Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result
Douglas Foster <dougfoster.emailstandards@gmail.com> Thu, 20 October 2022 02:21 UTC
Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E3EAC1522BC for <dmarc@ietfa.amsl.com>; Wed, 19 Oct 2022 19:21:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zFTprHvizeGK for <dmarc@ietfa.amsl.com>; Wed, 19 Oct 2022 19:21:33 -0700 (PDT)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDA01C14CF1F for <dmarc@ietf.org>; Wed, 19 Oct 2022 19:21:33 -0700 (PDT)
Received: by mail-lf1-x12a.google.com with SMTP id bp15so31188800lfb.13 for <dmarc@ietf.org>; Wed, 19 Oct 2022 19:21:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=gAurW7P6fxp6AT8nyF35T98GUnGtchhRpllal1VNB3g=; b=fBSdJrF7utHAysilLzbr8CcQAYxyNG/WIO2/mNek3vIzax49voOTIW2pnBUswIYbhA Gdc5V4bIV7cmmn5TODfZUf9Krj6xnHNtCbqId0tODpHvUyoFBBJaLdZRMzgpGfhRN2Dq RlfHhNNQAkYGmzRgaxcRH6GHiz5f6AT2Mkeq/yJ2pAzwckusC3d39YL8v9WY9C/A5f9y U3RgthdTYf/ekVrAJUotZTszaQ78j+6phPmhMSSxp8qbEY3V0V2k3wO3cGjB+sEp+p4b 4CmfdE1RyFebHLzooyOFQb/tDFC4eRbwT48Z3EktnXOVwaR7sjiuiTaYXywOvfhTAutW ZoTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gAurW7P6fxp6AT8nyF35T98GUnGtchhRpllal1VNB3g=; b=xrRdpadYiO6nvSI/wEWCQAleAzurHcM5Zz5uZrPJlq9szMCF9rqJznl45Vb2ygxxIQ /IMyqyiha6XgsJSUv3KhYfzcar98iFXLaZHT6nE/xZ54FGB7sJ6uuk/VrG+e6tqC83Ob JceMgtZBr9ZWODpsdc71QDBCcNGe+jywGsWcPz1xSXoB1xB3ID7t41K3emvtxXvyH+ar IuBVE3+F9Jt5KYaPsGS0IMkSA6RIIDyhRLDZ/I9/xXJyT3VrMKbYFLXhem4gqYC2OOQw lQyyGih58x+2HIzf9B1mtVaNlzBafr0zoO8Z8DgC7TjQ/Pgw0V+B8Q5qRPS6l2wXqzhN gxlw==
X-Gm-Message-State: ACrzQf0SJCY/mwZkQoUAneNEvILPVrHikAcK4zuDBLF1aX/dSUnw+UGc dNpdU6ISR6VlBpd1iEo1Y2m8TA7eBWdy3yv2LLdTKYLR
X-Google-Smtp-Source: AMsMyM7U223Y+c50324DG83U527VrPy+e9I5upGRls2cTIBwqWUNTeSQBMprRSzBJv2D3HADuy8/7QZlqONSqclIwuw=
X-Received: by 2002:a05:6512:15a2:b0:4a2:7618:d712 with SMTP id bp34-20020a05651215a200b004a27618d712mr3967722lfb.672.1666232491775; Wed, 19 Oct 2022 19:21:31 -0700 (PDT)
MIME-Version: 1.0
References: <FCE0708E-CE6A-4E0A-B5D0-F735779FFAFC@kitterman.com> <9D6D6E80-B0B0-4CAD-B301-B0A17F9C6663@marmot-tech.com>
In-Reply-To: <9D6D6E80-B0B0-4CAD-B301-B0A17F9C6663@marmot-tech.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Wed, 19 Oct 2022 22:21:22 -0400
Message-ID: <CAH48ZfxNNDSMf2whxiUwZvLa0gyWnS33nKBg43KohdZCzF9ZFQ@mail.gmail.com>
To: Neil Anuskiewicz <neil@marmot-tech.com>
Cc: Scott Kitterman <sklist@kitterman.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c91d6e05eb6dfb44"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/R1vHUXGuT2C6RAoew-8mFiMd3sg>
Subject: Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2022 02:21:38 -0000
I understood Neil's concern, and have no objection, which is why I counterproposed "must not". On Wed, Oct 19, 2022, 8:42 PM Neil Anuskiewicz <neil@marmot-tech.com> wrote: > > > > On Oct 19, 2022, at 6:59 AM, Scott Kitterman <sklist@kitterman.com> > wrote: > > > > > > > >> On October 19, 2022 12:44:16 PM UTC, Dotzero <dotzero@gmail.com> wrote: > >> On Tue, Oct 18, 2022 at 11:18 PM Scott Kitterman <sklist@kitterman.com> > >> wrote: > >> > >>> > >>> > >>> On October 18, 2022 10:16:44 PM UTC, Neil Anuskiewicz < > >>> neil@marmot-tech.com> wrote: > >>>> > >>>> > >>>>> On Oct 2, 2022, at 11:01 AM, Douglas Foster < > >>> dougfoster.emailstandards@gmail.com> wrote: > >>>>> > >>>>> > >>>>> In many cases, an evaluator can determine a DMARC PASS result without > >>> evaluating every available identifier. > >>>>> If a message has SPF PASS with acceptable alignment, the evaluator > has > >>> no need to evaluate any DKIM signatures to know that the message > produces > >>> DMARC PASS. > >>>> I think it’s critical to DMARC that receivers do things like evaluate > and > >>> report on DKIM whether or not SPF passes and is alignment. Without > this, it > >>> would make it harder for senders to notice and remediate gaps in their > >>> authentication. Since there’s not a downside (that I know of), I’d say > this > >>> should be a MUST if at all possible. > >>> > >>> > >>> What is the interoperability problem that happens if evaluators don't > do > >>> that? > >>> > >>> Scott K > >>> > >> > >> Scott, What is the interoperability problem is evaluators didn't provide > >> reports at all? Reporting isn't a "must" for interoperability but it > >> certainly helps improve outcomes instead of senders flying blind. > > > > I read the email as suggesting a MUST for reporting both SPF and DKIM > results if you report results at all, which would, I think lead to exactly > the situation you're concerned about. I'm skeptical of any kind of MUST > around reporting since that's generally reserved for things that impact > interoperability. I do agree it should be encouraged. > > > > Mostly, at the moment, I'm trying to understand the proposed change and > the rationale. > > I think the reactions were to the tone that that seemed to suggest that > the importance of reporting was being downplayed. MUST is too strong and > strongly encouraged is sufficient. The standards system relies on people > making a good faith effort. To me, Doug’s comments came off as wanting to > weaken the language which concerned me. > > Reporting is key for DMARC to work as a system so any hint of weakening > that language or even could be interpreted as such caught my attention. I > think Doug clarified his position as addressing specific cases not a > weakening of the reporting language. > > DMARC is about the interests of the system but following the standard > strengthens the system within which the sender or receiver operates. Even > if one wasn’t interested in the health of system in and of itself, > reporting benefits the admin as it increases security and reduces broken > authentication. A *LOT* of Senders use reporting data as part of the > process of fixing their own and third party senders they wish to allow or > spoof, discovering errant shadow IT, etc. > > Reporting is or core importance for everyone if for no other reason than > to avoid headaches. Thanks. > > Neil > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggrega… internet-drafts
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Brotman, Alex
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Dotzero
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Todd Herr
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Murray S. Kucherawy
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Brotman, Alex
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Murray S. Kucherawy
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Barry Leiba
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Laura Atkins
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Murray S. Kucherawy
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Neil Anuskiewicz
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Scott Kitterman
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Dotzero
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Scott Kitterman
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Neil Anuskiewicz
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Neil Anuskiewicz
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Brotman, Alex
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Dotzero
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Dotzero
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Dotzero
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Murray S. Kucherawy
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Dotzero
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Brotman, Alex
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster