Re: [dmarc-ietf] Reports helping spammers? (#81)

Todd Herr <todd.herr@valimail.com> Thu, 21 January 2021 23:03 UTC

Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 227963A0AFB for <dmarc@ietfa.amsl.com>; Thu, 21 Jan 2021 15:03:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lb3K9-lk2wid for <dmarc@ietfa.amsl.com>; Thu, 21 Jan 2021 15:03:18 -0800 (PST)
Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com [IPv6:2607:f8b0:4864:20::72d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BB6C3A0B05 for <dmarc@ietf.org>; Thu, 21 Jan 2021 15:03:18 -0800 (PST)
Received: by mail-qk1-x72d.google.com with SMTP id x81so601190qkb.0 for <dmarc@ietf.org>; Thu, 21 Jan 2021 15:03:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4z0Vpv/opZLCK864JsbKhLC6JK1HJ6D+BIpX7U2nm8g=; b=Mc3cnW8M//oJnVywuUTF1WV+DmchSt8MhwnIIdkRcQDf4QnvR2CxTzJirn0PYV1P+y ImronLquDNsd5PGgYA8NxHwFdxNAi5mHZcxRCYBPh8WZQUzM/syJkL3A5LbLv5235W3x zlIC62Vhz/xhf9C0noc1Aci//n6zCP8d6AdB2c0MPS9nQb12xoboywh52M7Eq11IFmZ5 CLkTo+p5hvvC14mJ3pWFe5VnJixF+hf8q2psyAPLGl2FhsySQdKyWf/pTvuvCZXX0DLU 07GrYeDaa58BXs4dmFNWtkCUvKwsUtw9QJ5NWFAxDrbU7fUBelc8ZOcWovthS1gHs5T3 a2gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4z0Vpv/opZLCK864JsbKhLC6JK1HJ6D+BIpX7U2nm8g=; b=Avt/RoE8oPcusG3gMgJy5N1mTjE0rx4XOui7sShshaXhSWBAgLK6Anm+QNVlJRzuLg aCYWWF0o96NNw5CFgIvPLEhu4bZTfOsAmFDiKysgEViD9l+QcjHOF0Jh+Nl1wuChvPHo l0Qhewyk71BCg+lQo3yjldqdgETSJju+lg5kWZ5W//rLTWzCnLj1CGX/cPr+E/BVf+3r HlVnTW6PxUbXJy6lWJgDWRk1abzZbcLNpufv2BUcfTLu4yU2qWXfM6Q/3gNTLGkuPlbW ff4cbAbXu3WYeVjan1CxdZRuRbpFXOIUuQmlUJTv2S5eUj8zeEou0kdyxnP2XURIUPig Dtbg==
X-Gm-Message-State: AOAM530zPgMUrY2UTMf1nvYUNPlkYcttCTAwdV+Gt0ZJhbeJx/ftgUl5 y2R3zBd+KeJQhohA32Y8BWPVvq09bwiFP1fSSp+smA==
X-Google-Smtp-Source: ABdhPJyrlX7VYJzro0+shTFGVz9nmVhua4bMCM+BUhG59BAm+Mco9pCPEwYrKY6nmEMgVdYByA+JvvVHbm7ssgsFtbI=
X-Received: by 2002:a37:e20d:: with SMTP id g13mr2217929qki.325.1611270196233; Thu, 21 Jan 2021 15:03:16 -0800 (PST)
MIME-Version: 1.0
References: <MN2PR11MB43515A1079F57BD6F6EE0A80F7A19@MN2PR11MB4351.namprd11.prod.outlook.com> <CAOZAAfMDK=oz10O+jMyG5wvYyKpVpoOCyQxQv1_kokWutffXuQ@mail.gmail.com>
In-Reply-To: <CAOZAAfMDK=oz10O+jMyG5wvYyKpVpoOCyQxQv1_kokWutffXuQ@mail.gmail.com>
From: Todd Herr <todd.herr@valimail.com>
Date: Thu, 21 Jan 2021 18:03:00 -0500
Message-ID: <CAHej_8n9crrj6xypUJeMJT+5G+8UVPhKLKScHqtcXzJTe7utLg@mail.gmail.com>
To: Seth Blank <seth=40valimail.com@dmarc.ietf.org>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000af20a405b97113c6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/CjaQXb0Mpy5gYj73inc8RlwOi4U>
Subject: Re: [dmarc-ietf] Reports helping spammers? (#81)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2021 23:03:21 -0000

I would submit that it would be in the best interests of mailbox providers
and others who are in the business of making acceptance and filtering
decisions to ensure that spammers properly authenticate their email, so as
to better and more reliably assign a poor reputation to the associated
domains and make it easier to identify them.

On Thu, Jan 21, 2021 at 4:42 PM Seth Blank <seth=
40valimail.com@dmarc.ietf.org> wrote:

> I don't understand this concern. The data in a DMARC report speaks to the
> underlying authentication of a message on receipt, and nothing about the
> "spaminess" or not of a message as it's processed.
>
> On Thu, Jan 21, 2021 at 1:00 PM Brotman, Alex <Alex_Brotman=
> 40comcast.com@dmarc.ietf.org> wrote:
>
>> Hello folks,
>>
>> Thought I'd see if we could come to a conclusion on this ticket.  The
>> gist is that the reporter believes that (aggregate?) reports can help
>> spammers to determine some effectiveness of their message attempts.
>>
>> Full Text:
>> -------------
>> Spammers could use DMARC reports to monitor the effectiveness of their
>> campaigns, and we do not want to help them. Do existing implementations
>> send reports to any domain that requests them, or only to those domains
>> that are considered "acceptable"? If reports are only sent to acceptable
>> domains, what sort of criteria have been useful?
>>
>> System administrators will appreciate such advice. Product developers
>> will need guidance about the features they should provide so that a system
>> administrator can control which domains do not receive reports.
>> -------------
>>
>> >From an operator side, I don't agree with this assessment.  The reports
>> do not show if/why a MBP may place a message in the Junk folder.  Could it
>> be DMARC quarantine?  Sure.  It could also be any number of things from a
>> large matrix of decisions, none of which are shown in a DMARC report.
>> Also, the reports are typically sent once per day (seems like most ignore
>> the 'ri'), quite likely some time after the end of the reporting period.
>> Additionally, they probably have more efficient/immediate methods of
>> evaluating their success rate.
>>
>> If you believe something has been overlooked, please feel free to share.
>>
>> --
>> Alex Brotman
>> Sr. Engineer, Anti-Abuse & Messaging Policy
>> Comcast
>>
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>>
>
>
> --
>
> *Seth Blank* | VP, Standards and New Technologies
> *e:* seth@valimail.com
> *p:* 415.273.8818
>
>
> This email and all data transmitted with it contains confidential and/or
> proprietary information intended solely for the use of individual(s)
> authorized to receive it. If you are not an intended and authorized
> recipient you are hereby notified of any use, disclosure, copying or
> distribution of the information included in this transmission is prohibited
> and may be unlawful. Please immediately notify the sender by replying to
> this email and then delete it from your system.
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>


-- 

*Todd Herr* | Sr. Technical Program Manager
*e:* todd.herr@valimail.com
*p:* 703.220.4153


This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.