Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports

ned+dmarc@mrochek.com Tue, 29 December 2020 17:40 UTC

Return-Path: <ned+dmarc@mrochek.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C5223A00D3 for <dmarc@ietfa.amsl.com>; Tue, 29 Dec 2020 09:40:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mrochek.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n1U1x7AxmrJ7 for <dmarc@ietfa.amsl.com>; Tue, 29 Dec 2020 09:40:21 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [98.153.82.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45C543A00D2 for <dmarc@ietf.org>; Tue, 29 Dec 2020 09:40:21 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RTQRKNS4KW00E8CV@mauve.mrochek.com> for dmarc@ietf.org; Tue, 29 Dec 2020 09:35:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mrochek.com; s=201712; t=1609263318; bh=ewHxwhE1IkhylbN6K9Ju/+CBAakzJSsXNExHQ9KhZnU=; h=From:Cc:Date:Subject:In-reply-to:References:To:From; b=PRr8Q7ZvkBTBM2pDFoj11yUAiARLH0Rdv/x6rtkAkorFjOltlWqOIa5XHklqPQ0zC IqZveNoYHzmwN9COu1NWEjWUI7TDAW5YoOpJwWtMmfqHvTOIOSfrOkH6Fh5KFR27Ly cKgMVOS40Foj24fHUoCMNqGHOaZttR+5IbF+Kqkg=
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: TEXT/PLAIN; CHARSET="us-ascii"; Format="flowed"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RTJOWYX49S004QVR@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for dmarc@ietf.org; Tue, 29 Dec 2020 09:35:15 -0800 (PST)
From: ned+dmarc@mrochek.com
Cc: Todd Herr <todd.herr@valimail.com>, IETF DMARC WG <dmarc@ietf.org>
Message-id: <01RTQRKLD8QK004QVR@mauve.mrochek.com>
Date: Tue, 29 Dec 2020 09:22:18 -0800
In-reply-to: "Your message dated Tue, 29 Dec 2020 10:59:30 +0100" <85fed1c6-4792-316c-836d-9a481c5d4964@tana.it>
References: <20201218023900.E73B82ACBB2B@ary.qy> <CAJ4XoYdXWTgADpdL1eJuYGnpSY038vj-FW_x1f2rEp1JL0r2oA@mail.gmail.com> <01RTICXKLL3E0085YQ@mauve.mrochek.com> <c5f7413e-52c1-6710-16e5-63f59d2c24b9@taugh.com> <CAL0qLwYDeV9CmFg9qCCGPse00JV30WRiSC4orC-EitK=hiahgA@mail.gmail.com> <a79dd75-4d73-d1dc-d6b1-272de866b950@taugh.com> <CAL0qLwZXu3FxH7QGBS7PGbeDwfDTGmC=rbPEQidVV4eDJNHLUA@mail.gmail.com> <CAJ4XoYeK2cJb+easc=mqCi4ap1932LmbDdfxM1dFZKrdo2a2mw@mail.gmail.com> <acfe3d9e-97eb-50ee-26a2-568fdd8359dd@taugh.com> <CADyWQ+GJ62jt=dL9Gzuw_O7USNbS=86BqAzu8Rdv9sCb5OpCdw@mail.gmail.com> <d4a00be5-bd61-0c05-3431-8d56b39a3550@tana.it> <8813331f-f5e4-faa5-c6d-11212fc25797@taugh.com> <CAHej_8kpT2ooFoJdsj1X+AV90HEA29yABJVp+EhrpJNXxWpnOA@mail.gmail.com> <CAJ4XoYdFHZEras4JC5K04i+PAukWCTBBnwr0zw_CYwDOAe6Sng@mail.gmail.com> <CAHej_8kw6JV-wQKOs1yd_z0RsZe=wuew2+ZSJrmY35j-VCcwFw@mail.gmail.com> <dc3140ef-dcb6-05e2-71c3-d449f0e76f1f@tana.it> <CAHej_8n=ofqBN_6v2VYJ9vKfefcZO1+jWNPPY9vrcK4Jc_gH_A@mail.gmail.com> <85fed1c6-4792-316c-836d-9a481c5d4964@tana.it>
To: Alessandro Vesely <vesely@tana.it>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/IhKyBFyr-uHo92Uem1rBLZ1p730>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Dec 2020 17:40:22 -0000

> On Mon 28/Dec/2020 22:20:55 +0100 Todd Herr wrote:
> >
> > DMARC validation failures can be caused either due to legitimate mail
> > (i.e., mail originated by or on behalf of the publisher of the DMARC
> > policy, a.k.a., the domain owner) failing authentication checks due to a
> > shortcoming in the authentication practices of the domain owner or some
> > other hiccup that occurs in transit, OR by illegitimate mail (i.e., mail
> > not originated by or on behalf of the domain owner, so mail intended to
> > fraudulently impersonate the domain), specifically the kind of mail that
> > DMARC is purported to be designed to stop.


> That kind of analysis seems to be missing from the draft.  After some years of
> experience,  we should be able to provide some, I'd hope.  If not, we'd better
> bluntly drop the draft.

I think a list of possible failure causes would be nice to have, because
a lot of people seem to think that DMARC is a completely reliable mechanism.

I'm not entirely convinced this document is the place for it, but OTOH
I'm not convinced it isn't.

It also strikes me as more of an exercise in enumeration of possibilities than
an actual analysis.

Let's see. We have:

  o Illegitimate mail
  o Message changed in transit, invalidating DKIM signature
  o Incorrect DKIM signing
  o Incorrect SPF setup
  o Unintentional domain misalignment
  o Improper assertion of DMARC policy


We get regularly get problem reports whose root cause turns out to be one of
these things.

I've probably missed a bunch, and this may not be the best way to compose the
list.

				Ned