IETF Logo Mail Archive

Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result

Douglas Foster <dougfoster.emailstandards@gmail.com> Mon, 24 October 2022 20:30 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 603D1C1524CF for <dmarc@ietfa.amsl.com>; Mon, 24 Oct 2022 13:30:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Rxd26jwBMdA for <dmarc@ietfa.amsl.com>; Mon, 24 Oct 2022 13:30:36 -0700 (PDT)
Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E817C1524C2 for <dmarc@ietf.org>; Mon, 24 Oct 2022 13:30:18 -0700 (PDT)
Received: by mail-lf1-x136.google.com with SMTP id r14so18635692lfm.2 for <dmarc@ietf.org>; Mon, 24 Oct 2022 13:30:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=wgv06y5dAZEMka3YwCYtQRxMA/7SSi+YeE4yokvUNkI=; b=MgOB4Hsk2SJoyS4wLF+SzG4iy17B0ZsoS85Q9cVPEKe8e+6LhiLKbVH/if34o+Cxio 4aGFM7iLmHvi5NlXxMIKxCg4Q8jCMbO+3kV9+RW5K6b3NDE56wfCVGhPb2M4/TwBPjbW HXiqzl/BfRzYXk/0LarRi7nvfSfmm+PTS1M0dFoWKXmYI/48xALBeVGg6/RLqZKPjGL9 Il3XCPFmyGv5IYxv+DDtCNpMbJwYai77igCtZuZSG/Ei+AQpzS2Csfoxs+hb7HYwdL4n FoOhRoUlQH/DFR9YNqwDpXgmP+DoavPCgcFz2FaWpKQgU0eFae+//RDMoGQuMY00Ng8f mPiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=wgv06y5dAZEMka3YwCYtQRxMA/7SSi+YeE4yokvUNkI=; b=M8mKKsuw5fMBU+6yMPVjB/bQMOMbGZ9UGv6F+wGNiaZ7LvRYx4e9eES7Qi2aa8mSSz 2ZY2verS+bZI7RZt03DdjAACvdE/qszhex8Ya9iR3HldsA0/EyogW41es4v7oENcJ6Y3 5h7LV0ugcfDN1dPDF0igq1zEfGuFVclEReXTvmg6Y0phWR/JDtDY3REo5Z9IKS//zy/t tXD6RmuCMnNzWYHPNXrd+seav8UXSVlXxdQWuym0Gn83mqjobq6TNFEeOuZJJCjvFaI8 yHljubq73PqBzh+Nv+hn9erVmGKOZ5xjiexEYOw9ddJsK+l5zHxPC4bHNuM2pFMdSe2C Vd6g==
X-Gm-Message-State: ACrzQf1s+fC9cMMtndvS2StPyG3cPRqmXO0dSC/nmGSViC4+ScYpegR5 ismdTXn5s6iBqfueXSghBcHrlfpnTQLKSgVrUW3zI/mr
X-Google-Smtp-Source: AMsMyM7RKHjtJgMPl+ppUKu3hcNE8VxsrMbubQzLkA9oYOtyWq02WP60+mfmEMi7tH0h+P1h2Dul8O1b13KRZnZi0/o=
X-Received: by 2002:a05:6512:252b:b0:4a0:5642:dbc5 with SMTP id be43-20020a056512252b00b004a05642dbc5mr13886177lfb.436.1666643416064; Mon, 24 Oct 2022 13:30:16 -0700 (PDT)
MIME-Version: 1.0
References: <9D6D6E80-B0B0-4CAD-B301-B0A17F9C6663@marmot-tech.com> <04FF4BB2-F8F3-4610-B33E-D4004C757E3B@marmot-tech.com> <CAH48Zfx+JPeoaFA4Z2zw982-+BkJcReyjK07u8w69KMSWx8vYQ@mail.gmail.com> <MN2PR11MB4351C32D2621D2024B39802BF72A9@MN2PR11MB4351.namprd11.prod.outlook.com> <CAH48Zfx0B5nvz9B2WJ-uUEeszyaoHbPoc1oubmjnrqo_H3x3Sw@mail.gmail.com> <f0d90ca7-38b7-3a1d-2be9-30cad7bec31c@tana.it> <CAH48ZfxcYFCj_5S7CU+r-d1yypMCOX9=UvLmTCqMNSa_kejycw@mail.gmail.com> <CAJ4XoYdvk506_L6BjZD2EYWfAyCgLWTgGS3qsV0_=XHC76--Nw@mail.gmail.com> <CAH48ZfxHzEHRGW-Omkj_HotO6kSdUByxhJstQTWn5hpOapYaRQ@mail.gmail.com> <CAJ4XoYe+s7BmFcvtNPaWu1i4kv_j=CtqA1DbkusfGk9s4rDYeA@mail.gmail.com> <560ccd88-2217-9e47-f690-6bc413c67ffa@tana.it> <CAJ4XoYdbPzf5ib6TX1s4tASANUj0FdrHb1uuJy52KdQayj8y3Q@mail.gmail.com> <bcdac862-95d3-94b3-9876-1a7b62a231e6@tana.it> <CAJ4XoYerfFq6vz3utqADk=Z5iXRrdgFCyKTAKMCZ8JSUxf2N_A@mail.gmail.com> <MN2PR11MB43518C0FD95E970FA3CD393BF72E9@MN2PR11MB4351.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB43518C0FD95E970FA3CD393BF72E9@MN2PR11MB4351.namprd11.prod.outlook.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Mon, 24 Oct 2022 16:30:06 -0400
Message-ID: <CAH48Zfz1k0UZDHGUYHgqD4gbS32e8Txu7GZsR0hMtFOd9f+jAA@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c825ad05ebcda877"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/JfHRVgQuCFoIftnX3c-ASoZI5HM>
Subject: Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2022 20:30:37 -0000

