Re: [dmarc-ietf] nit - data integrity

Hector Santos <hsantos@isdg.net> Sat, 15 June 2019 18:39 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A8081200A4 for <dmarc@ietfa.amsl.com>; Sat, 15 Jun 2019 11:39:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=aKskbd6i; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=K/TNazUg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E2unCg9GjMSN for <dmarc@ietfa.amsl.com>; Sat, 15 Jun 2019 11:39:57 -0700 (PDT)
Received: from mail.winserver.com (ntbbs.santronics.com [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 1ABE8120019 for <dmarc@ietf.org>; Sat, 15 Jun 2019 11:39:56 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1573; t=1560623989; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=JpdUnajkc2X7l0EutDTGGqAtvSo=; b=aKskbd6inyuXfUphFjweiH1OL60IhY1rbyOUt2QcfG5QByY5ztO1e2k446ECt4 ui6csYVCCrsvniOBVH2QuAhavRaf0DBjE2xtJfogy7t648+2NBIJvJfp5j4gYz3M 6GqILmwjKvplS5GHz+YUe91A2J8SVFHcxq7dmjZkkdmlc=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.8) for dmarc@ietf.org; Sat, 15 Jun 2019 14:39:49 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com;
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.8) with ESMTP id 1416424807.25538.1124; Sat, 15 Jun 2019 14:39:48 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1573; t=1560623782; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=qwyXpab Z64ayQz9B3CmCBgbeqMfF+lYwDSOTdTbXCJI=; b=K/TNazUgb+hM92hU4URnC8Z kma4Vj/vpqo/5SxbuuLPUVi7FfHr3BNHG0NQH/iv4/Pd27LgzhMomXZBKRJHo4Ni tq63IK9rBigSfAnyVmITqtwPQrEwUQ18Tm4qcSLknfeHhBYzswyO1viExDmKziB4 PhaZz+MsQ6WWIOAKD2OY=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.8) for dmarc@ietf.org; Sat, 15 Jun 2019 14:36:22 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.8) with ESMTP id 2988637145.9.235216; Sat, 15 Jun 2019 14:36:21 -0400
Message-ID: <5D053B78.3090603@isdg.net>
Date: Sat, 15 Jun 2019 14:39:52 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dmarc@ietf.org
References: <0a8b5459-8a9a-7a5b-d169-4c183c43afdd@tomki.com>
In-Reply-To: <0a8b5459-8a9a-7a5b-d169-4c183c43afdd@tomki.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/EGVBl610KJroToendX4-ARgnz9k>
Subject: Re: [dmarc-ietf] nit - data integrity
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Jun 2019 18:40:00 -0000

On 6/14/2019 9:34 PM, dmarcietf=40tomki.com@dmarc.ietf.org wrote:

> The suggestion: provide guidelines on data integrity, which data
> providers should follow.
> Examples:
> - raw SPF 'fail' should never result in DMARC-SPF 'pass'
> - raw SPF 'pass' out of alignment with header_from should never result
> in DMARC-SPF 'pass'
> - raw DKIM not being shown should never result in DMARC-DKIM 'pass'
> etc
>
> I'm not saying that these situations don't occur for legitimate
> reasons, but the DMARC result is a logical evaluation.  If the result
> of that evaluation is other than the receiving system wants to apply,
> then all of the correct evaluations should still be listed, but the
> disposition can change, and local_policy explain.
>
> Is this something which can be simply stated in the specification, or
> would it belong solely in a 'DMARC XML generator BCP' document?

Reasons for sending reports?

What I think you are saying is:

If a domain's DMARC restrictive policy is going be overridden by local 
DMARC policy, then a DMARC report should be sent to the DMARC domain 
providing the DMARC technical reasons why DMARC failures were not 
rejected but instead accepted and passed to the user's eyeballs or 
quarantined?

I think I would interesting to know which DMARC receivers are 
accepting what are otherwise DMARC rejectable failures.  A lawyer 
might be interested too, in the off chance an innocent user was 
damaged by the receiver's local DMARC policy.  The DMARC domain did 
its part. The DMARC receiver did not. <g>

-- 
HLS