Re: [dmarc-ietf] p=reject
Autumn Tyr-Salvia <atyrsalvia@agari.com> Mon, 18 March 2019 20:03 UTC
Return-Path: <atyrsalvia@agari.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D68BC127987 for <dmarc@ietfa.amsl.com>; Mon, 18 Mar 2019 13:03:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=agari.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fC-BNs0KH8TN for <dmarc@ietfa.amsl.com>; Mon, 18 Mar 2019 13:03:35 -0700 (PDT)
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-bn3nam04on070e.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe4e::70e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DB8D1200D7 for <dmarc@ietf.org>; Mon, 18 Mar 2019 13:03:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=agari.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r62ES1N0iDMcXfvdop978eamBdcN4vqwzlxuSgHw1vI=; b=F/e4Z2M5aNr76h4SRIN7F0bM5vOyTVYl7sAT6lWHXHV0flmvqAAMacShLTe41NxRGjuiHRAPT9YrZhgFdAQ9q+lvUu33dNALS2I5oblRTjpTAJez1ieOeVcGBguIlbY6iZx8hcP4Ae7UZeIIp4+WOC7E/1uQXZktQsORgGe79Os=
Received: from MWHPR13MB0992.namprd13.prod.outlook.com (10.169.207.15) by MWHPR13MB1519.namprd13.prod.outlook.com (10.175.140.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1709.16; Mon, 18 Mar 2019 20:03:32 +0000
Received: from MWHPR13MB0992.namprd13.prod.outlook.com ([fe80::b4e2:fe96:7e6c:9f2c]) by MWHPR13MB0992.namprd13.prod.outlook.com ([fe80::b4e2:fe96:7e6c:9f2c%5]) with mapi id 15.20.1709.015; Mon, 18 Mar 2019 20:03:32 +0000
From: Autumn Tyr-Salvia <atyrsalvia@agari.com>
To: Michael Davis <mikedup84@gmail.com>, "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: [dmarc-ietf] p=reject
Thread-Index: AQHU3cUK8XJViCOEn0aGmAy4ai3bgqYRzxK0
Date: Mon, 18 Mar 2019 20:03:32 +0000
Message-ID: <MWHPR13MB09928A1B84F813030AAEBF52D7470@MWHPR13MB0992.namprd13.prod.outlook.com>
References: <CAOXFXsuLdsZgA-uJEDApRgW6bmzx5cORbiy=2KM9tNxHjqBxNA@mail.gmail.com>
In-Reply-To: <CAOXFXsuLdsZgA-uJEDApRgW6bmzx5cORbiy=2KM9tNxHjqBxNA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-Mentions: mikedup84@gmail.com
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=atyrsalvia@agari.com;
x-originating-ip: [50.227.133.34]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3a330a91-d6c2-4220-c59a-08d6abdccc0c
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:MWHPR13MB1519;
x-ms-traffictypediagnostic: MWHPR13MB1519:
x-microsoft-antispam-prvs: <MWHPR13MB1519942B8DBECB36A444F163D7470@MWHPR13MB1519.namprd13.prod.outlook.com>
x-forefront-prvs: 098076C36C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(346002)(376002)(39850400004)(396003)(366004)(189003)(199004)(76176011)(316002)(14444005)(71200400001)(99286004)(186003)(26005)(478600001)(53546011)(102836004)(110136005)(6506007)(7696005)(19627405001)(256004)(105586002)(106356001)(105004)(66066001)(486006)(86362001)(14454004)(476003)(6246003)(71190400001)(25786009)(11346002)(6436002)(446003)(229853002)(8936002)(3846002)(8676002)(74316002)(2906002)(53936002)(33656002)(9686003)(54896002)(81156014)(97736004)(81166006)(68736007)(5660300002)(2501003)(7736002)(6116002)(55016002)(52536014); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR13MB1519; H:MWHPR13MB0992.namprd13.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: agari.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: BX1BobT1hlzfySmGhMpSDSZaZV4kEWMq6ouPk60s6z14WEceW40B490eGFnBIKal7uEKdeQKdLtjQWNaelphiGzOm5dljE/D9vUKdQ/bkvJZyxpabItkM9yGCwp7lln3ZgbZMHCICWCQs3P+gt+i7vXinONaRxUX9C8PeHl/31TqgfgnrTCXU3s40k8X/Juxb0xyl/x80BaEm1WGgC6+N4eTWCKbA8xss3DXJ7fgeDZ8O8SM0vljQsodKzMNKzKAaGf9Yi1xAohVFNp7iWh6YI5Ki59wLzSrD3MleizuxZDEDbIXGflHH8KGmIdzUpZvgEd4KGjsRfiuevqMh6dzlRIA8QJDsvuS3+Zrc6AppLQXx2AMGPjOg33UyfNcCBu085fYAU9/OBtDwSnNAvMDiN6Js/52/U/GVVEUMia+c5s=
Content-Type: multipart/alternative; boundary="_000_MWHPR13MB09928A1B84F813030AAEBF52D7470MWHPR13MB0992namp_"
MIME-Version: 1.0
X-OriginatorOrg: agari.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3a330a91-d6c2-4220-c59a-08d6abdccc0c
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Mar 2019 20:03:32.2606 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 05773123-385e-420d-844e-f01aee5e37ab
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR13MB1519
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/vaitig45Sw8g6kMGvpiBUUTy_tM>
Subject: Re: [dmarc-ietf] p=reject
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2019 20:03:39 -0000
Hello Michael, Consider this scenario: Friendly From: @yourbank.com SMTP MAIL FROM: @spammer.ru DKIM d=spammer.ru SPF gets checked at the SMTP MAIL FROM domain, and DKIM gets checked at the d= domain. Either or both of these could pass authentication, but that would not mean the message is legitimately from yourbank.com. DMARC was intended to tie together the backend server information with the friendly From: address to prevent abusive spoofing like this, which is very common. Thanks, Autumn Tyr-Salvia atyrsalvia@agari.com Agari Principal Customer Success Engineer ________________________________ From: dmarc <dmarc-bounces@ietf.org> on behalf of Michael Davis <mikedup84@gmail.com> Sent: Monday, March 18, 2019 12:48 PM To: dmarc@ietf.org Subject: [dmarc-ietf] p=reject If a sender's IP is in SPF, so SPF passes; and the applied DKIM signature is successfully decrypted, so DKIM passes; what good is checking alignment and rejecting a message? I have had Adobe and Cloudflare automated system emails rejected based on those senders' DMARC policy, after SPF and DKIM pass. These emails were regarding password resets and come from servers that do not equal the spoofed address domain. It would seem that if the sender is approved according to SPF and verified according to DKIM that alignment being a reason for rejection post authenticas is an exercise of absurdity. Please help me understand otherwise.
- Re: [dmarc-ietf] p=reject Hector Santos
- [dmarc-ietf] p=reject Michael Davis
- Re: [dmarc-ietf] p=reject Autumn Tyr-Salvia
- Re: [dmarc-ietf] p=reject John Levine