If there is detailed ARC reporting, the only target should be the
forwarder, as the message originator and domain owner are not parties to
the ARC process.  Consequently, ARC reporting cannot be part of the
aggregate report going to the domain owner.

To send reports to the ARC domain owner, we will need a DNS token for them
to request those reports.   This could be a new token in the DMARC policy
record, if we can assume that forwarders would be willing to publish a
DMARC policy to also obtain ARC reports.

Given the trust issues around ARC, I think only acceptance events should be
reported to the ARC domain.

The message's domain owner can get a status of "accepted by local policy,"
with a code for ARC as the supporting reason.  This is equivalent to
"redeemed" but less disruptive to installed base.  I see no reason to give
him anything more.





On Mon, Oct 24, 2022, 1:21 PM Brotman, Alex <Alex_Brotman=
40comcast.com@dmarc.ietf.org> wrote:

> There is a portion of the proposed aggregate document that affords one the
> opportunity to use “extensions”, which could potentially be applied to ARC
> (or any other reporting extension one would like to define).  Mindful, this
> still applies within the framework of DMARC.  So how the report recipient
> is identified is still tied to that same mechanism, though would allow Doug
> to define/create an “ARC Report” that is somewhat independent.
>
>
>
> --
>
> Alex Brotman
>
> Sr. Engineer, Anti-Abuse & Messaging Policy
>
> Comcast
>
>
>
> *From:* dmarc <dmarc-bounces@ietf.org> *On Behalf Of * Dotzero
> *Sent:* Monday, October 24, 2022 12:36 PM
> *To:* dmarc@ietf.org
> *Subject:* Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result
>
>
>
>
>
>
>
> On Mon, Oct 24, 2022 at 5:47 AM Alessandro Vesely <vesely@tana.it> wrote:
>
> On Sun 23/Oct/2022 14:16:30 +0200 Dotzero wrote:
> > On Sun, Oct 23, 2022 at 6:29 AM Alessandro Vesely <vesely@tana.it>
> wrote:
> >> On Sat 22/Oct/2022 18:25:55 +0200 Dotzero wrote:
> >>> Unaligned signatures are orthogonal/irrelevant to DMARC. They may be
> useful in
> >>> other contexts. In the DKIM standard, signatures mean that the signer
> is
> >>> asserting some (unspecified) responsibility for the signed message.
> That may be
> >>> useful for some reputation systems.
> >>
> >> Somewhat skewed w.r.t. orthogonality, actually.  Indirect flows are
> >> explicitly mentioned in the I-D as a reason to override DMARC
> dispositions:
> >
> > DMARC only gives a pass if either SPF or DKIM passes. Unaligned DKIM
> > signatures will NEVER give a DMARC pass.
>
>
> How about dmarc=redeemed?
>
>
> >>     There MAY be an element for reason, meant to include any notes the
> >>     reporter might want to include as to why the disposition policy does
> >>     not match the policy_published, such as a Local Policy override
> >>     (possible values listed in Appendix A).
> >
> > Local Policy is just that. When a Receiver invokes Local Policy it is
> > saying "I don't care what DMARC says, I'm choosing to ignore DMARC
