IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC result for DKIM testing and policy

Scott Kitterman <sklist@kitterman.com> Fri, 22 March 2024 00:11 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35310C14F6A1 for <dmarc@ietfa.amsl.com>; Thu, 21 Mar 2024 17:11:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.407
X-Spam-Level:
X-Spam-Status: No, score=-4.407 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="f0jO8ufo"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="EIN5Lzgu"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fUKEf0MUgNE0 for <dmarc@ietfa.amsl.com>; Thu, 21 Mar 2024 17:11:01 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A3EFC14F691 for <dmarc@ietf.org>; Thu, 21 Mar 2024 17:11:01 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 79EAAF80255; Thu, 21 Mar 2024 20:10:45 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1711066232; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=5rFT7fx/MFLVPumT/fCrhRWvuj4dNka6jAWxrpdT54w=; b=f0jO8ufomRgZh4LGkG9JhGYC8sZtxcBsvEEpsH2EO3eGfxSYlMBMKsjsZb2pzxXZCbr9a hmbyS/C+YrvtixvAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1711066232; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=5rFT7fx/MFLVPumT/fCrhRWvuj4dNka6jAWxrpdT54w=; b=EIN5LzguN2A51oYe4d6Gde3qUAJ88xoZwvGeMG2ZXhmifdAxNEpFC809cloacBWaDC59U m88tHQ3gacCE/ZEKGSyxn6Zd5InxQ7gdKq9gjTS8iGj6MhmoYMVAkXflqnkn6meNHLLFh4h PvJ26DFh/wqKN5uHp/ICBZ7fDD29V4WM9R25uuVWQ3vt8orthEsMCezakpsTtyr6il6Mi3y kxi9TiOc1qmWV3QC64wAbSvbOqrk9+q4zVbA0bjm22FcGJX8vnRIUmL+MFYRs/PBOpAodEf 5fUBjqPTGEcS+h5L/SMCSejJqRzoDtdrk950pIGpd4RqpimEKtNPy24CMeiQ==
Received: from [127.0.0.1] (mobile-166-170-33-2.mycingular.net [166.170.33.2]) by interserver.kitterman.com (Postfix) with ESMTPSA id AB757F80081; Thu, 21 Mar 2024 20:10:31 -0400 (EDT)
Date: Fri, 22 Mar 2024 00:05:35 +0000
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
In-Reply-To: <CAL0qLwber-s8nNDEz_TAJijh0Py-ch9G4jb9gbguEQCc17xANA@mail.gmail.com>
References: <27cf610e-8666-410c-b015-6c33478af9b4@tana.it> <d959df28-efae-41df-a760-95adf48f5d91@wander.science> <8acac3b8-4529-4c21-b7a4-462564199db4@tana.it> <CAHej_8m6MFQ9m5U+=iHeL9MiXno3LF80=rsbKv0c99_24yo2Qw@mail.gmail.com> <8376D937-E7A9-4C0D-86F9-DB4FD2C117E6@kitterman.com> <CAL0qLwber-s8nNDEz_TAJijh0Py-ch9G4jb9gbguEQCc17xANA@mail.gmail.com>
Message-ID: <497E0C77-354E-445A-9758-F6BC6058B980@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/MF0bvkyl8GPWZg5NcCVA97r33R8>
Subject: Re: [dmarc-ietf] DMARC result for DKIM testing and policy
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2024 00:11:06 -0000


On March 21, 2024 11:39:35 PM UTC, "Murray S. Kucherawy" <superuser@gmail.com> wrote:
>On Fri, Mar 22, 2024 at 12:59 AM Scott Kitterman <sklist@kitterman.com>
>wrote:
>
>> >> For t=y, DKIM says:
>> >>
>> >>        y  This domain is testing DKIM.  Verifiers MUST NOT treat
>> messages
>> >>           from Signers in testing mode differently from unsigned email,
>> >>           even should the signature fail to verify.  Verifiers MAY wish
>> >>           to track testing mode results to assist the Signer.
>> >>
>> >> So reporting dkim=pass for testing keys seems to be a violation.
>>
>
>DMARC being told "pass" by a DKIM engine for a testing key is a problem in
>the DKIM engine.
>
I agree.

I don't feel particularly strongly about this, but I can see people thinking there's some correlation between DKIM testing and DMARC testing.  It's not completely illogical, so it might be better to be explicit.

Scott K

v2.23.0 | Report a Bug | By Email