeGBmQ0ixWIfnUhQbPxp/QqAPuTxNckAmbJW57YHg=; b=OBc/d6CQeUYnFv1Fzgo4E0vpeK xK3Kh79mfGvUduXwttCeA9TZuXNuJ3Mo1tFbYFfBO7rCgI8q2udcX8mdTBS2qtzVbPoafmzQPM0XR 21/3lOUswi+26CtEgs2063P6kmEUEKwpKIqjmUiRv/lyQDBFP6IwZjQ2ULVt+Ozi64hD4RL8TGgjw Zso9oas8oAJIwN5qEg9rsBQYpcprQ9pTdb5e4LELidFjB9zW55mK1GGI4L3jKRaVr+lDgWKeOfAzg qcNv94INJ1AKsi8i7LzeTgHA/FDIetqomfczC6iV61i/42UBsU91zlzX1cDje97s+WO4EjM2z5qxw 4EsutgXA==;
Received: from 83-85-239-134.cable.dynamic.v4.ziggo.nl ([] helo=LAPC01) by srv01.leeman-automatisering.nl with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.1) (envelope-from <freddie@leemankuiper.nl>) id 1hvMGz-0001Vj-1W for dmarc@ietf.org; Wed, 07 Aug 2019 15:46:37 +0200
From: "Freddie Leeman" <freddie@leemankuiper.nl>
To: <dmarc@ietf.org>
Date: Wed, 7 Aug 2019 15:46:35 +0200
Message-ID: <016301d54d26$88020f30$98062d90$@leemankuiper.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdVNJmrh9xRmS+tgRvOQJui8GP3LbQ==
Content-Language: nl
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
X-Authenticated-Id: info@leemankuiper.nl
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/7QmWbMMEp-TpkjGmDg0wvzhtDuQ>
Subject: [dmarc-ietf] Missing report elements and dmarc.org information based on deprecated drafs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2019 13:46:42 -0000

I've been digging through the DMARC pre-IETF drafts and IETF drafts and came to the following conclusion:

The following report elements were added to (pre IETF) draft-dmarc-base-00-03 (January 2013) [1]:
* IdentifierType 'envelope_from'
* SPFAuthResultType 'scope'
* DKIMAuthResultType 'selector'
* feedback 'version'

The following report elements were added to IETF draft-kucherawy-dmarc-base-02 (December 2013) [2]:
* PolicyPublishedType 'fo'

I went through the data from the largest suppliers of DMARC aggregate reports in the last 7 days, and came to the disappointing conclusion that emailsrvr.com, google.com, linkedin.com, Yahoo! Inc., and zoho.com NEVER publish the above elements in their DMARC aggregate reports.
It looks like most DMARC report sending organizations (even the DMARC founding contributors like Google, Yahoo! And LinkedIn) based their code on the pre 2013 drafts and haven't touched that code since. This explains why XML elements are missing from their reports and report validation fails. You would expect that as soon as the RFC was published in March 2015, the organizations would have updated to the final XML schema, but unfortunately most didn't. What surprises me even more is that the site dmarc.org holds information and examples that are also based on the deprecated first drafts [3,4]. 

If we can't even publish reliable information on the dmarc.org website and get founding contributors to follow the DMARC RFC guidelines, I think DMARC will not become the reliable standard it should be. I've been in contact with most (large) organizations that fail validation but so far only Comcast has been willing to listen and fix their DMARC reporting. 

[1] https://dmarc.org/draft-dmarc-base-00-03.txt
[2] https://tools.ietf.org/html/draft-kucherawy-dmarc-base-02
[3] https://dmarc.org/wiki/FAQ#receivers (I need to implement aggregate reports, what do they look like?)
[4] https://dmarc.org/dmarc-xml/0.1/rua.xsd

-- Freddie Leeman