IETF Logo Mail Archive

Re: [dmarc-ietf] SPF follies, WGLC editorial review of draft-ietf-dmarc-dmarcbis-30

Dotzero <dotzero@gmail.com> Wed, 03 April 2024 10:03 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27B17C1516E2 for <dmarc@ietfa.amsl.com>; Wed, 3 Apr 2024 03:03:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DlgopYdV-xS8 for <dmarc@ietfa.amsl.com>; Wed, 3 Apr 2024 03:03:10 -0700 (PDT)
Received: from mail-oi1-x22a.google.com (mail-oi1-x22a.google.com [IPv6:2607:f8b0:4864:20::22a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F8CBC1516E1 for <dmarc@ietf.org>; Wed, 3 Apr 2024 03:03:10 -0700 (PDT)
Received: by mail-oi1-x22a.google.com with SMTP id 5614622812f47-3c3d7e7402dso4142853b6e.1 for <dmarc@ietf.org>; Wed, 03 Apr 2024 03:03:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712138589; x=1712743389; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=tk9ESInbHb8srtbPmxyC4RoQfVIeLJgodCeLkNbX8ZA=; b=NwvEeVLaM+L7VMZlRim2pJzEvgnALDqrf2X7ILz6cHhxzF0xzZt+WEL+3Gg4JYend1 E9euelZMZ12aLo111G6rhx3Ts9SxUDXRjMRYStT7VqrZUFMw5KoB9B6SxA3mBc1OVaCT GrEdDEQyJeO3cg92dmkbqPQpvznNt2tIq9KdU2N09vN1JIygm6z7mcoRAln6nVmqWLjE XobZPRMKWVWD1EDtGGj4BkBxf85mrCmR4goBOjKzmEIn2XtCMOINR7YPzhZayNKAvuWz EuBxdzsVlUrX5yQXWZKBwnCU33sAPhHXrX+UL3aMjpu22Mf8u5K12Shp5FJ1ep70q/Dw 6/Zw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712138589; x=1712743389; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=tk9ESInbHb8srtbPmxyC4RoQfVIeLJgodCeLkNbX8ZA=; b=tbK4CwQ5j3mZpmlq5G+sOfM5QbeRiG11YylWF/c0DM9k3gTK+YTei+wUpCnFRZTbcB IR4SicDUHjD5S4bn9wXiIdhvGghgxh4xjQjFZzHsvVc74diWlnW+TKzrTl+qjwJNMeN0 HaUHDbTkTktigBqC6eLmGeYi/NGTeDHrgvg4N1+7z9bQqmVGSdfMjDqFr4qNeB6A44uc LGN9G0CKIZtG9+WBFLPRkr5DKlGExZH6O5iSBWjvRR9n2HhKtGYobPxORjoeRlSrclBy oI4oRzSsAFSh7Ox2nzwHofBeNwI9FypUP38sLenhe66UBD01K76SSWDyak5H1hmD1RS2 WEtg==
X-Gm-Message-State: AOJu0YxKda1fG+DTvfu1j5wCfyc/pl6DZQSn2P++HcXRjLY9tRhiBvNy Zug9zXY2u+T8AZOtTosTODu7yarEIzQCsJc0y3VU/qDF3GhN7wp9W56EQE2sv/gQc0+FRf2/Q25 dkejIBJY/R5yWHRVGl24WspluVFM=
X-Google-Smtp-Source: AGHT+IF/+xU+FA24Y7JEcNOuJPCXE14mGYyEO7eqhubki3Ac8JJlZsPf1WhbOKjqx/qb4lU0QYFqQoRmkjHrPoD4/Hc=
X-Received: by 2002:a05:6808:f15:b0:3c3:c2d6:e12f with SMTP id m21-20020a0568080f1500b003c3c2d6e12fmr19009510oiw.8.1712138589229; Wed, 03 Apr 2024 03:03:09 -0700 (PDT)
MIME-Version: 1.0
References: <eda55c54-c149-475c-8117-bfdf3885a883@tekmarc.com> <20240331180009.F36CD8687B50@ary.qy> <CAOZAAfP9tXi80Fi=ZkgPpGwHo1fDbdSOZwVcnuPDbbc2xQd-7A@mail.gmail.com> <lIU60SB3NeCmFAG+@highwayman.com> <CAL0qLwZt+bo4ydCVOQbfg6bQEv-ufXrrwr8Aege9Wsv7LgH=kA@mail.gmail.com> <CAOZAAfPtxdBwEthN26cgvAnAbQ70wym+2k0WjtKqNVf44=-vMg@mail.gmail.com> <MN2PR11MB435115B7428C63C1B1058D9EF73F2@MN2PR11MB4351.namprd11.prod.outlook.com> <E7BDAB1F-D15B-4B9F-ADCA-E63E1331542B@wordtothewise.com>
In-Reply-To: <E7BDAB1F-D15B-4B9F-ADCA-E63E1331542B@wordtothewise.com>
From: Dotzero <dotzero@gmail.com>
Date: Wed, 03 Apr 2024 06:02:58 -0400
Message-ID: <CAJ4XoYcusyQ9nRu+kCw-hVfB3RA3ji_0=2rzyrMTDAyn2BkDdQ@mail.gmail.com>
To: Laura Atkins <laura@wordtothewise.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006add4b06152e5472"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/UAKan8gf9cNZrpu9TDP3dYO46KA>
Subject: Re: [dmarc-ietf] SPF follies, WGLC editorial review of draft-ietf-dmarc-dmarcbis-30
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2024 10:03:15 -0000

On Wed, Apr 3, 2024 at 5:21 AM Laura Atkins <laura@wordtothewise.com> wrote:

>
> On 1 Apr 2024, at 13:18, Brotman, Alex <Alex_Brotman=
> 40comcast.com@dmarc.ietf.org> wrote:
>
> One item left out of Seth’s text is that due to MBPs who act in this
> fashion, these SPF evaluation failures will (understandably) not show up in
> DMARC reports, and the domain owner may not have visibility for these
> failures.  However, the text also puts the onus on the domain owner instead
> of the MBP.  The text could be altered to instead suggest that MBPs who
> deploy DMARC should not utilize the outcome of SPF in this fashion.  If the
> domain owner wants to protect their domain, and has no idea if the MBP
> supports DMARC properly (presuming they also have an enforcing policy), is
> it more or less advisable to use “-all” with your SPF record?
>
>
> Is that true, though?
>
> I just saw a report yesterday that someone had temp failures at Gmail (73
> to be exact) and Gmail sent 73 DMARC reports for that sender / IP combo.
>
> So that’s one bit of evidence that even if the message is not accepted,
> DMARC reports are sent.
>
> laura
>
> --
> The Delivery Expert
>
> Laura Atkins
> Word to the Wise
> laura@wordtothewise.com
>
> Delivery hints and commentary: http://wordtothewise.com/blog
>


This implies that the messages were not rejected at SPF (connection but
before "DATA" command) but instead the connection was held open in order to
evaluate SPF as part of DMARC. This is a different scenario than a MBP
rejecting on the basis of SPF before DMARC evaluation.

\Michael Hammer

v2.23.0 | Report a Bug | By Email