IETF Logo Mail Archive

Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result

Douglas Foster <dougfoster.emailstandards@gmail.com> Thu, 20 October 2022 11:04 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B49AC152597 for <dmarc@ietfa.amsl.com>; Thu, 20 Oct 2022 04:04:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0q3mc0H1tfC7 for <dmarc@ietfa.amsl.com>; Thu, 20 Oct 2022 04:04:51 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58ECEC1526EC for <dmarc@ietf.org>; Thu, 20 Oct 2022 04:03:56 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id b18so25811979ljr.13 for <dmarc@ietf.org>; Thu, 20 Oct 2022 04:03:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=aFj7Jf/5ytClFcv2Pym5QyFyxT4Bt49tBXvAgVYK9/c=; b=jGCPd7/XI+ZFaftUuvu4DaaXBmdLdbWOJQWrbmD87AOE3KhqmImkDJ/0RLk66vCsYn N9BdTV39yhASmiMzTmqJU4R227KgJVSdq6ugsuWT60THujp8+bsgaLriv+2VzgpaQeD6 OYVvWrayyWLvo1Tgb1oV3m3H/HLOVBCEblpn1sHcnzElHyFnkIs1IX0FWBQ6Nw3zOj6T YpOhkLH5LdkNT68fyOG6hvpBWXdgulRdz/iGj63Dtd54HIi6lS7Kt0mgJsWhbrXRzkOQ Nh+34FvoEEYCabzn3H2E1oH1XFJRwQFCPhMy2ytZA8m89exjKS4qaVcfEjc7QDd8PWO5 lggw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=aFj7Jf/5ytClFcv2Pym5QyFyxT4Bt49tBXvAgVYK9/c=; b=X13daiEnzvmxUGad+pQLIH8K6G17ElaXm+avR2GgvV/Mdha+S+HepMMu+bVbg5bL2R zbraNegErl0zHaS5plcOhoQ5b3GnnZ92aLBOtGfDBBAJQ38cZWwhIdvhxS4KnzvqxbG8 +hxYq9+TOvbrqE3hO8fUYMyTRXQRmFCAXSzduPcbPKfxH8xrnUlUlnIIiPnooMpXQ8jV v+ePRneyy7c6QlhhRuFJLc74ZALzr/QDTg9lPAN26WVWZnUz+92SECtyBs+apKU4tjqb flArHMO8wfVewVhLHJkDwsa+maw3B+ECJSkzk2qEgHEi5jvBQc8VNzoHB5EwumtDs+0n fupg==
X-Gm-Message-State: ACrzQf1PTNtSdU5A7fclQpZOohsVgjcour0njUKYBcWpPOORggZL61Y3 d6yNcNcZNaxmUoEvrE/I5pRy79NOpquuCxgyhg41GT2f
X-Google-Smtp-Source: AMsMyM757tjKbYFSePYHEtrr3ohtLshC+VszBLN7/oAz9fUDPJW9T0CxmUNnmL753EAE/DECYMvBDPXtgkB6G30BOu8=
X-Received: by 2002:a05:651c:1954:b0:26f:e9d7:1650 with SMTP id bs20-20020a05651c195400b0026fe9d71650mr4352985ljb.140.1666263833563; Thu, 20 Oct 2022 04:03:53 -0700 (PDT)
MIME-Version: 1.0
References: <9D6D6E80-B0B0-4CAD-B301-B0A17F9C6663@marmot-tech.com> <04FF4BB2-F8F3-4610-B33E-D4004C757E3B@marmot-tech.com>
In-Reply-To: <04FF4BB2-F8F3-4610-B33E-D4004C757E3B@marmot-tech.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Thu, 20 Oct 2022 07:03:41 -0400
Message-ID: <CAH48Zfx+JPeoaFA4Z2zw982-+BkJcReyjK07u8w69KMSWx8vYQ@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e6d5aa05eb7547e0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/LpurWavT-aHVvnEbrSZ-VEqkrig>
Subject: Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2022 11:04:52 -0000

My thinking has evolved during this discussion:

We should reject Incomplete Results
If an evaluator has decided to do incomplete evaluation, we have to
consider the possibility that he may or may not collect enough information
to enumerate what signatures were not evaluated.   So a signature result of
"not evaluated" does not solve the whole problem, but does cause
disaggregation.    A bit field indicating "incomplete results" could cover
all types of incompleteness, and report recipients could decide whether to
use the data or not.   But since we have aversion to incomplete results,
the "must not report" approach both encourages complete results and
provides upward compatibility for report receivers.

