IETF Logo Mail Archive

Re: [dmarc-ietf] Reporting DMARC policy in A-R header fields

"Stan Kalisch" <stan@glyphein.mailforce.net> Wed, 31 July 2019 12:30 UTC

Return-Path: <stan@glyphein.mailforce.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B16A120275 for <dmarc@ietfa.amsl.com>; Wed, 31 Jul 2019 05:30:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=xQShdXpi; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=ARmON5B1
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k1n9hQsfktms for <dmarc@ietfa.amsl.com>; Wed, 31 Jul 2019 05:30:52 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F54A120247 for <dmarc@ietf.org>; Wed, 31 Jul 2019 05:30:52 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id EFB002240F for <dmarc@ietf.org>; Wed, 31 Jul 2019 08:30:50 -0400 (EDT)
Received: from imap6 ([10.202.2.56]) by compute7.internal (MEProxy); Wed, 31 Jul 2019 08:30:50 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=N+mucvINx96kdFHiXH+cs7ro5uqm0kv nLmZjZTcQHdE=; b=xQShdXpiBSYHR7psm5fWyVt59jKqfJShpR1IJ9Llvad2wJx vNwj5aRS7Aw1105/pIoOKey/sqqJ9qjaQUJbpWiFHZ30XZJXHcPx8PAths0hUt1I pwom2yCN/8h3T+SKT6Tk0zcPeFQE45GyqbelKKclTdRhKJlWGEt6UWInBUFkgYaF 2X9Vr7LPNk1rpSy2/jH5jikh+s2lBD4lKV9JQXyVwOfFV4Y1RvBR1doXwitRnI3Z JtxiiVExTv9EOnbTHEGQYwhX/lu81XvBoYTdSkuYeDjOGx9s706WAdVFWoSQSrgg Kd4VJlht2Zs/GW/lVw4n2XQVGb4YWw/gJAowJ5w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=N+mucv INx96kdFHiXH+cs7ro5uqm0kvnLmZjZTcQHdE=; b=ARmON5B1XQUTafIdZOenmU 1E/gUBEgsQcDEh2Ys4daTVqs0/tkzv4Y+qCz0aj3mGzEXeKYOY8kxlVjOU8VY2iX 3E0QkOXt6tJzIG18KxfXgik8nTPk+ZONIH/g5NvaN1QB1lbu2UBpzcXS8yYNQ178 1Oi4oOH9dier2E5dTQ5jjFZYfcl6WqbatYJ1lbsjKfoCTTLgDzr2KGNxr85Dfm2z q1PS//5g6rvEMs1Likz/9AQ6oTcMDBwSu9MlfF2WhQO3NBpH9ioRpnLbgw/FwSDC GmuAVqW5oe1rmi/t1BsRIvK4ANcocvVb8B9BK6RX8A+dV5rXkoSmJXFor9L7sDsg ==
X-ME-Sender: <xms:-olBXf3XzwIYom-tKvXCAOOVGY-RTDyBvnMxxRXDPxj1-j_zQXOAeQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrleehgdehvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesrgdtre erreerjeenucfhrhhomhepfdfuthgrnhcumfgrlhhishgthhdfuceoshhtrghnsehglhih phhhvghinhdrmhgrihhlfhhorhgtvgdrnhgvtheqnecuffhomhgrihhnpehivghtfhdroh hrghenucfrrghrrghmpehmrghilhhfrhhomhepshhtrghnsehglhihphhhvghinhdrmhgr ihhlfhhorhgtvgdrnhgvthenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:-olBXSU67RJElMyLdDOTtiMGygQrlwhBwCh-9lFfHUXpq6JqnMts9Q> <xmx:-olBXa7sBaNY0MS03uJzG6WN9VE3StMzQgfeeuwvpccW867E6TOsfQ> <xmx:-olBXZIjkd-xv7fWtN78Sk4YvNf_pQ58YsATIYCqeUAbC6atMad0IA> <xmx:-olBXS_7NLVJisNsBRkUXxzE23q828CSVmW01Kb7IdUMlhOub6QNog>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 601F41400EE; Wed, 31 Jul 2019 08:30:50 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-799-g925e343-fmstable-20190729v1
Mime-Version: 1.0
Message-Id: <bb637435-cdcc-4f43-a5ae-8d7df993766a@www.fastmail.com>
In-Reply-To: <DC53F22F-A005-4CFB-B6CA-06E76AF02ACE@kitterman.com>
References: <2577720.3ZthdXZjm2@l5580> <4600949.rz9u5RyGOV@l5580> <ad404895f272ede4a9d0fb7cfb142a65414318d3.camel@aegee.org> <60001A26-503E-4DB0-B164-2AADD47CFE06@kitterman.com> <a94b0dda-11ea-7342-d835-fb2cbe82d507@tana.it> <DC53F22F-A005-4CFB-B6CA-06E76AF02ACE@kitterman.com>
Date: Wed, 31 Jul 2019 08:30:25 -0400
From: Stan Kalisch <stan@glyphein.mailforce.net>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="a03e49a802fd4f0a859487b1bbba4cfe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/KCW5aLWy7TZfLZ--HQw9bY9qD2E>
Subject: Re: [dmarc-ietf] Reporting DMARC policy in A-R header fields
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2019 12:31:06 -0000

