Re: [dmarc-ietf] DMARC forensic reports (ruf=) and privacy
Scott Kitterman <sklist@kitterman.com> Wed, 06 February 2019 22:28 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2259130EEC for <dmarc@ietfa.amsl.com>; Wed, 6 Feb 2019 14:28:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=ROFi3ufN; dkim=pass (2048-bit key) header.d=kitterman.com header.b=w7bp24OE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fw6FLgfKSpNg for <dmarc@ietfa.amsl.com>; Wed, 6 Feb 2019 14:28:06 -0800 (PST)
Received: from softlayer.kitterman.com (softlayer.kitterman.com [IPv6:2607:f0d0:3a01:a3::9]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3AA2130E25 for <dmarc@ietf.org>; Wed, 6 Feb 2019 14:28:06 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201812e; t=1549492083; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : date : subject : from; bh=wgpXu5iWOynAbiq2u+E74BYbb84yTBDUr0Vyf+tnfk8=; b=ROFi3ufNfuutlUWQK9eoybpc2Qx2525xpo6mTG3K6KUI32qcvvl8GkDh +24jcetVqXTrm2yLrgpWsPG3wKlhAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201812r; t=1549492083; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : date : subject : from; bh=wgpXu5iWOynAbiq2u+E74BYbb84yTBDUr0Vyf+tnfk8=; b=w7bp24OEVsQLTpZihkTNJNAkF3lMODrzcrpac25v5CyC9+GqKgEBXdDt sbYntZeNaFu8u9sSzZs/n0ttLdUiAGW1WVdk4IGYpDiJ9aJWLpB4iiwwbg QF4/azC99/IaQu0HQZhnTB/a+Ac9H5qdGOtzvP2o+2DwuJJldGtBWh75+4 dc4zQDbFBTHFTbeC3Yfw+ufKVgYQWdt7eZy09SnlJPRx6iXhIx0BQ6vVJ8 n+DSAOgtep4Rcr3k09fkim0vG6LGF8/KCOJV6LnqHW9mRROjN0X+eRLhI7 hdI762Ocft+rhCYIhYw706XmqU7R1ijU1gQuzQ0wfvD5j9ODWKXO0g==
Received: from [10.151.116.119] (mobile-166-170-33-41.mycingular.net [166.170.33.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by softlayer.kitterman.com (Postfix) with ESMTPSA id 368AF2D4001E; Wed, 6 Feb 2019 16:28:02 -0600 (CST)
Date: Wed, 06 Feb 2019 22:28:00 +0000
In-Reply-To: <e5763e2e64cae01a7b53f94e521b9f2d103f6708.camel@aegee.org>
References: <20190206010110.ED53C200DD2BA4@ary.qy> <e5763e2e64cae01a7b53f94e521b9f2d103f6708.camel@aegee.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To: dmarc@ietf.org
From: Scott Kitterman <sklist@kitterman.com>
Message-ID: <8C673EB6-5DEA-458D-BE81-64ECA6BE6DBA@kitterman.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/LsmYRfZhUFoebek3lf2oa9v7JAc>
Subject: Re: [dmarc-ietf] DMARC forensic reports (ruf=) and privacy
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2019 22:28:09 -0000
I completely disagree. I have p=none and I find the reports very useful. The policy is about action taken, not DMARC results, which is what feedback is about. Scott K On February 6, 2019 10:11:55 PM UTC, "Дилян Палаузов" <dilyan.palauzov@aegee.org> wrote: >Hello John, > >DMARC reports for p=none are not supposed to be useful, as they do not >depend on the policy. > >If the question is about how to get reports on failing DKIM validation >only on unexpectedly smashed messages, then I >recall the last discussion on Ietf-dkim@ietf.org: > >- this is not DMARC, but DKIM domain >- when the DKIM-Signature does not validate, contains r=y and the >remainign provisions from RFC6651 do apply, a >(usefull) report shall be sent >- when a message is intentionally modified, in way that the >DKIM-Signature gets invalidated, the modified message shall >adapt somehow the fact that it was intentionally modified for >particular DKIM-Signatures, so that no useless report is >sent >- Nobody wants to modify DKIM-Signature, so it is unclear where to add >the information that the message was >intentionally smashed in regards the first and second DKIM-Signature, >but not for the third one. > >I proposed at the time to add a r=a tag, sending only report, when DKIM >aligns to From:, so that after passing a MLM >rewriting From: no reports shall be sent (contrary to r=y). Now I >realize, that for p=none there is no added >usefulness, since >- DKIM-Signature gets usually intentionally broken, while passing over >the MLM, and >- From: is not rewritten, therefore From: alignes to the signature, > >so a useless report will be sent for the message. > >Regards > Дилян > > >On Tue, 2019-02-05 at 20:01 -0500, John Levine wrote: >> In article <974c2d00017358cdf3b78037e4276234db2cfdee.camel@aegee.org> >you write: >> > Hello John, >> > >> > On Sat, 2019-01-26 at 11:31 -0500, John Levine wrote: >> > > … The failure reports are almost >> > > entirely useless. Of the ones I get, the majority are random >Chinese >> > > spam that happened to forge one of my domains on the From line, >the >> > > rest are from mailing lists where I wouldn't expect DMARC to >pass. >> > How do you define a useful report and for which purpose do you want >to receive reports? >> >> A useful report would be one that was a message that one of my users >> had actually sent and was smashed in a way I didn't expect. >> >> > I mean, when does sending reports to p=none make sense. >> >> The feedback reporting doesn't depend on the policy. Please review >> section 7 of RFC 7489. >> >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc > >_______________________________________________ >dmarc mailing list >dmarc@ietf.org >https://www.ietf.org/mailman/listinfo/dmarc
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… Дилян Палаузов
- [dmarc-ietf] DMARC forensic reports (ruf=) and pr… Дилян Палаузов
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… Vladimir Dubrovin
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… Дилян Палаузов
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… John Levine
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… John Levine
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… Дилян Палаузов
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… Dotzero
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… Дилян Палаузов
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… John Levine
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… Kurt Andersen (b)
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… Vladimir Dubrovin
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… Alessandro Vesely
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… Дилян Палаузов
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… John Levine
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… Дилян Палаузов
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… John Levine
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… Дилян Палаузов
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… Scott Kitterman
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… John Levine
- Re: [dmarc-ietf] DMARC forensic reports (ruf=) an… Brandon Long