Re: [dmarc-ietf] Forensic report loops are a problem

John R Levine <> Thu, 28 January 2021 03:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 678693A1189 for <>; Wed, 27 Jan 2021 19:08:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=gL+xcm0j; dkim=pass (2048-bit key) header.b=D3OZdQk2
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FYoMA1EGN2ZP for <>; Wed, 27 Jan 2021 19:08:42 -0800 (PST)
Received: from ( [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7D5463A1188 for <>; Wed, 27 Jan 2021 19:08:41 -0800 (PST)
Received: (qmail 37418 invoked from network); 28 Jan 2021 03:08:40 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=9228.60122ab8.k2101; bh=KJbhMnH3rvjA2TUh4ja+GVQ7P+FXIxVOLbIRu5Bp9pk=; b=gL+xcm0jy4EaYKT1OaRpZLXwb+e44FPpAax9n4S5DaHDIzLMTc9376PO5eyo6S+izYsJoL5+2u5/TbYhxgGKSBSYIxbkUHLZDa5F8Fv/cXuR3IHEA0GecIMzm1srXLJxjNamVoqgiNd2NsSjbA1CfzUnkmcyFtSPrXtYNN1U1aOxd2qOnrrGGzGVkNq8TX4bD66iIpKLZQMF1oOM0QV4iafU6852INhjIFeN2PobZiY7N7QYt330oN6l5d2zUq2l90UhIgjlTP4qynQO6e0mlxImW+pN5p840vk9ryzlxO/3wLAZdWH97iYPNJQIkQXAya/TKUPnkAuG41AsyUTtqg==
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=9228.60122ab8.k2101; bh=KJbhMnH3rvjA2TUh4ja+GVQ7P+FXIxVOLbIRu5Bp9pk=; b=D3OZdQk2AtRPfV/nywofr1D7IK2cDDCKYgm9AbllOHqMgiLS120TqmQVY/cMXe7kcQL+S/0c/+F4WQ+OY5uDqI5dni2J25dro4rYs3A42SRqVEwEyOeW5GMW6lA6z7tCjeQLrNmaEEY81/kmqLr/5rT1vWXg6z5XuqRbe8ENrRAecPANvMut88bpQzeoJhI5SREaZ2FJcVIBn5Hy3iWhXOftoy7CfUoEuBe1eSkDxsNIo67UR2usfb4HgL3mdgLN26xlzlM8MsCAgRmh+2lPIe58v0TpLQjFj2xRzG3pD/Zcy0Ha6WYgiyuYTPnMf9YH/6cnb7SXgYOHlR1n/US5Sg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 28 Jan 2021 03:08:40 -0000
Received: by ary.qy (Postfix, from userid 501) id DEE576CDE11E; Wed, 27 Jan 2021 22:08:39 -0500 (EST)
Received: from localhost (localhost []) by ary.qy (Postfix) with ESMTP id 4DF476CDE100; Wed, 27 Jan 2021 22:08:39 -0500 (EST)
Date: 27 Jan 2021 22:08:39 -0500
Message-ID: <>
From: "John R Levine" <>
To: "Murray S. Kucherawy" <>
In-Reply-To: <>
References: <> <20210127203714.007C86CDB9CA@ary.qy> <>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset=US-ASCII
Archived-At: <>
Subject: Re: [dmarc-ietf] Forensic report loops are a problem
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 28 Jan 2021 03:08:44 -0000

On Wed, 27 Jan 2021, Murray S. Kucherawy wrote:
>> I still don't understand why failure reports about messages that happen 
>> to be failure reports are in any way special.
> Loop detection in RFC 5321 is a normative MUST because of the obvious
> operational problems it creates.  Maybe I'm being thick, but right now I
> don't see how this is different, apart from the fact that each message is
> distinct; ...

Here's perhaps another way to look at it.

Imagine that I am a semi-competent mail server operator.  I hear that 
DMARC is great stuff and I set up DMARC software on my server including 
sending and processing reports.

Unfortunately, my l33t coding skillz aren't quite up to it, and my failure 
reports are all unaligned.  Also, I'm not very good at reading specs and 
my reports aren't in the right format either.  (Not making this up, I have 
lots of failure reports that are not multipart/report.)

Oh, no!  People are sending me failure reports about my failure reports! 
Make it stop!

Which of these should we do:

A) Everyone in the world who produces failure reports adds special cases 
to look for incoming failure reports, and heuristics to try and recognize 
failure reports in the wrong format, and when it finds one of them, it 
makes a note not to send a failure report about it.

B) Someone slaps me upside the head and I fix my SPF record so my reports 
are sent correctly.

This does not strike me as a hard problem.

John Levine,, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.