Re: [dmarc-ietf] Forensic report loops are a problem

John R Levine <> Thu, 28 January 2021 21:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2647A3A096C for <>; Thu, 28 Jan 2021 13:42:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=M6+cJnMh; dkim=pass (2048-bit key) header.b=ruDT3pl0
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DNFmc31sQDkf for <>; Thu, 28 Jan 2021 13:42:12 -0800 (PST)
Received: from ( [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 45D233A0C01 for <>; Thu, 28 Jan 2021 13:42:11 -0800 (PST)
Received: (qmail 94523 invoked from network); 28 Jan 2021 21:42:10 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=17138.60132fb2.k2101; bh=dwx7B4si8muTcw2EjNAASgCljQA/AcMj0g+maFXFXlE=; b=M6+cJnMh/gDAza4It+eeMlzMnbYozjp0rO1GSsWTpRhWj/5xtswxJYP8Z3IEyMtZck/iIhA2137NCfF59ZCeTRKpd4kUOgWK9QVmkw6TSjHvnIl8ezpKqJQM+I4SD54b1prrEPKhyTtMW8YCyrlml0eaPQX5mNZV2UCzfkxboVlzf7aZSATbqiABjtyWFecMVBKql0tDOBoEh9LMlrWMaR0G+ksBSjmHGKPQTn3oVPCVK553B7DJe2n+CYAk161nf9PVtg9FKz7HQlyXLBd9zySf4GDO7w+dIp+oRdINNRnG2Y0aGPdCCJ2K+F15tfxeMROpIUSZLn+crXPUpEzeJA==
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=17138.60132fb2.k2101; bh=dwx7B4si8muTcw2EjNAASgCljQA/AcMj0g+maFXFXlE=; b=ruDT3pl0EIluETrujXhr3BpZ0GZF7VYvSMf/3c9vgFpMyd4jGAzTxX/xDOZel8MFVShZv4/lsh4OMWyoaHfTQ46A/wKlP2NIXQE0xZDbJguvSmxM5PoQrA5fHQcGfe5kS9E3pgj2VgbKzgU87rOujVgidmUzpGjKFPe7eWA6VghMHH+NSiwwN4pWKPJBTzBWDGDARqpXFNUuSLDzoGbXNdPg4pkABEvuHGfVU0vdeXzbXeWEDkpMlOB6i2+LTsGGf8hb1TA6MGjo6BYT9bj9y4qpVRUu8Hmw3TVCQb//umC/l8DrAXDFGSKTOsB4B3KZnXnP3w1UbW1iiH7qqdzQvg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 28 Jan 2021 21:42:10 -0000
Received: by ary.qy (Postfix, from userid 501) id C79FA6CE660F; Thu, 28 Jan 2021 16:42:09 -0500 (EST)
Received: from localhost (localhost []) by ary.qy (Postfix) with ESMTP id 9148E6CE65F1; Thu, 28 Jan 2021 16:42:09 -0500 (EST)
Date: 28 Jan 2021 16:42:09 -0500
Message-ID: <>
From: "John R Levine" <>
To: "Murray S. Kucherawy" <>
In-Reply-To: <>
References: <> <20210127203714.007C86CDB9CA@ary.qy> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <>
Subject: Re: [dmarc-ietf] Forensic report loops are a problem
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 28 Jan 2021 21:42:14 -0000

> C) Stipulate somehow that generated reports should not contain data about
> received reports.  (If you do that, then you likely obviate the need to
> generate a new report back to that operator in the first place.)

I can't even tell what might be a failure report without deep parsing and 
heuristics.  And, of course, I am not inclined to add extra code to 
program around other people's bugs.

> This to me is almost exactly the same thing as saying "Don't generate a
> bounce about a bounce",

Because these are not bounces.  They are not even a little bit like 
bounces.  Bounces are about invalid recipient addresses, but these have no 
relation to anything about the recipient address.

They are fresh new messages sent from a system that presumably cares 
enough about DMARC to send reports about it, and presumably wants to send 
all of its mail with DMARC alignment.  If they are unaligned, that is 
because the sending system is broken, and if that systems publishes an 
ruf= tag, it is specifically asking to be inforned about exactly that 

Maybe I'm dim, but I am having no success understanding the apparent 
interpretion of ruf as "tell me about the unaligned messages I'm sending, 
except for some that should be really easy for me to fix."

John Levine,, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.