Re: [dmarc-ietf] spec nit - subdomains reporting clarity
Дилян Палаузов <dilyan.palauzov@aegee.org> Tue, 02 July 2019 10:26 UTC
Return-Path: <dilyan.palauzov@aegee.org>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C754A120044 for <dmarc@ietfa.amsl.com>; Tue, 2 Jul 2019 03:26:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=aegee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z344sVSrOGz7 for <dmarc@ietfa.amsl.com>; Tue, 2 Jul 2019 03:26:05 -0700 (PDT)
Received: from mail.aegee.org (mail.aegee.org [144.76.142.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 657C912006B for <dmarc@ietf.org>; Tue, 2 Jul 2019 03:26:05 -0700 (PDT)
Authentication-Results: mail.aegee.org/x62APqR8001098; auth=pass (LOGIN) smtp.auth=didopalauzov
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aegee.org; s=k4096; t=1562063156; i=dkim+MSA-tls@aegee.org; r=y; bh=T3dApzY0vcQYClUjLoB4rooZOYCdWkSu6r4Rn6j9l7Q=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=VKFSqTV7DXTFJhUuWjOXbmprIMuTpQUIToNcrhXF+amPe41wQYodYqjjmm7u1q/mE EPL1x91ekrx/QdD+Z+D+OcO1UZfWIdf7a5p7xBrQc1Fhg4q4DCa9sF6KWsH/ni3a4b 4vWept9gDZq7pptxJq4LEkSBzlrNfO5ElCdOEtWjoJV2sCehGtcxxICl3+XYEp9HQ4 HKqQ3+B+80GJQ6NDyhhmFHYNV+rVcUyJHlLhn8xjTd+HkPZhNJ8lFl/GFxwLZuU6+W I/MPAcngNJfVm7CBCuJoPLnkmD/5AQjqZRf0KdJo4zQDOgI4XlxVgUeoutHBsUsAaz X+pu0PgAwmoBbNVtyDeZET4IbcCVB9UnH+7QANaPMpHMRoGSMBhiLT4ulImD8KgvQC U4KDwyu3Zz3mG1mo0hEH9zaS+ghIW4Bql0tqfLA5+Ap1J7eQ88vebBOfO0XAmiZlSR ukCQWNAXJh85STWTJ8yeFEBdOtNRkYmnC62+/upo6yObM2dBirRf5o/3JkjaU/NDBD +4QyWzI569HlsBEEQWbhJAtrmGbQWyy5hh1rSqnc7VWBg67fZaYiyNghFnzWrPHZgW x1xkOko/raFaiFaq3NrHOO5NTNHlkBInXyJ+/jK/6O2wRczrki+nbGaarGPba7zGkm nto/gcXswFggWoToRr8c+hr8=
Authentication-Results: mail.aegee.org/x62APqR8001098; dkim=none
Received: from Tylan (87-118-146-153.ip.btc-net.bg [87.118.146.153]) (authenticated bits=0) by mail.aegee.org (8.15.2/8.15.2) with ESMTPSA id x62APqR8001098 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 2 Jul 2019 10:25:52 GMT
Message-ID: <b35beaa901f18949b817466ec022771ea40ecb6a.camel@aegee.org>
From: Дилян Палаузов <dilyan.palauzov@aegee.org>
To: Tomki <tki=40tomki.com@dmarc.ietf.org>, dmarc@ietf.org
Cc: seth@sethblank.com
Date: Tue, 02 Jul 2019 10:25:51 +0000
In-Reply-To: <c8e932fc-5048-7779-4d8f-31198c205b2a@tomki.com>
References: <c8e932fc-5048-7779-4d8f-31198c205b2a@tomki.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.33.4
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.101.2 at mail.aegee.org
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/EvkYRG_mV6g_0tz7v5o3YfUVO7E>
Subject: Re: [dmarc-ietf] spec nit - subdomains reporting clarity
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2019 10:26:07 -0000
Hello Tomki, The schema for reports is: first element is <feedback/>, it includes <policy_published/> . <policy_published/> contains <domain/>. Do you propose to include in the <domain/> the base domain, that declared implicitly or explicitly the sp= tag, and then cummulate all data for that domain and subdomains in the same xml.gz report, or do you propose to include several xml.gz files for each domain in a single email? Alternative approaches to reduce the amount of emails are: - include one or more xml reports in a single email, e.g. based on derived policy via the sp= mechanism - group reports for a single domain owner into one email with many xml files, provided that the recipient address of the reports is the same. Here sp= is irrelevant. This is tricky, when the recitient addresses for two domains overlap, but are not identical. - group xml.gz reports for many domain owners (or many distinct second level domains) into a single email, provided that the recipients of the different reports would be the same. Regards Дилян On Fri, 2019-06-21 at 18:04 -0700, Tomki wrote: > The spec appears to be unclear on how subdomains are to be reported - ie > most but not all implementations have performed this as intended, in the > same XML as the top level domain (when the subdomain does not have its > own DMARC TXT record) > > Cisco interpreted the current definition to mean that every subdomain > seen should get its own XML file. (not just the ones with their own > DMARC record) This results in every individual IronPort system [which > has DMARC reporting enabled] generating hundreds to thousands of extra > reports every day. > This can result in corporate reporters like Paypal or Rolls Royce > (IronPort users) sending as many reports in a given day as Google. > > The section which should be referred to in implementing a reporting > engine is 7.2 https://tools.ietf.org/html/rfc7489#section-7.2 > The only relevant bullet that I find here is > " The report SHOULD include the following data:" > .... > "Data for each Domain Owner's subdomain separately from mail from > the sender's Organizational Domain, even if there is no explicit > subdomain policy" > > In trying to find out why Cisco implemented their reporting in the way > that they did, I've actually had a hard time understanding how others > understood that bullet point well enough - I can only imagine that > everybody just implemented by following examples of existing > implementations. > > A suggested rewording for that bullet point: > " Data for each Domain Owner's subdomains as separate records in a > report titled for the Organizational Domain, unless there is an explicit > subdomain policy - in which case a standalone report is generated for > that subdomain" > > --Tomki > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc