IETF Logo Mail Archive

Re: [dmarc-ietf] ARC questions

John R Levine <johnl@taugh.com> Wed, 25 November 2020 01:52 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 779E33A0B5D for <dmarc@ietfa.amsl.com>; Tue, 24 Nov 2020 17:52:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=MYRUgMTz; dkim=pass (2048-bit key) header.d=taugh.com header.b=hbeCbixL
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vk-NAvB9s6fK for <dmarc@ietfa.amsl.com>; Tue, 24 Nov 2020 17:52:47 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8B173A0B5B for <dmarc@ietf.org>; Tue, 24 Nov 2020 17:52:46 -0800 (PST)
Received: (qmail 29876 invoked from network); 25 Nov 2020 01:52:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:original-authentication-results; s=74b1.5fbdb8ea.k2011; i=johnl-iecc.com@submit.iecc.com; bh=1alijATxsZwODJqZQ6PXUr/HSr+94xPseIDBmnv/70I=; b=MYRUgMTz2cdIFjKpS0UIk1JpGwHRV+Ko2FTeR0UI6Zv38NtbcwvdPOmpmGQcRYQKR/9BMFLHHwiCMyHFUbqDoW4pOJIH4cK/24BH1/F+2hv2EPWfQHWB+gd/wzAIuONtbgaAjjmJs1SrQPYxqcsn+UPDhoW7kgnJa/CHlop1ERuhGefJr+fvE534Zi+qMd0vyetkltPHv1rX7LXHUGBLj3/hrV15tAGMKQw6o8r1FKOtjWvX3b+z2f9QsRPDzGWGOipIjiiS+zZVQnqcQrX+8GAnh5EFdmcpzQx825K6XpiQW8Fg6qQt0RmJZim7IcHKJbt7kPFORzfZU5IHqCDxDQ==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:original-authentication-results; s=74b1.5fbdb8ea.k2011; olt=johnl-iecc.com@submit.iecc.com; bh=1alijATxsZwODJqZQ6PXUr/HSr+94xPseIDBmnv/70I=; b=hbeCbixLuDQztZgldEPUuMhxqkZ5tLE5RbmH8TJpUPzUGGel5vTFqnekxqJV6F7SqniUNsO8ipCZaYTCq152b81PsWJcctTBlKnD1wRniVRI8WF2ovC1+4+RzHpipjXIDTyiX+j4yssXfN55SzX68Nyq7DY6Xik7P9QXmPipeh2itiblRw+s885Cc86KgaTzkpGosxgDJtcJ2LLKecN+uwE3pnk/n6W5Zx226OKWCw5CgEkYCmsmDb9VsBDz+pI1xW2zKM2RFMC2xUKbCCDTY7RMEQZUObtytAyCufVdyWVm5zcYyNk6etMBsHqVfvB0rEGtGvZZi7tcgLj+YO0bxg==
Original-Authentication-Results: iecc.com; spf=pass spf.mailfrom=no-reply@sharepointonline.com spf.helo=APC01-SG2-obe.outbound.protection.outlook.com smtp.remote-ip="40.107.131.117"; dkim=pass header.d=spoapaceop.onmicrosoft.com header.s=selector1-spoapaceop-onmicrosoft-com header.a=rsa-sha256 header.b="wrH3TGY5"; dkim=pass header.d=sharepointonline.com header.s=selector1 header.a=rsa-sha256 header.b="nk5sNj5U"; dmarc=pass header.from=sharepointonline.com (p=reject, pct=100)
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 25 Nov 2020 01:52:41 -0000
Date: Tue, 24 Nov 2020 20:52:41 -0500
Message-ID: <1bd5da1d-ce8-d0b-9e49-67c3b7df8db@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Michael Thomas <mike@mtcc.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
In-Reply-To: <c954eadd-5c85-c0d9-2168-8a42de506b72@mtcc.com>
References: <20201124020453.AFDC027CE5C8@ary.qy> <cd855b53-d9bd-3412-3bd5-dc4b7720dc5c@mtcc.com> <CABa8R6s0bfs87Fu9eOq_R3WH1pngauVXrw3RSPe9iWWCtf3AmQ@mail.gmail.com> <c954eadd-5c85-c0d9-2168-8a42de506b72@mtcc.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1063395498-1606269161=:35191"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/OmTzwzP9GuE1oF5m1TvUZVA799c>
Subject: Re: [dmarc-ietf] ARC questions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2020 01:52:50 -0000

On Tue, 24 Nov 2020, Michael Thomas wrote:
>> Our experience also showed that more than one hop is quite common in 
>> enterprise deployments, and those are also the places where the most 
>> complexity arises. Others shared our experience as well.
>
> That's more than one modifying intermediary in *separate* administrative 
> domains?

Microsoft currently appears to add an ARC seal for everything that
transits their hosted mail system, no mailing lists or whatever
involved. I think I may have seen stuff from them with two seals.

Here's the headers of something from MS that I picked out of the
spamtrap. It's a fake Sharepoint message, and all of the SPF and DMARC
checks failed, which of course makes one wonder why they sent it to me
at all, but there's plenty of ARC-age there in case I want to do the
filtering they didn't.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

================================================================
Return-Path: <no-reply@sharepointonline.com>
Received: (qmail 53861 invoked from network); 24 Nov 2020 23:04:40 -0000
Authentication-Results: iecc.com; spf=pass spf.mailfrom=no-reply@sharepointonline.com spf.helo=APC01-SG2-obe.outbound.protection.outlook.com smtp.remote-ip="40.107.131.117"; dkim=pass header.d=spoapaceop.onmicrosoft.com header.s=selector1-spoapaceop-onmicrosoft-com header.a=rsa-sha256 header.b="wrH3TGY5"; dkim=pass header.d=sharepointonline.com header.s=selector1 header.a=rsa-sha256 header.b="nk5sNj5U"; dmarc=pass header.from=sharepointonline.com (p=reject, pct=100)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
  b=O1UbAqs382laXh6I4AhWTigOPfRFerozKTibyzMawpdnyHHn4iHRW4u6+HZ1KlqNZHfhco5U9KgrgsCzP1VvHaD686U2omsloPRlsuR8+8UQPucSS/qtgYrv+5vDfF8cNqvnyfRvS/kOy3bAzr4vVPfhtgPbQ2sn+L5wMjo+w8kV+AZ6O6KedBqZSrX6Mt6OpsqFT1l3sTybAuOHlrmjo++cp2Dn0atKYnqDAAu1OIOSW6/dnc0u6fwbVoURavwPtWVhnK2/1MjHnlJO6XZTQeQtvvU82RSaaEikGgrQhsAO41Uz2HJPMt3S6e4RAWYS1n995BOeosRNjLcKxFNx2A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
  s=arcselector9901;
  h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
  bh=OYiUO2h5rcN3yi5Rpfr3/080+M/p/ca47NawA9FGJAw=;
  b=WpRrZ43L7klrMFI7e2Xg+LjrKHEocOU52J2YWHSirU4EX4J1yqrqMWT1MqGQze8tEbPEtTSa8r2ZM6ff235Mch1QlpbmQt2HtmGClJGe+ZYkRTf5zTmGyLxSokIrNfFaAHtztaqnct0XlLgMCm3Uu5zxqzaIfh9Wi2vMlLpX/mHRx+W6XOw1+Frb1msMbyf4LbjtjFWCv1+KBpACSaxC9vWIc70+P7stlVkuGyxM9rE+oO7jodaUCAHvkBQtASZ+PVeGe/gxxP3Pv26WnM31HDxVKGkn6mVsCkhkqW6L/4O2/SBCjtyM0gUoatMprsAOTian7sDbnQYtzTzTP2f0wA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
  13.75.93.237) smtp.rcpttodomain=repmark.com
  smtp.mailfrom=sharepointonline.com; dmarc=fail (p=reject sp=reject pct=100)
  action=oreject header.from=sharepointonline.com; dkim=none (message not
  signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=spoapaceop.onmicrosoft.com; s=selector1-spoapaceop-onmicrosoft-com;
  h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
  bh=OYiUO2h5rcN3yi5Rpfr3/080+M/p/ca47NawA9FGJAw=;
  b=wrH3TGY50Qitk5Kc82kUaGKKbBcgore8XTTR+QrqeSmGIEyalPhCQ+HoQXN6Euuhzc0EM9GOEYvMk2I5wYiZZ9eihJ4UuBARo1EHK7zYDlda2EAql0V+/5oWR0jHFvYBmH+QUCQ5SJ+R2IxO5x9yK0fXUJtpTPmZgYpvwH+AIA4=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sharepointonline.com;
  s=selector1;
  h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
  bh=OYiUO2h5rcN3yi5Rpfr3/080+M/p/ca47NawA9FGJAw=;
  b=nk5sNj5UH1ZrUT387iGCYgiYCAZspugCdueY19ZRfrz+hs1F/ltpSFIUvvB/PZ8QRP1H4qGujpRuLnD3PlNLPn1Qak0pFp13mwip2g5eV8ObJxBw1d11zLM7PM090Z6Ri2NrKK241iAgmOl5gZrcrLgur7F2ckhtMYJsSkCKiUEDOfHSns3JN/AHVXm7C46BOMrQbJbhWqwTojkasOgVEGnAZbEcUbVT13mAmKvB1t7BL3wCk56q37jYm09vuSzvhja3+oegQ/iaLsurvCDzJkW2WvmRt2+Y+LYaG4HYboUQ7W/P6pDJCPpMDZzHp9aRwrHGamKgpdi/0lrXwz9G4w==
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 13.75.93.237)
  smtp.mailfrom=sharepointonline.com; repmark.com; dkim=none (message not
  signed) header.d=none;repmark.com; dmarc=fail action=oreject
  header.from=sharepointonline.com;
Date: Tue, 24 Nov 2020 23:04:25 +0000
Subject: Ashley Barker shared "I'M 28 Years Horny & Sexy" with you.
Message-Id: <odspmicro-ReceivedShareActivity-cdea909f-803b-0000-6144-77c91ea01270-83b10cce-60d1-47f3-896c-5458d1ec51d2-7365a940-ab77-4afa-ae95-7cfbc27db0a7@RD00155DB4113C>
Sender: Ashley Barker <no-reply@sharepointonline.com>
To: jamaicadiscountvacationpackages@repmark.com,
  wevmaster@marshfieldtravel.com, tcwall@hiwaay.net, rrbrown@ptdprolog.net,
  members@onlinecityguide.com, david_burnstein@lecg.com, aimee_smith@dell.com,
  mturne@tivoli.com, bassman7@earthlink.net, alfacors@nectar.com, tisom@gcm.com,
  tmano@ais.net, tamara@tamarasmith.com, uu-reques@iecc.com, nar@net.com,
  transc@worldaccess.com, randihanki@yahoo.com, jc_smith@dell.com,
  kstephens@supnet.com, tamerasmith@sprintmail.com, sawye@sovam.com,
  tempest@storm.net, smithep@hotmail.com, smithg2@hotmail.com,
  ssmithley@docsolinc.com, mistersmith@free-online.co.uk,
  brettataylor@comcast.net, wbatterton@steptoe.com, jlup-lupini123@gmx.com,
  princehopkins@yahoo.com, fiorentini@aweddinginitaly.com,
  waynenewton@mailcity.com, cdwcdw321@gmail.com, bforbes@accessenter.com,
  chickmagnets2000@yahoo.com, mhusak@jup.com, waldmanb@cooley.com,
  krsmith@rocketmail.com, emcsquare86@gmail.com, iggy@wvadventures.net,
  smithdw@hotmail.com, wmesar@tofu.boston.sgi.com, garysmith@adelphia.net,
  theheart@tampabay.rr.com, kp7673@icloud.com, smusterm@bellsouth.net,
  wrweichel@ccgate.dp.beckman.com, mjsmith98@hotmail.com, ric@evil.com,
  smithbro@earthlink.net
Reply-To: 16k4051097@hce.edu.vn
X-Crid: =?us-ascii?q?cdea909f-803b-0000-6144-77c91ea01270-83b10cce-60d1-47f3-896c-?=
  =?us-ascii?q?5458d1ec51d2-7365a940-ab77-4afa-ae95-7cfbc27db0a7?=
X-Tnid: 4da64f37-4e7a-43e8-b13d-018f28080f20
X-Usid: 73a83b38-1250-4360-859a-54b192a55f6a
Return-Path: no-reply@sharepointonline.com
Cc: Ashley Barker <16k4051097@hce.edu.vn>
From: Ashley Barker <no-reply@sharepointonline.com>
MIME-Version: 1.0
Content-Type: multipart/related; boundary="=-wIBw8BF64FqYMCUfyfbuzQ==";
 	type="text/html"
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 823ab865-eff7-42d9-14cf-08d890cd4a4b
X-MS-TrafficTypeDiagnostic: KL1PR03MB4837:
X-Microsoft-Antispam-PRVS:
 	<KL1PR03MB48378B834F19F813CE0FA243E5FB0@KL1PR03MB4837.apcprd03.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:353;
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
 	zuiAupEkmAdpxoBPZ4hiKqXGasyOmchAbttQ6nMViz+86m0Ro4qh1NSjGRNRCfXo1yq8vINCCfSw0+0XDgf/LrZE4oQJqxNvSAnjlxRM0mV20srf4ezVt9j2ChmLZIuAF3vDkFcm+23zDqFXjk1vib+XBGebYmuHqab/0UOChGurgcxtXgJx1zX1Ui/ycGUvTiZt6UYItmU/+wwdmlRytXCHMBDox1xBLUxdjaRA4bzX7cvVkV6PK41AgeQZIgU7Ex4ObLQjNvKHDpbWuwgiQuRtt1r5LqKOoJS03fhgtgc7rn5o3J19RmFkmNl96IlcQIs4wZr+hU0ANcZ/vMMz7BMKO0ExIx5f/Ke4jnEih9mrd1FCc3bDsY4MuwD/yi/lfgbV1ugvGvkEC+GJ22etdTaEHWhBd0BNf+bOlJ5DC4kd+QUvZDPOXJLog2A+9ipyZrQA7smlEKhk1m7jhlPAvCsT48FVYWwfxxAJo2lF+knl+8u8+/hlcJEZ7EZf99IdWD0iBTWTpjJ0r8WU+OB6gWB0gIpJW0LD3e3C/Ih5cIuYmMwxL7dy1dwJ+weh6omoPU5Mdfj445iBx84fO78eoA==
X-Forefront-Antispam-Report:
 	CIP:13.75.93.237;CTRY:HK;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:[10.218.0.17];PTR:InfoDomainNonexistent;CAT:NONE;SFS:(6049001)(7916004)(346002)(39830400003)(136003)(396003)(376002)(7846003)(166002)(19627405001)(2906002)(356005)(921005)(6486002)(4326008)(33716001)(81166007)(76236003)(4186021)(33964004)(26005)(82310400003)(336012)(7406005)(8936002)(32650700002)(8676002)(70206006)(966005)(498600001)(11855715004)(7416002)(7366002)(55885007)(9686003)(70586007)(66576008)(36736006)(316002)(5660300002)(16576012)(956004)(86362001)(9833003)(9813001)(44636011)(32350700004);DIR:OUT;SFP:1102;
X-OriginatorOrg: spoapaceop.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Nov 2020 23:04:26.1465
  (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 823ab865-eff7-42d9-14cf-08d890cd4a4b
X-MS-Exchange-CrossTenant-Id: 3c412e91-e450-440a-8d6a-3245b726f1e3
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3c412e91-e450-440a-8d6a-3245b726f1e3;Ip=[13.75.93.237];Helo=[[10.218.0.17]]
X-MS-Exchange-CrossTenant-AuthSource:
 	HK2APC01FT007.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: KL1PR03MB4837

v2.23.0 | Report a Bug | By Email