IETF Logo Mail Archive

Re: [dmarc-ietf] updating draft-akagiri-dmarc-virtual-verification

Scott Kitterman <sklist@kitterman.com> Sat, 25 March 2017 04:46 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAA3812940D for <dmarc@ietfa.amsl.com>; Fri, 24 Mar 2017 21:46:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vfbYWtGYZscJ for <dmarc@ietfa.amsl.com>; Fri, 24 Mar 2017 21:45:58 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1430C126BF7 for <dmarc@ietf.org>; Fri, 24 Mar 2017 21:45:57 -0700 (PDT)
Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 44172C401A8 for <dmarc@ietf.org>; Fri, 24 Mar 2017 23:45:55 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1490417155; bh=Bs0YfVARW9ZUilYQ9EiXh2MkObFE1qpGNf1lmXGN4bg=; h=From:To:Subject:Date:In-Reply-To:References:From; b=RudR2bRDeAVZoZKQg2LqCze9/MtrfdyRZiW4wWwjFMe1tSWl6Nxc6f+hzsgAkXJLC YxE3wLieSgFPYzO8iflRaXEZXO7bBwA4ex9V6C8Sce58+rJ+aFYtQ8WaaX7UIQQRxc c5xLQe5uS7JsMV5QqYuECC2zRYaOzCtWF9lno00A=
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Sat, 25 Mar 2017 00:45:54 -0400
Message-ID: <2153663.3j7HfnN8Lr@kitterma-e6430>
User-Agent: KMail/4.13.3 (Linux/3.13.0-112-generic; KDE/4.13.3; x86_64; ; )
In-Reply-To: <CO2PR00MB01206EA6B576E15692D4A697A33E0@CO2PR00MB0120.namprd00.prod.outlook.com>
References: <8559BB82-3951-4B14-A3D9-011936AEAD9E@lepidum.co.jp> <CO2PR00MB01206EA6B576E15692D4A697A33E0@CO2PR00MB0120.namprd00.prod.outlook.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/MIRpHqlemCDbMhUtt3kn0Tr1LAI>
Subject: Re: [dmarc-ietf] updating draft-akagiri-dmarc-virtual-verification
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Mar 2017 04:46:01 -0000

For SPF, we had "best guess" [1], which we chose not to standardize at all 
because we didn't think it appropriate to break the opt-in nature of SPF.  
This concerns me a bit here, but I'm mostly writing to support the idea of 
distinguishing between some kind of guess and an actual DMARC result.

I think "dmarc=bestguesspass" is far superior to "dmarc=pass", since this is 
not a DMARC pass.  I think "dmarcguess=pass" would be better since this isn't 
properly a DMARC check at all.

Scott k


[1] http://www.openspf.org/FAQ/Best_guess_record


On Friday, March 24, 2017 04:55:42 PM Terry Zink wrote:
> Microsoft already does what is in the spec in Office 365 (which they
> specifically call out in the draft), so eventually Hotmail/Outlook.com will
> inherit it. But there are two differences:
 
> 1. Office 365 stamps "dmarc=bestguesspass", not "dmarc=pass". That makes it
> easier to distinguish in the logs
 2. We do relaxed alignment, not strict
> alignment like it says in the spec 
> Seems to work just fine.
> 
> Also, not sure why there would be a discussion of rua and ruf. It's
> straightforward to interpolate the virtual DMARC record but how can you
> interpolate where to send a failure report?
 
> --Terry
> 
> -----Original Message-----
> From: dmarc [mailto:dmarc-bounces@ietf.org] On Behalf Of Kouji Okada
> Sent: Friday, March 24, 2017 2:19 AM
> To: dmarc <dmarc@ietf.org>
> Cc: Kouji Okada <okd@lepidum.co.jp>
> Subject: [dmarc-ietf] updating draft-akagiri-dmarc-virtual-verification
> 
> Folks
> 
> We are now working on revising draft-akagiri-dmarc-virtual-verification.
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker
> .ietf.org%2Fdoc%2Fhtml%2Fdraft-akagiri-dmarc-virtual-verification&data=02%7C
> 01%7Ctzink%40microsoft.com%7C75cd5739368a40ce682208d47296da95%7C72f988bf86f1
> 41af91ab2d7cd011db47%7C1%7C0%7C636259439620932357&sdata=lDAi6TjldCXogGZlQI1V
> pLfYOya3fjaJPRn8mtBgo1U%3D&reserved=0
 
> We are going to submit new version in early April.
> Authors are recognizing there are some open issues for the draft.
> 
> 1. The authentication code.
> 
> In the draft, we suggest to mark “dmarc=pass” in the authentication result
> when the virtual dmarc verifications have passed.
 We are going to keep it
> as it is.
> 
> In 02, we are going to mention that e-mail operators can add comments to the
> authentication result field to indicate the “pass” is marked by the virtual
> verification.
 We are not going to define the format of the comments, but
> the example comment would be like below. 
> ex) dmarc=pass(vdmarc=true)
> 
> 2. vdmarc=fail problem
> 
> When submitting 00 version of the draft, some people gave us the comments
> that it is harmful to mark “dmarc=fail” without explicit declaration of
> policy records.
 Our intention is to utilize the authentication results of
> “dmarc=pass” for the e-mails potentially can be treated as so.
> 
> As Takehito posted to this ML,
> our evaluation on Japanese ISPs showed
> more than 20% of received email traffic can be treated as "dmarc=pass" with
> our verification.
 Thus our proposal helps to increase the number of
> legitimate e-mails on the receiver side. 
> “Statistics about effects of “Virtual DMARC””:
>  
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.vdmarc
> .dmarc.jp%2F%3Fp%3D122&data=02%7C01%7Ctzink%40microsoft.com%7C75cd5739368a40
> ce682208d47296da95%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636259439620
> 942364&sdata=mVyeZ5EMI6cj1pvUXVYinZZi64JLqjE9v90iCUwiJ4M%3D&reserved=0
 
> We are going to emphasize the point in 02.
> 
> 3. rua, ruf
> 
> We do not define any default report destinations for the virtual
> verification.
 
> 4. Draft tile
> 
> Currently our draft title is “DMARC verification without record
> definitions(dmarc-virtual-verification)”.
 Would you have any suggestions
> for the title?
> 
> 
> Any comments will be appreciated.
> 
> Thank you,
> Kouji Okada
> 
> 
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.or
> g%2Fmailman%2Flistinfo%2Fdmarc&data=02%7C01%7Ctzink%40microsoft.com%7C75cd57
> 39368a40ce682208d47296da95%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6362
> 59439620942364&sdata=AeIU1ls97f%2FktoX0ZuTufv1xDE0Q8%2FTAq%2BGpK8g9MvE%3D&re
> served=0
 _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email