Re: [dmarc-ietf] Reporting DMARC policy in A-R header fields

Scott Kitterman <sklist@kitterman.com> Tue, 30 July 2019 04:55 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7412D12004F for <dmarc@ietfa.amsl.com>; Mon, 29 Jul 2019 21:55:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=0rMSLKQd; dkim=pass (2048-bit key) header.d=kitterman.com header.b=SsYfWE17
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TPyEqjK7_ID3 for <dmarc@ietfa.amsl.com>; Mon, 29 Jul 2019 21:55:28 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCF99120047 for <dmarc@ietf.org>; Mon, 29 Jul 2019 21:55:28 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id 1C171F80706 for <dmarc@ietf.org>; Tue, 30 Jul 2019 00:54:58 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1564462497; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=Dz0YQRW2ie5CDUh1EmSb+4UK4m/FHbmFitMqzw8eO3w=; b=0rMSLKQdhP2XtUjy16jdD9qwdjlDKqVymgmxB/92SHoHW39iR1HCsRhi 287587P/Ta3CZ5IAPlUPJXIJKiXxBg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1564462497; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=Dz0YQRW2ie5CDUh1EmSb+4UK4m/FHbmFitMqzw8eO3w=; b=SsYfWE17TLx+QTIWJbcvdsRnv2f1kwWpwN6vEiFkRPtoJ5oGm+qG8cwr GGmyaIY0I01ZF/rmP5mFPLYJs5aPSNWMmR0lH+fILsSLuNtdplkK8zcl25 /Xv0EnUrMqSpePKQm3r+A5VuaXELSbmbGBptk/LZupLGQeGtp7hXU0Hm4w nuyUAr+Sppp/otvapYkularoQifEjFIApr0i9kImb682oWq3ir0xTKVncy cjfONhoNmnwxM4fovTzOw4B/iJG7Fj2+qLtLoiJLt8h0Y0onem/+IBHKdM /QD/baHAh3A5Yx5oH2hiPnqsW3zhGQLEY1fsHo4dpY0kRpywTBK/Ng==
Received: from l5580.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id DC5C9F806FC for <dmarc@ietf.org>; Tue, 30 Jul 2019 00:54:57 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Tue, 30 Jul 2019 00:54:57 -0400
Message-ID: <4600949.rz9u5RyGOV@l5580>
In-Reply-To: <2577720.3ZthdXZjm2@l5580>
References: <2577720.3ZthdXZjm2@l5580>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/8IFnibeuaPrrGt1Vyke0FziXOYc>
Subject: Re: [dmarc-ietf] Reporting DMARC policy in A-R header fields
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 04:55:31 -0000

On Monday, July 29, 2019 3:37:55 PM EDT Scott Kitterman wrote:
> I'd like to add the option to record DMARC results in an A-R header field
> for consumption by a downstream processor.  I think it would be something
> like this:
> 
> Authentication-Results: mail-router.example.net; dmarc=pass
> header.from=example.com policy.dmarc=none
> 
> That would take adding an entry in the Email Authentication Methods registry
> for:
> 
> method: dmarc
> ptype: policy
> value: dmarc
> 
> Does that make sense as a way to do it?  Does anyone have alternative
> suggestions?

I think comments should be free-form.  If we want data that can be machine 
parsed, we should specify it.

I think the above works in ABNF terms.  It's:

Authentication-Results:" authserv-id; method=result ptype.property=value 
ptype.property=value

According to the ABNF, there can be more than one propspec 
(ptype.property=value) per methodspec in resinfo, so I think it's legal.  It 
would just need the new registry values for dmarc.

Scott K