Scope
I am skeptical that our request for data about non-aligned signatures can
justify the cost.   I have seen no defined strategy for integrating
non-aligned signatures into the message evaluation process, so computing
those results are pure waste to the evaluator.   Waste has real money costs
and real opportunity costs.    Given that billions or trillions of messages
are transmitted every day, the global cost of extra signature evaluations
is really quite significant.    I am not freaking out about global warming,
but it is on my radar.  The environmental impact of our decisions, when
played out to Internet scale, are not trivial.   I would like some
convincing that knowledge about non-aligned signatures is worth the
non-trivial cost that we are asking evaluators, and the planet, to absorb.

Doug Foster

On Wed, Oct 19, 2022 at 8:48 PM Neil Anuskiewicz <neil@marmot-tech.com>
wrote:

>
>
> > On Oct 19, 2022, at 5:42 PM, Neil Anuskiewicz <neil@marmot-tech.com>
> wrote:
> >
> > 
> >
> >> On Oct 19, 2022, at 6:59 AM, Scott Kitterman <sklist@kitterman.com>
> wrote:
> >>
> >> 
> >>
> >>>> On October 19, 2022 12:44:16 PM UTC, Dotzero <dotzero@gmail.com>
> wrote:
> >>> On Tue, Oct 18, 2022 at 11:18 PM Scott Kitterman <sklist@kitterman.com
> >
> >>> wrote:
> >>>
> >>>>
> >>>>
> >>>> On October 18, 2022 10:16:44 PM UTC, Neil Anuskiewicz <
> >>>> neil@marmot-tech.com> wrote:
> >>>>>
> >>>>>
> >>>>>> On Oct 2, 2022, at 11:01 AM, Douglas Foster <
> >>>> dougfoster.emailstandards@gmail.com> wrote:
> >>>>>>
> >>>>>> 
> >>>>>> In many cases, an evaluator can determine a DMARC PASS result
> without
> >>>> evaluating every available identifier.
> >>>>>> If a message has SPF PASS with acceptable alignment, the evaluator
> has
> >>>> no need to evaluate any DKIM signatures to know that the message
> produces
> >>>> DMARC PASS.
> >>>>> I think it’s critical to DMARC that receivers do things like
> evaluate and
> >>>> report on DKIM whether or not SPF passes and is alignment. Without
> this, it
> >>>> would make it harder for senders to notice and remediate gaps in their
> >>>> authentication. Since there’s not a downside (that I know of), I’d
> say this
> >>>> should be a MUST if at all possible.
> >>>>
> >>>>
> >>>> What is the interoperability problem that happens if evaluators don't
> do
> >>>> that?
> >>>>
> >>>> Scott K
> >>>>
> >>>
> >>> Scott, What is the interoperability problem is evaluators didn't
> provide
> >>> reports at all? Reporting isn't a "must" for interoperability but it
> >>> certainly helps improve outcomes instead of senders flying blind.
> >>
> >> I read the email as suggesting a MUST for reporting both SPF and DKIM
> results if you report results at all, which would, I think lead to exactly
> the situation you're concerned about.  I'm skeptical of any kind of MUST
> around reporting since that's generally reserved for things that impact
> interoperability.  I do agree it should be encouraged.
> >>
> >> Mostly, at the moment, I'm trying to understand the proposed change and
> the rationale.
> >
> > I think the reactions were to the tone that that seemed to suggest that
> the importance of reporting was being downplayed. MUST is too strong and
> strongly encouraged is sufficient. The standards system relies on people
> making a good faith effort. To me, Doug’s comments came off as wanting to
> weaken the language which concerned me.
> >
> > Reporting is key for DMARC to work as a system so any hint of weakening
> that language or even could be interpreted as such caught my attention. I
> think Doug clarified his position as addressing specific cases not a
> weakening of the reporting language.
> >
> > DMARC is about the interests of the system but following the standard
> strengthens the system within which the sender or receiver operates. Even
> if one wasn’t interested in the health of system in and of itself,
> reporting benefits the admin as it increases security and reduces broken
> authentication. A *LOT* of Senders use reporting data as part of the
> process of fixing their own and third party senders they wish to allow or
> spoof, discovering errant shadow IT, etc.
> >
> > Reporting is or core importance for everyone if for no other reason than
> to avoid headaches. Thanks.
>
> s/allow or spoof/allow to spoof/
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email