IETF Logo Mail Archive

Re: [dmarc-ietf] SMTP Result Codes was -Re: Another p=reject text proposal

Scott Kitterman <sklist@kitterman.com> Thu, 13 July 2023 10:40 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 541C3C151AEE for <dmarc@ietfa.amsl.com>; Thu, 13 Jul 2023 03:40:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="25DbwnzN"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="sEgcZIUg"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LjQf96lyMWYo for <dmarc@ietfa.amsl.com>; Thu, 13 Jul 2023 03:40:31 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F340CC151AE2 for <dmarc@ietf.org>; Thu, 13 Jul 2023 03:40:30 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id B27D2F80250; Thu, 13 Jul 2023 06:40:20 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1689244807; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=biTMmTq3Cs9KkoY48ruMD1SVF1i6wh9P5RSfmlwUVwc=; b=25DbwnzNGtKhq8AgFj7KxzWwi28Ab0eIz9xqeq1qlRL55/OyxfM2hM0TqoMHxte5AMG6x jVk4rG2f6EurEg7CQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1689244807; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=biTMmTq3Cs9KkoY48ruMD1SVF1i6wh9P5RSfmlwUVwc=; b=sEgcZIUg1oAK0KROw2Yr/7+RB0uimVVe6r74ttqmOlFxU0WCYaG5fAXhWKaQjRLNgd+GB Vbvn3QpQ1V2ATLz3N/BSUN6gxPt8dTQ8sbiJX+/PTCvcHsaK8xZOjVHQ7s/tSs87XwoVAUX K+y3zbR1FC0lCm5LpkkAJjvdDF4GXQQEJKXWza3aKOrru7+HWsAwqFE6tqQFxjhFmaEHcJ4 pfJ8NipDs57ZFiQkUzylkYKdkfka8DBZg7zaCjfBJetCjwRP/xVynhsEC5FtZlBXtWtBzav x8U7M6LTFgKkm7wl7DA7F68ODK8uONQ93wyMzuB+N2f7MjSnhdLVIqByYpCg==
Received: from [127.0.0.1] (unknown [166.137.104.43]) by interserver.kitterman.com (Postfix) with ESMTPSA id 55709F80123; Thu, 13 Jul 2023 06:40:07 -0400 (EDT)
Date: Thu, 13 Jul 2023 10:39:55 +0000
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
In-Reply-To: <CAHej_8=OzWXbPYqnXMW7jRMUD902UTgCADFwYCLH-QpZaET0kQ@mail.gmail.com>
References: <CALaySJJSxpjmi4PgY27afc0iiMwimRtqj3m2NxKud1Bxb33jxg@mail.gmail.com> <2637666.BddDVKsqQX@l5580-debian> <5f7b5e0a-bd1f-1a09-faa8-4af56bf2cd1b@tana.it> <9182698.rMLUfLXkoz@l5580-debian> <CAHej_8=OzWXbPYqnXMW7jRMUD902UTgCADFwYCLH-QpZaET0kQ@mail.gmail.com>
Message-ID: <630251EA-0372-4875-B70D-C20AFEFE7E11@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/QlmMbZCdOukKQwBufGerX_p6FXo>
Subject: Re: [dmarc-ietf] SMTP Result Codes was -Re: Another p=reject text proposal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jul 2023 10:40:35 -0000


On July 12, 2023 1:11:37 PM UTC, Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org> wrote:
>On Wed, Jul 12, 2023 at 7:30 AM Scott Kitterman <sklist@kitterman.com>
>wrote:
>
>> On Wednesday, July 12, 2023 7:04:38 AM EDT Alessandro Vesely wrote:
>> > On Wed 12/Jul/2023 12:54:38 +0200 Scott Kitterman wrote:
>> > > On Wednesday, July 12, 2023 3:29:34 AM EDT Baptiste Carvello wrote:
>> > > ...
>> > >
>> > >> Why? Because it's brittle and will only bring them more headaches? At
>> > >> the very least, DMARC would need to use its own 5xy reply code to
>> avoid
>> > >> the need for parsing the reply text…
>> > >
>> > > This is a very good point.  The IANA Simple Mail Transfer Protocol
>> (SMTP)
>> > > Enhanced Status Codes Registry [1] has codes for SPF and DKIM (RFC
>> 7372)
>> > > and ARC (RFC 8617), but not DMARC.  Adding one is not currently in the
>> > > DMARCbis draft, but I think it should be.
>> >
>> > +1; still, having the word "DMARC" in the text greatly simplifies parsing
>> > logs.
>> >
>> >
>> > I noted that Baptiste wrote 5xx, not 5.x.x.  5xx has to be 550 methinks.
>>
>> I agree re 550.  Also, if I were writing the reject message that goes
>> after
>> the code, I would include DMARC in it.  I suspect most will for human
>> readability, but programatically, I'd use the codes if present.
>>
>
>Google uses 5.7.26 for the purpose (and for SPF and DKIM rejects):
>
>https://support.google.com/a/answer/3726730?sjid=16541570162287939258-NA
>
>Their use of 5.7.26 seems in keeping with IANA - Multiple authentication
>checks failed - since in order to fail DMARC, both SPF and DKIM must fail.
>
>https://www.iana.org/assignments/smtp-enhanced-status-codes/smtp-enhanced-status-codes.xhtml

Since there is no DMARC code, that seems like a reasonable alternative, but I do think something more specific would be better.  It's possible for both SPF and DKIM to pass, but still fail DMARC due to alignment, so it's not strictly true that multiple failures are required.

Scott K

v2.23.0 | Report a Bug | By Email