IETF Logo Mail Archive

Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result

Douglas Foster <dougfoster.emailstandards@gmail.com> Mon, 03 October 2022 22:31 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97E3AC15259C for <dmarc@ietfa.amsl.com>; Mon, 3 Oct 2022 15:31:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oSa10GxNuMRQ for <dmarc@ietfa.amsl.com>; Mon, 3 Oct 2022 15:31:21 -0700 (PDT)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5244C152591 for <dmarc@ietf.org>; Mon, 3 Oct 2022 15:31:21 -0700 (PDT)
Received: by mail-lf1-x12f.google.com with SMTP id d6so4478894lfs.10 for <dmarc@ietf.org>; Mon, 03 Oct 2022 15:31:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date; bh=lsYyeNE73jQ2hLib4rtsIdAY1m7r0tLpMZkuA2EqLVY=; b=Ys9iz76RzODCl4J3LkqVQ2MttKomQTr01r0gxDYWbkZu9OcbwTRzFNOpAEPbxgig8V QLkoF+DlNtcMlezFFjDFurrqpDknrMsF/dOgE6TZKeW87txIqc5J66NLuTMo8uOTdRpB Pc2flk/UjNIzcPRSFjpURMrxfErWhfwEaBj6OdPQdjNUE6QQpXh7xIVgIjrkGa/vpkHx YBdC3S+rxxV9E24wfmVx7esZ+7w0Hvw28JpqCchbtoXoRr0waBQ7hVmt9M4djdCwBJZP K+5ZrsF6ydfNY+ynXQ3tNlxOmFurEPdUTh2fpe9DRzzDsvorZdQwwUWmxJwOllQn9yGq MlYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date; bh=lsYyeNE73jQ2hLib4rtsIdAY1m7r0tLpMZkuA2EqLVY=; b=GiUDWdl4UYLrI+6P7yz5q94/7bse0z5ETTRAbGwH1RAvH/piK6ehgdOV39kKBBvKM3 qhZqrIQqgS84kCbotJK1p7Eep+YoE7plWlO57eSXiTEl4I62QMLqgvnQAuAopjtCXjMB 9P9++m2XDnRqEgCqZaCpLW9VSDhYa5x/E65XQ3u94UPJTBaC6p7EYuoq242AtZMQBZjD oglY9h1hcdOomIhxJ6qae0iTaosUJ6f7/t/TS5kasbn7iSaCtsclZ13xgpZ0md4sjvGp U6Ny5gjokC3qSus+g3+/5oadc+Ky7w4V3eUZON6pZsCYf1PeFTU1FX7U5DCm23ez6Vkx TpzQ==
X-Gm-Message-State: ACrzQf3QyzVBqozduRacTXCFDOsOQYtqtRDKONKPYSMBEvliO7PIp12E YpRr5rKmcJ0We3jJC9K4dsgub8jo/5efnTiJqK5vxpNX
X-Google-Smtp-Source: AMsMyM50PWCaOdsXlImqlXQ8R7BwTYmdhX4kxnoMKsT6+JgHKLno5WkDLEVi/0kVkSUwTS4YcCTuwr2/LYyyiugq4CU=
X-Received: by 2002:a05:6512:10cf:b0:497:a97f:faf3 with SMTP id k15-20020a05651210cf00b00497a97ffaf3mr7494750lfg.60.1664836279450; Mon, 03 Oct 2022 15:31:19 -0700 (PDT)
MIME-Version: 1.0
References: <165046214335.10055.16398898629460366752@ietfa.amsl.com> <CAH48ZfxZOq68=P-Qxjvjk1c8PxWAWDvaBPPQcb4DWmd6cL=u4Q@mail.gmail.com> <CAJ4XoYen6n06L1UBqzu9nr2jCC7v_-GOAdJXMzCks6d-AaKqUA@mail.gmail.com> <CAH48ZfzVt=+yoj280VxL_SV+YM4C7eqMWhL=41YpVybaPmLcLg@mail.gmail.com> <CAHej_8mgKjpo6DDbOS9bBdTarThKOa9F55QBtrM6G-oq1YfX+w@mail.gmail.com> <CAL0qLwYjYY4OvShqACWPz0vdJcAubdU1csFFVSkqzsReZSZxuw@mail.gmail.com> <MN2PR11MB43514940B87730CC9D476AACF75B9@MN2PR11MB4351.namprd11.prod.outlook.com> <CAL0qLwb=1CZN6s2QzWJGFeO3=iPWZ-eS=7hvi4B6jhuh+hLJ0w@mail.gmail.com> <8ab0943b-9805-1a0e-528d-9cf45f2eaf9c@tana.it>
In-Reply-To: <8ab0943b-9805-1a0e-528d-9cf45f2eaf9c@tana.it>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Mon, 03 Oct 2022 18:31:08 -0400
Message-ID: <CAH48ZfzM2J0_RizqESbFSm3ASfc2x6nsdxUXWEWO+4g2vXsz+g@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000bc14f05ea28e731"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/U47ngGcLV6XINxxGFnVgkwvPLWk>
Subject: Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2022 22:31:25 -0000

The primary key for aggregation is the SMTP domain (up to 255 characters),
plus each DKIM domain (up to 255 characters) and its DKIM scope (up to 64
characters).    For 100 DKIM domains to be included, the primary key
becomes up to 201 fields with up to 25,919 characters.  This is
unmanageable with readily available tools like a SQL database.

I suggest that we start simplifying the scope, by limiting the items of
interest to:
(a) SPF whether pass or fail,
(b) aligned DKIM domains, whether pass or fail, and
(c) non-aligned DKIM domains that pass.

I don't see any value in knowing about failed DKIM signatures for
non-aligned domains.   Perhaps someone with a sophisticated report parsing
capability will be kind enough to correct me and explain.

Then I suggest that the DKIM upper limit by 10, not 100.   At some point,
an excess of domains becomes a DDoS attack on the evaluator, and to a much
lesser extent, the report recipient.

Doug Foster


On Mon, Oct 3, 2022 at 2:17 PM Alessandro Vesely <vesely@tana.it> wrote:

> On Mon 03/Oct/2022 18:01:06 +0200 Murray S. Kucherawy wrote:
> > On Mon, Oct 3, 2022 at 10:26 AM Brotman, Alex <Alex_Brotman@comcast.com>
> wrote:
> >
> >> So we would likely need a section in the core document with a SHOULD for
> >> evaluation (if it’s not already there), and then a section in the
> aggregate
> >> reporting for a MUST for reporting on evaluated information (if they
> choose
> >> to send reports at all), correct?
> >
> > [...]
> >
> > From the actual protocol standpoint, the filtering part of DMARC operates
> > just fine if you make the shortcut Doug is proposing, so the first SHOULD
> > is probably apt but the MUST is moot because it doesn't change
> > interoperability.
>
>
> Let me add that reporting /all/ identifiers can be unfeasible.  (I, for
> example, collect identifiers to be reported using SQL left join of various
> copies of the table, which delivers results as just that many columns,
> although
> more might have been evaluated at reception time.)
>
> Reporting just the "most important" identifiers could be an option.
>
>
> Best
> Ale
> --
>
>
>
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email