> Policy
> > and do something else".
>
>
> It is a local decision to trust an ARC seal or an unaligned signature,
> depending on the signing domains.  Yet, the decision can be made by the
> same
> filter which looked up the From: domain policy.
>
>
>
> It may or may not be performed by the same filter which looked up the
> From: domain policy. So what? That same filter may also consider reputation
> while the SMTP session is held open. That doesn't make reputation part of
> DMARC.
>
>
>
> >> ARC too is a kind of unaligned signature, albeit with a bunch of
> >> additions. The extra information it carries, designed to bestow enough
> >> trust in the chain of custody to outweigh the self-referential reliance
> of
> >> aligned From:, doesn't substantially change the semantic of DKIM
> >> signatures.  And we should say how to report it, sooner or later.
> > > ARC != DMARC. It is a separate RFC that gives participants an
> alternative
> > means of evaluating mail flows when DKIM signatures are broken. Nothing
> > more and nothing less.
>
>
>
> ARC is a different signature not an "unaligned signature".
>
>
>
>
>
> Conflicting protocols?  ARC was devised by the DMARC WG, during the phase
> of
> "improving the identification of legitimate sources that do not currently
> conform to DMARC requirements."  So, yes, on the one hand, since unaligned
> signatures don't conform to DMARC requirements, they're not DMARC.  On the
> other hand, as a fusion of deterministic authentication techniques and
> domain
> policies, DMARC is intrinsically extensible.  For aggregate reporting in
> particular, we explicitly provide for extensions.
>
>
>
> Splitting out reporting is a good thing. Perhaps it should be renamed so
> that it is not DMARC centric. I would suggest the fact that something (ARC)
> which is not DMARC is included in the reporting that was developed as an
> integral part of DMARC is a matter of convenience more than anything else.
>
>
>
> >> I'm not proposing to mandate the evaluation of any evaluable item.
> >> However, I'd neither discourage it.  Perhaps technology will provide us
> >> with ecological sources of energy.
> >
> > There is nothing wrong with using whatever data points you have
> available.
> > That doesn't necessarily mean that such evaluations and choices are
> DMARC.
>
>
> If ARC were a separate thing, it'd make no sense to include its data in
> DMARC
> aggregate reports.
>
>
>
> As I wrote above, it is more a matter of convenience than anything else.
> Generating separate ARC reports is duplicative effort from both a report
> generating perspective as well as consumption of those reports.
>
>
> I think what we could do is to identify some criteria that a report
> generator
> may follow, such as doing everything, reporting up to X signatures, or
> doing
> SPF only.  Such meta data could be useful to report consumers, along with
> the
> generator's software/version.
>
>
> Best
> Ale
> --
>
>
>
> Michael Hammer
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email