Re: [dmarc-ietf] not ADSP, was is DMARC informational?

Michael Thomas <> Tue, 08 December 2020 00:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D3B653A0D29 for <>; Mon, 7 Dec 2020 16:50:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.652
X-Spam-Status: No, score=-1.652 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ysbfpvP2w500 for <>; Mon, 7 Dec 2020 16:50:30 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C4C283A0D21 for <>; Mon, 7 Dec 2020 16:50:30 -0800 (PST)
Received: by with SMTP id y10so4602052plr.10 for <>; Mon, 07 Dec 2020 16:50:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=pjNf1/UUTKDCgVzIUTsWrQkX7J1OJkT2vY7UMWNiQNo=; b=sqFVPuK9H15sBasoqA/TssSbYY3Z3RhoZI3V+Yi5HMq/EKsJuXu5xqVyOSKd2hBjav sN7m8N8xm8Sd/vPdxUBLYMpqcyV+AwfEQekie2gF1+bwVcev+t5Uu+vap42U/EG5GjB+ JcxD3DK3pjU4njJ07wjm0NNM9qSAvjTq+Fi2uWkZvORilAxJ1i/dmdvazazPsXSZ2yi1 cubjlMvcQFubBRMgxbS8KBjEKxjV+M2w1vKKOWGT5BEQg9cqnAvTXkgIc9RTOYe+FYGW exjtUqd8G5iVe5znews65vLIdeVxRGgJ2TY0ww9je69HL5f5EeI3K2Hmobg6lRYKaSic st4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=pjNf1/UUTKDCgVzIUTsWrQkX7J1OJkT2vY7UMWNiQNo=; b=ChIMNvEXctXOKDZWis3pFjN4CbZ+wXrEGn5jZTc1kjca0KCHswQjZaFECOyeeW5Jxv QAwMrLuDLe5eZqG/6XCVx2kKDQPzQcpkhsXPPZ5LkZnVHVMg/IBf/WAiTVxh0ul36g1E bIU0r2QBzw25Xi23p8Eo1U+ZEuHEkQU8dIDQ6D2rDjy5+CNUdmV4I/n0yqdzxDd/gNIo DwQwwZqLTluW/GslYwvo9wiBXEsZNNd8N+TB4F81sn+Khkv/IipCXA7NcnpoG/3p13lH VNYlLfkHu8puHC7SGmaISD5n88N5ZwNEOri8OzbtH2+Vtxqr80LprbbsdvUD5LB86fta AeSQ==
X-Gm-Message-State: AOAM5321MThvn+L6qoJS0l8m17tHpi3EQtjlz3hQ+0FDkQnmrdOsbN3t PtCk/zfylzSPye6V+A0IIuwiPN9LATnKkw==
X-Google-Smtp-Source: ABdhPJwWtGyo6n849XZsWVyw5uK+jMjEA6631K74T1L8JPuLVPq4OTAFG8IzPjIVvd/62Bm0qqJeEw==
X-Received: by 2002:a17:902:8498:b029:d8:e2a0:e4e7 with SMTP id c24-20020a1709028498b02900d8e2a0e4e7mr19077601plo.49.1607388629719; Mon, 07 Dec 2020 16:50:29 -0800 (PST)
Received: from mike-mac.lan ( []) by with ESMTPSA id s189sm14922711pfb.60.2020. for <> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 07 Dec 2020 16:50:28 -0800 (PST)
References: <20201207051846.CBEEE291CC3F@ary.qy> <> <>
From: Michael Thomas <>
Message-ID: <>
Date: Mon, 7 Dec 2020 16:50:27 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [dmarc-ietf] not ADSP, was is DMARC informational?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 08 Dec 2020 00:50:32 -0000

On 12/7/20 4:44 PM, Dave Warren wrote:
> On Sun, Dec 6, 2020, at 22:31, Michael Thomas wrote:
>> there are clearly many use cases where that isn't a problem -- like bank
>> transactional mail -- and ADSP was just fine for that.
> There were still surprises to be had here. I still, to this day, find mail direct from various senders that are wanted by the recipient but that fails SPF without forwarding (with a -all) or hits a dmarc=reject. I quarantine such for review and release to users as needed.
> Obviously lots is spam, or forwarding that broke SPF or whatever, but just as often it is a small piece of a big company doing something without fully understanding how modern email works. Oddly it is often security sensitive stuff, not crazy long ago it was Facebook password resets, often it is 2FA codes (which are probably going through a separate channel to get immediate delivery without risking backlog?), and other reasonably important things from parts of the company that I would expect to be at least moderately aware of the email security world.
> I agree that ADSP was theoretically fine for this type of use, but in practice, DMARC's feedback simplifies things a lot when a client complains their outbound mail isn't making it and we can quickly see what is being rejected.
> it is an imperfect world.

I fear that DMARC's reporting only confirmed the obvious: this is hard. 
It gave numbers to anecdotes. That's really useful, don't get me wrong. 
Hopefully it can be used to suss out how to demarcate the long tail of 
don't care use cases.