IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC bis: ticket 63: make p=none with no reporting URI invalid?

Scott Kitterman <sklist@kitterman.com> Fri, 15 May 2020 20:02 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A05363A08B6 for <dmarc@ietfa.amsl.com>; Fri, 15 May 2020 13:02:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_FAIL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=nI8ekWE8; dkim=pass (2048-bit key) header.d=kitterman.com header.b=APN59O6w
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2MF8Jq-CYkhz for <dmarc@ietfa.amsl.com>; Fri, 15 May 2020 13:02:48 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 915EE3A0840 for <dmarc@ietf.org>; Fri, 15 May 2020 13:02:48 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 869C6F80331 for <dmarc@ietf.org>; Fri, 15 May 2020 16:02:46 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1589572966; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=rOheDfu5uKyUOR3sdAoOJZxiderA+OntsYEZDdX07EA=; b=nI8ekWE87OFeZlZyMvl+cynJXd3YFq+xfA/pDO0zl89qEQyBCo2IGWw9BxAX3gRnUIeH1 GIwWwxpFA62sEVoDQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1589572966; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=rOheDfu5uKyUOR3sdAoOJZxiderA+OntsYEZDdX07EA=; b=APN59O6wAFqt26wiEk98KkY3HGF9TOYKLiDrisNgcKRU0kyZB41poF76BqOrmMQDVdXiT JiFevqgq8gvAoA3fY9FqTSjDU/VmsPW4oMm9b24+tD1N9tTCq41i3b30Uyf+MxRkDAQSNSh 2qDaTzup5L+UUixHuAOweqog4VmMY3ex8Q5jFJPzDo2v1OUdOFmPP4ZTabsYHX+ZwkueZbZ efJPukT3psUGWjyHIkbKBh2D7wj/XIbsp+yr55i4pzMk+/lNOsp0oJYRGuy05DkauH3cfji 3hpOnLcdAyHGOL/8zmcBhPTkGTkdSNFaLCEScHNMJRECDLyLAR8b4fv2AbWw==
Received: from sk-desktop.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTP id 5983EF80120 for <dmarc@ietf.org>; Fri, 15 May 2020 16:02:46 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Fri, 15 May 2020 16:02:46 -0400
Message-ID: <3457203.qin9KRflZP@sk-desktop>
In-Reply-To: <CAOZAAfMg4Ss-UVn9fEQb8Jd-bNkxkbyFZQQfxPb8Rq0Nd+EjCg@mail.gmail.com>
References: <CAOZAAfMg4Ss-UVn9fEQb8Jd-bNkxkbyFZQQfxPb8Rq0Nd+EjCg@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/CqQ_Q5dx_weWZDQniQihBTea3y4>
Subject: Re: [dmarc-ietf] DMARC bis: ticket 63: make p=none with no reporting URI invalid?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2020 20:02:51 -0000

On Friday, May 15, 2020 2:26:24 PM EDT Seth Blank wrote:
> https://trac.ietf.org/trac/dmarc/ticket/63
> 
> A published DMARC record that consists solely of "v=DMARC1; p=none" is
> syntactically valid, but is semantically equivalent to having no record at
> all.
> 
> >From an ecosystem perspective, especially in Europe, data has been shared
> 
> showing an increasing number of domains putting in bare p=none records, and
> then claiming that they are implementing DMARC and have some layer of
> protection against spoofing of their domain.
> 
> Explicitly making this case invalid would remove confusion from the
> ecosystem, and allow any checker that is up to spec to properly flag a bare
> p=none record as being the same as not having a record at all.
> 
> Should we make it invalid to have p=none without a reporting address?

I'll bite:

No.

This is unrelated to interoperability and unlikely to actually improve 
anything (this reminds me of the occasional suggestions to make v=spf1 +all 
special for SPF records).

Let's imagine a world where a domain that wants to claim they do DMARC in 
accordance with the latest RFC 7489bis takes their  "v=DMARC1; p=none" record 
and adds an RUA reporting address to it to comply.  Then they never set up the 
email address and the RUA reports all bounce.  It's compliant, right?

So then people demand a fix to require the address to be accept mail.  We spend 
two years doing that and then that same domain starts accepting mail to the 
RUA address, but they route it to /dev/null.

Then people complain about the waste of bandwidth associated with sending 
reports that get thrown away...

There's really no end to this.  Let's not start down the path.

Scott K

v2.23.0 | Report a Bug | By Email