Re: [dmarc-ietf] updating draft-akagiri-dmarc-virtual-verification
Scott Kitterman <sklist@kitterman.com> Sat, 25 March 2017 04:46 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAA3812940D for <dmarc@ietfa.amsl.com>; Fri, 24 Mar 2017 21:46:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vfbYWtGYZscJ for <dmarc@ietfa.amsl.com>; Fri, 24 Mar 2017 21:45:58 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1430C126BF7 for <dmarc@ietf.org>; Fri, 24 Mar 2017 21:45:57 -0700 (PDT)
Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 44172C401A8 for <dmarc@ietf.org>; Fri, 24 Mar 2017 23:45:55 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1490417155; bh=Bs0YfVARW9ZUilYQ9EiXh2MkObFE1qpGNf1lmXGN4bg=; h=From:To:Subject:Date:In-Reply-To:References:From; b=RudR2bRDeAVZoZKQg2LqCze9/MtrfdyRZiW4wWwjFMe1tSWl6Nxc6f+hzsgAkXJLC YxE3wLieSgFPYzO8iflRaXEZXO7bBwA4ex9V6C8Sce58+rJ+aFYtQ8WaaX7UIQQRxc c5xLQe5uS7JsMV5QqYuECC2zRYaOzCtWF9lno00A=
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Sat, 25 Mar 2017 00:45:54 -0400
Message-ID: <2153663.3j7HfnN8Lr@kitterma-e6430>
User-Agent: KMail/4.13.3 (Linux/3.13.0-112-generic; KDE/4.13.3; x86_64; ; )
In-Reply-To: <CO2PR00MB01206EA6B576E15692D4A697A33E0@CO2PR00MB0120.namprd00.prod.outlook.com>
References: <8559BB82-3951-4B14-A3D9-011936AEAD9E@lepidum.co.jp> <CO2PR00MB01206EA6B576E15692D4A697A33E0@CO2PR00MB0120.namprd00.prod.outlook.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/MIRpHqlemCDbMhUtt3kn0Tr1LAI>
Subject: Re: [dmarc-ietf] updating draft-akagiri-dmarc-virtual-verification
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Mar 2017 04:46:01 -0000
For SPF, we had "best guess" [1], which we chose not to standardize at all because we didn't think it appropriate to break the opt-in nature of SPF. This concerns me a bit here, but I'm mostly writing to support the idea of distinguishing between some kind of guess and an actual DMARC result. I think "dmarc=bestguesspass" is far superior to "dmarc=pass", since this is not a DMARC pass. I think "dmarcguess=pass" would be better since this isn't properly a DMARC check at all. Scott k [1] http://www.openspf.org/FAQ/Best_guess_record On Friday, March 24, 2017 04:55:42 PM Terry Zink wrote: > Microsoft already does what is in the spec in Office 365 (which they > specifically call out in the draft), so eventually Hotmail/Outlook.com will > inherit it. But there are two differences: > 1. Office 365 stamps "dmarc=bestguesspass", not "dmarc=pass". That makes it > easier to distinguish in the logs 2. We do relaxed alignment, not strict > alignment like it says in the spec > Seems to work just fine. > > Also, not sure why there would be a discussion of rua and ruf. It's > straightforward to interpolate the virtual DMARC record but how can you > interpolate where to send a failure report? > --Terry > > -----Original Message----- > From: dmarc [mailto:dmarc-bounces@ietf.org] On Behalf Of Kouji Okada > Sent: Friday, March 24, 2017 2:19 AM > To: dmarc <dmarc@ietf.org> > Cc: Kouji Okada <okd@lepidum.co.jp> > Subject: [dmarc-ietf] updating draft-akagiri-dmarc-virtual-verification > > Folks > > We are now working on revising draft-akagiri-dmarc-virtual-verification. > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker > .ietf.org%2Fdoc%2Fhtml%2Fdraft-akagiri-dmarc-virtual-verification&data=02%7C > 01%7Ctzink%40microsoft.com%7C75cd5739368a40ce682208d47296da95%7C72f988bf86f1 > 41af91ab2d7cd011db47%7C1%7C0%7C636259439620932357&sdata=lDAi6TjldCXogGZlQI1V > pLfYOya3fjaJPRn8mtBgo1U%3D&reserved=0 > We are going to submit new version in early April. > Authors are recognizing there are some open issues for the draft. > > 1. The authentication code. > > In the draft, we suggest to mark “dmarc=pass” in the authentication result > when the virtual dmarc verifications have passed. We are going to keep it > as it is. > > In 02, we are going to mention that e-mail operators can add comments to the > authentication result field to indicate the “pass” is marked by the virtual > verification. We are not going to define the format of the comments, but > the example comment would be like below. > ex) dmarc=pass(vdmarc=true) > > 2. vdmarc=fail problem > > When submitting 00 version of the draft, some people gave us the comments > that it is harmful to mark “dmarc=fail” without explicit declaration of > policy records. Our intention is to utilize the authentication results of > “dmarc=pass” for the e-mails potentially can be treated as so. > > As Takehito posted to this ML, > our evaluation on Japanese ISPs showed > more than 20% of received email traffic can be treated as "dmarc=pass" with > our verification. Thus our proposal helps to increase the number of > legitimate e-mails on the receiver side. > “Statistics about effects of “Virtual DMARC””: > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.vdmarc > .dmarc.jp%2F%3Fp%3D122&data=02%7C01%7Ctzink%40microsoft.com%7C75cd5739368a40 > ce682208d47296da95%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636259439620 > 942364&sdata=mVyeZ5EMI6cj1pvUXVYinZZi64JLqjE9v90iCUwiJ4M%3D&reserved=0 > We are going to emphasize the point in 02. > > 3. rua, ruf > > We do not define any default report destinations for the virtual > verification. > 4. Draft tile > > Currently our draft title is “DMARC verification without record > definitions(dmarc-virtual-verification)”. Would you have any suggestions > for the title? > > > Any comments will be appreciated. > > Thank you, > Kouji Okada > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.or > g%2Fmailman%2Flistinfo%2Fdmarc&data=02%7C01%7Ctzink%40microsoft.com%7C75cd57 > 39368a40ce682208d47296da95%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6362 > 59439620942364&sdata=AeIU1ls97f%2FktoX0ZuTufv1xDE0Q8%2FTAq%2BGpK8g9MvE%3D&re > served=0 _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc
- [dmarc-ietf] updating draft-akagiri-dmarc-virtual… Kouji Okada
- Re: [dmarc-ietf] updating draft-akagiri-dmarc-vir… Terry Zink
- Re: [dmarc-ietf] updating draft-akagiri-dmarc-vir… Scott Kitterman
- Re: [dmarc-ietf] updating draft-akagiri-dmarc-vir… Kouji Okada
- Re: [dmarc-ietf] updating draft-akagiri-dmarc-vir… mhammer@americangreetings.com
- Re: [dmarc-ietf] updating draft-akagiri-dmarc-vir… Kouji Okada
- Re: [dmarc-ietf] updating draft-akagiri-dmarc-vir… Murray S. Kucherawy
- Re: [dmarc-ietf] updating draft-akagiri-dmarc-vir… Brandon Long