Re: [dmarc-ietf] Reports helping spammers? (#81)

Seth Blank <> Thu, 21 January 2021 21:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C07A23A0CD6 for <>; Thu, 21 Jan 2021 13:42:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3deQ7yLfNBVn for <>; Thu, 21 Jan 2021 13:42:37 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::a2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B29E23A0CFC for <>; Thu, 21 Jan 2021 13:42:37 -0800 (PST)
Received: by with SMTP id d6so874105vkb.13 for <>; Thu, 21 Jan 2021 13:42:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=CY1G39QbzMJWYjU4mHpTWyt1r5XeiwvPkqsdghVqdlw=; b=NQTnuEIv74/vJ9pnVSXpb6cIwQ2esVYKrHLWRl/Pku+sIRY5P1ivJ1THq64QdcbTiU u/Ht3+kUKh1q9c0CDbndkmyjpBVmacuYYDzL/EpY9X9l5HrMXoNcnR/ahgzgUIooKPz/ MZ3Kd2l2KK5je2SnnhaMlI5X0/lCzgSiyWCWBF/rNK1z+d4+x22VYsy2Tr2CsELp9Fd1 laUs9dtg+EV9K8QJVX92JcK+aL96Jr7kXvJbuViEh5T+0KlCFViI4eaE3M4FY87ZI682 bhtGQs2GQvI1lTqAOJHL7xfhoNcIg5jtZEG3pJagDNt3dFHsnPiIBCvIN1SMFBXnLzXy 7L+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=CY1G39QbzMJWYjU4mHpTWyt1r5XeiwvPkqsdghVqdlw=; b=Q2n30Xd7i1XVDTunjLv8L3QtoU3oLiRJQ7Su4z1M5obwUyOZOoir/zh7T+TkTxJR15 MFaWtaLj+SvRPUktmBPEtbxoo5UHiaOr0o5q8NEu4D9vZ2Us/kpbFQ+hw1jPjF4hZ1U/ ZAr9z36Ig5BX7vPJr7okcsawQ/o2zaq9o2+Qpbq/tO9SpTaizo/jy857T7xclhazMOcd T4gds120TKKHGSCYVO/K4taI7AxxMAGQkFaDlUUGcV+rSwuk0ypCg2SnDeqQFvxCSPVV VeEWchI58+i9bAcYzs7j0dH3J/G2o5QLlpDHDEDgeziv6C9lJPvYFgsIAo340PS39nZ+ Bs8A==
X-Gm-Message-State: AOAM530gz/RNiofARg6olQcj+4i9ymj2iuk9JPOujgOsITzUbldkg41J gu7Fzyiyo4SpMpGWpBSE+CPpurlYoRkoi8d4t1d3RoXvd10=
X-Google-Smtp-Source: ABdhPJw0ARB8k+DocN8xAnqw6aaXZTIs651SmrIBrVdD2unZ0OBuKd2NzS5pYBVk9m4+2ygceaQVIDtgVCW++G1oMFo=
X-Received: by 2002:a1f:198f:: with SMTP id 137mr1239167vkz.2.1611265356312; Thu, 21 Jan 2021 13:42:36 -0800 (PST)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Seth Blank <>
Date: Thu, 21 Jan 2021 13:42:25 -0800
Message-ID: <>
To: "" <>
Content-Type: multipart/alternative; boundary="00000000000033c64d05b96ff39d"
Archived-At: <>
Subject: Re: [dmarc-ietf] Reports helping spammers? (#81)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 21 Jan 2021 21:42:40 -0000

I don't understand this concern. The data in a DMARC report speaks to the
underlying authentication of a message on receipt, and nothing about the
"spaminess" or not of a message as it's processed.

On Thu, Jan 21, 2021 at 1:00 PM Brotman, Alex <Alex_Brotman=> wrote:

> Hello folks,
> Thought I'd see if we could come to a conclusion on this ticket.  The gist
> is that the reporter believes that (aggregate?) reports can help spammers
> to determine some effectiveness of their message attempts.
> Full Text:
> -------------
> Spammers could use DMARC reports to monitor the effectiveness of their
> campaigns, and we do not want to help them. Do existing implementations
> send reports to any domain that requests them, or only to those domains
> that are considered "acceptable"? If reports are only sent to acceptable
> domains, what sort of criteria have been useful?
> System administrators will appreciate such advice. Product developers will
> need guidance about the features they should provide so that a system
> administrator can control which domains do not receive reports.
> -------------
> >From an operator side, I don't agree with this assessment.  The reports
> do not show if/why a MBP may place a message in the Junk folder.  Could it
> be DMARC quarantine?  Sure.  It could also be any number of things from a
> large matrix of decisions, none of which are shown in a DMARC report.
> Also, the reports are typically sent once per day (seems like most ignore
> the 'ri'), quite likely some time after the end of the reporting period.
> Additionally, they probably have more efficient/immediate methods of
> evaluating their success rate.
> If you believe something has been overlooked, please feel free to share.
> --
> Alex Brotman
> Sr. Engineer, Anti-Abuse & Messaging Policy
> Comcast
> _______________________________________________
> dmarc mailing list


*Seth Blank* | VP, Standards and New Technologies
*p:* 415.273.8818

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.