Re: [dmarc-ietf] DMARC result for DKIM testing and policy
Alessandro Vesely <vesely@tana.it> Thu, 21 March 2024 09:54 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEB97C1D4CEA for <dmarc@ietfa.amsl.com>; Thu, 21 Mar 2024 02:54:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.407
X-Spam-Level:
X-Spam-Status: No, score=-4.407 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lis6fLl84EV8 for <dmarc@ietfa.amsl.com>; Thu, 21 Mar 2024 02:54:33 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [94.198.96.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AC2CC1CAF3C for <dmarc@ietf.org>; Thu, 21 Mar 2024 02:53:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1711014836; bh=3CuDSrUbpRP0gVV7YdZaVix8pH6ZZpu17P4xmNcnOiY=; h=Date:Subject:To:References:From:In-Reply-To; b=AbHrP2D08MZKnciC4PuAU7ca0hQzqyk8bgupnLoeEqezcd3Cn+a1/IXLMH+2eqwwZ R6JB4Y/jSmAYXvTA/1d52Ua0k3U2OvhW2aY76tidC/UDaBSJH6jyYS+SRneNJbHyer 6o34y/yTrkwumEefA2FJM3OKAiOk4M6h1TgO5DjBYNSJfXxiVWCv/75ACF4Ah
Original-Subject: Re: [dmarc-ietf] DMARC result for DKIM testing and policy
Author: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.120] (pcale.tana [172.25.197.120]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0BA.0000000065FC03B3.00000ED6; Thu, 21 Mar 2024 10:53:55 +0100
Message-ID: <8acac3b8-4529-4c21-b7a4-462564199db4@tana.it>
Date: Thu, 21 Mar 2024 10:53:55 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US, it-IT
To: dmarc@ietf.org
References: <27cf610e-8666-410c-b015-6c33478af9b4@tana.it> <d959df28-efae-41df-a760-95adf48f5d91@wander.science>
Authentication-Results: tana.it; auth=pass (details omitted)
From: Alessandro Vesely <vesely@tana.it>
In-Reply-To: <d959df28-efae-41df-a760-95adf48f5d91@wander.science>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ErJJGl3xMHX4Rs3h1wfKJjzXghw>
Subject: Re: [dmarc-ietf] DMARC result for DKIM testing and policy
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2024 09:54:39 -0000
On Wed 20/Mar/2024 23:11:20 +0100 Matthäus Wander wrote:
> Alessandro Vesely wrote on 2024-03-20 15:42:
>> what is the result of DMARC on having, say
>>
>> dkim=pass (testing key)
>> or
>> dkim=policy (512 byte key)
>>
>> is that akin to SPF neutral, i.e. dmarc=fail?
>
> dkim=pass results in dmarc=pass (if the domain is aligned). The comment in
> brackets is for human eyes and does not change the DMARC result.
For t=y, DKIM says:
y This domain is testing DKIM. Verifiers MUST NOT treat messages
from Signers in testing mode differently from unsigned email,
even should the signature fail to verify. Verifiers MAY wish
to track testing mode results to assist the Signer.
So reporting dkim=pass for testing keys seems to be a violation.
> dkim=policy is like spf=neutral, i.e. dmarc=fail.
Agreed. Should that be mentioned in DMARCbis?
Best
Ale
--
- [dmarc-ietf] DMARC result for DKIM testing and po… Alessandro Vesely
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Matthäus Wander
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Alessandro Vesely
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Todd Herr
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Todd Herr
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Scott Kitterman
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Murray S. Kucherawy
- Re: [dmarc-ietf] no DMARC result for DKIM testing… Scott Kitterman
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Scott Kitterman
- Re: [dmarc-ietf] DMARC result for DKIM testing an… John Levine
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Mark Alley
- Re: [dmarc-ietf] no DMARC result for DKIM testing… John Levine
- Re: [dmarc-ietf] no DMARC result for DKIM testing… Benny Pedersen
- Re: [dmarc-ietf] of course no DMARC result for DK… John R. Levine
- Re: [dmarc-ietf] no DMARC result for DKIM testing… Benny Pedersen
- Re: [dmarc-ietf] of course no DMARC result for DK… Alessandro Vesely
- Re: [dmarc-ietf] no DMARC result for DKIM testing… John R. Levine