IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC forensic reports (ruf=) and privacy

Scott Kitterman <sklist@kitterman.com> Wed, 06 February 2019 22:28 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2259130EEC for <dmarc@ietfa.amsl.com>; Wed, 6 Feb 2019 14:28:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=ROFi3ufN; dkim=pass (2048-bit key) header.d=kitterman.com header.b=w7bp24OE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fw6FLgfKSpNg for <dmarc@ietfa.amsl.com>; Wed, 6 Feb 2019 14:28:06 -0800 (PST)
Received: from softlayer.kitterman.com (softlayer.kitterman.com [IPv6:2607:f0d0:3a01:a3::9]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3AA2130E25 for <dmarc@ietf.org>; Wed, 6 Feb 2019 14:28:06 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201812e; t=1549492083; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : date : subject : from; bh=wgpXu5iWOynAbiq2u+E74BYbb84yTBDUr0Vyf+tnfk8=; b=ROFi3ufNfuutlUWQK9eoybpc2Qx2525xpo6mTG3K6KUI32qcvvl8GkDh +24jcetVqXTrm2yLrgpWsPG3wKlhAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201812r; t=1549492083; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : date : subject : from; bh=wgpXu5iWOynAbiq2u+E74BYbb84yTBDUr0Vyf+tnfk8=; b=w7bp24OEVsQLTpZihkTNJNAkF3lMODrzcrpac25v5CyC9+GqKgEBXdDt sbYntZeNaFu8u9sSzZs/n0ttLdUiAGW1WVdk4IGYpDiJ9aJWLpB4iiwwbg QF4/azC99/IaQu0HQZhnTB/a+Ac9H5qdGOtzvP2o+2DwuJJldGtBWh75+4 dc4zQDbFBTHFTbeC3Yfw+ufKVgYQWdt7eZy09SnlJPRx6iXhIx0BQ6vVJ8 n+DSAOgtep4Rcr3k09fkim0vG6LGF8/KCOJV6LnqHW9mRROjN0X+eRLhI7 hdI762Ocft+rhCYIhYw706XmqU7R1ijU1gQuzQ0wfvD5j9ODWKXO0g==
Received: from [10.151.116.119] (mobile-166-170-33-41.mycingular.net [166.170.33.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by softlayer.kitterman.com (Postfix) with ESMTPSA id 368AF2D4001E; Wed, 6 Feb 2019 16:28:02 -0600 (CST)
Date: Wed, 06 Feb 2019 22:28:00 +0000
In-Reply-To: <e5763e2e64cae01a7b53f94e521b9f2d103f6708.camel@aegee.org>
References: <20190206010110.ED53C200DD2BA4@ary.qy> <e5763e2e64cae01a7b53f94e521b9f2d103f6708.camel@aegee.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To: dmarc@ietf.org
From: Scott Kitterman <sklist@kitterman.com>
Message-ID: <8C673EB6-5DEA-458D-BE81-64ECA6BE6DBA@kitterman.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/LsmYRfZhUFoebek3lf2oa9v7JAc>
Subject: Re: [dmarc-ietf] DMARC forensic reports (ruf=) and privacy
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2019 22:28:09 -0000

I completely disagree.

I have p=none and I find the reports very useful.

The policy is about action taken, not DMARC results, which is what feedback is about.

Scott K

On February 6, 2019 10:11:55 PM UTC, "Дилян Палаузов" <dilyan.palauzov@aegee.org> wrote:
>Hello John,
>
>DMARC reports for p=none are not supposed to be useful, as they do not
>depend on the policy.
>
>If the question is about how to get reports on failing DKIM validation
>only on unexpectedly smashed messages, then I
>recall the last discussion on Ietf-dkim@ietf.org:
>
>- this is not DMARC, but DKIM domain
>- when the DKIM-Signature does not validate, contains r=y and the
>remainign provisions from RFC6651 do apply, a
>(usefull) report shall be sent
>- when a message is intentionally modified, in way that the
>DKIM-Signature gets invalidated, the modified message shall
>adapt somehow the fact that it was intentionally modified for
>particular DKIM-Signatures, so that no useless report is
>sent
>- Nobody wants to modify DKIM-Signature, so it is unclear where to add
>the information that the message was
>intentionally smashed in regards the first and second DKIM-Signature,
>but not for the third one.
>
>I proposed at the time to add a r=a tag, sending only report, when DKIM
>aligns to From:, so that after passing a MLM
>rewriting From: no reports shall be sent (contrary to r=y).  Now I
>realize, that for p=none there is no added
>usefulness, since
>- DKIM-Signature gets usually intentionally broken, while passing over
>the MLM, and
>- From: is not rewritten, therefore From: alignes to the signature,
>
>so a useless report will be sent for the message.
>
>Regards
>  Дилян
>
>
>On Tue, 2019-02-05 at 20:01 -0500, John Levine wrote:
>> In article <974c2d00017358cdf3b78037e4276234db2cfdee.camel@aegee.org>
>you write:
>> > Hello John,
>> > 
>> > On Sat, 2019-01-26 at 11:31 -0500, John Levine wrote:
>> > > …  The failure reports are almost
>> > > entirely useless.  Of the ones I get, the majority are random
>Chinese
>> > > spam that happened to forge one of my domains on the From line,
>the
>> > > rest are from mailing lists where I wouldn't expect DMARC to
>pass.
>> > How do you define a useful report and for which purpose do you want
>to receive reports? 
>> 
>> A useful report would be one that was a message that one of my users
>> had actually sent and was smashed in a way I didn't expect.
>> 
>> > I mean, when does sending reports to p=none make sense.
>> 
>> The feedback reporting doesn't depend on the policy.  Please review
>> section 7 of RFC 7489.
>> 
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>
>_______________________________________________
>dmarc mailing list
>dmarc@ietf.org
>https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email