On Wed, Jul 31, 2019, at 6:46 AM, Scott Kitterman wrote:
> On July 31, 2019 7:11:49 AM UTC, Alessandro Vesely <vesely@tana.it> wrote:
> >On Tue 30/Jul/2019 15:56:16 +0200 Scott Kitterman wrote:
> >
> >> The published policy (that's why I suggest dmarc.policy).
> >
> >
> >Published policy can be ambiguous. Say you have p=quarantine; sp=none.
> > The
> >MTA chooses which to apply based on the domains (publishing and From:).
> > So it
> >makes sense to write the /applied/ published policy.
> >
> >I'm not good at designing A-R stanzas, as you know. However, since
> >dmarc is
> >already the policy method, why not write dns.policy, since that is
> >where it
> >comes from?
> 
> The problem with dns as a ptype is that virtually all this is from DNS. I haven't had a chance to study your proposal in detail or coordinate with the other designated experts, but speaking for myself my initial thought is that dns is not a good ptype name.

Moreover, given the D in DMARC literally means "Domain-Based", I think this nomenclature would be potentially confusing and unfortunate.

> This is specific to DMARC, so I think it's appropriate to say so.

There is that too.


Stan

> >> I'm not sure if disposition belongs in A-R. If it does, it'd be a
> >local
> >> policy override, probably policy.dmarc as described now in RFC 8616.
> >
> >You mean RFC 7489, don't you? I see nothing about A-R in RFC 8616.
> 
> Sorry. I meant RFC 8601.
> 
> >Would it be possible to add a result of "quarantine"? Having
> >dmarc=fail and
> >dns.policy=quarantine leaves a good deal of interpretation to the MDA. 
> >If one
> >could write dmarc=quarantine, a simple string search or regular
> >expression
> >would do.
> 
> That's a great example of why dns.policy= isn't the way to go. It's too generic. If it's dmarc.policy=quarantine, there's no ambiguity. You can't put quarantine as the DMARC result, because that's not what it is. The DMARC result is pass/fail/none.
> 
> >Currently, I use a comment too.
> >
> >Since we're at it, besides the spam folder, is it fine if the MDA sets
> >IMAP
> >keyword $Junk[*] or $Phishing[†] or would we dare registering a new
> >one?
> 
> It's outside my area of expertise, so I don't have a strong opinion, but I'd be inclined not to register a new one. I think the average user can be confused by too many terms for things that to them are the same.
> 
> Scott K
> 
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email