Re: [dmarc-ietf] of course no DMARC result for DKIM testing and policy
Alessandro Vesely <vesely@tana.it> Sun, 24 March 2024 12:21 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C03DC14F5FB for <dmarc@ietfa.amsl.com>; Sun, 24 Mar 2024 05:21:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j482F2tzza_o for <dmarc@ietfa.amsl.com>; Sun, 24 Mar 2024 05:21:10 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [94.198.96.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75D50C14F5EF for <dmarc@ietf.org>; Sun, 24 Mar 2024 05:21:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1711282866; bh=1lcNsHop3ho6GhF5PIpWVFDnuquBxlh3AiFBgBNQScA=; h=Date:Subject:To:References:From:In-Reply-To; b=B6xmUUVfovu8nJ+R/TDdqIO5+RhNyWY12Mb5bTla3ncxBG2F1pIvtJmz3vR0+J5uM GZLFFn/zNuslQmhQB07Cj0EQprIoLHMmzQBcITnBdOTowxlZTrGmKdCwd0ZgQERsyI YpOUbWj+bzN1bmPbxbPYWbeuKbA5SFCNCmg2ciY6+qZ7useNC9bvX+QbKVRFm
Original-Subject: Re: [dmarc-ietf] of course no DMARC result for DKIM testing and policy
Author: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.120] (pcale.tana [::ffff:172.25.197.120]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC106.0000000066001AB2.00004DA6; Sun, 24 Mar 2024 13:21:06 +0100
Message-ID: <24de1dae-9f35-4776-a882-38c208865392@tana.it>
Date: Sun, 24 Mar 2024 13:21:06 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: dmarc@ietf.org
References: <27cf610e-8666-410c-b015-6c33478af9b4@tana.it> <CAL0qLwber-s8nNDEz_TAJijh0Py-ch9G4jb9gbguEQCc17xANA@mail.gmail.com> <497E0C77-354E-445A-9758-F6BC6058B980@kitterman.com> <cdec1c75-237f-41d8-bdbb-0b4477f6cebf@tekmarc.com> <utirpc$6e0$1@gal.iecc.com> <2A60D769-C3D2-4A55-9136-7E54AF8FD8CC@kitterman.com> <654c0002-945f-43ba-faea-4ca06bb9fae0@iecc.com>
Authentication-Results: tana.it; auth=pass (details omitted)
From: Alessandro Vesely <vesely@tana.it>
Content-Language: en-US, it-IT
In-Reply-To: <654c0002-945f-43ba-faea-4ca06bb9fae0@iecc.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/UZfg1sSnIWPruDD_2ZhKLXIzXsE>
Subject: Re: [dmarc-ietf] of course no DMARC result for DKIM testing and policy
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Mar 2024 12:21:15 -0000
On Fri 22/Mar/2024 19:22:10 +0100 John R. Levine wrote: >> While I generally agree, DMARC for the last decade didn't have a testing >> flag. That's new in DMARCbis, so I don't think that's really germane. This >> particular thing is on us as a working group. > > RFC 6376 makes it quite clear on page 28 that DKIM verifiers ignore signatures > with a t=y flag, and treat them as though they're not there. What else is there > to say? If they're not there, the message isn't signed, at least not with that > signature. I think it depends on the verifier's configuration whether it reports dkim=pass or dkim=policy for test signatures. And also for small keys, unsigned header fields which are considered important and the like. So, for DKIM, DMARC results depend on tweaking receiver's configuration. That's very different from SPF, where it is the sender who tweaks its configuration by setting adequate qualifiers. One more reason not to mix the two. Best Ale --
- [dmarc-ietf] DMARC result for DKIM testing and po… Alessandro Vesely
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Matthäus Wander
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Alessandro Vesely
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Todd Herr
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Todd Herr
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Scott Kitterman
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Murray S. Kucherawy
- Re: [dmarc-ietf] no DMARC result for DKIM testing… Scott Kitterman
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Scott Kitterman
- Re: [dmarc-ietf] DMARC result for DKIM testing an… John Levine
- Re: [dmarc-ietf] DMARC result for DKIM testing an… Mark Alley
- Re: [dmarc-ietf] no DMARC result for DKIM testing… John Levine
- Re: [dmarc-ietf] no DMARC result for DKIM testing… Benny Pedersen
- Re: [dmarc-ietf] of course no DMARC result for DK… John R. Levine
- Re: [dmarc-ietf] no DMARC result for DKIM testing… Benny Pedersen
- Re: [dmarc-ietf] of course no DMARC result for DK… Alessandro Vesely
- Re: [dmarc-ietf] no DMARC result for DKIM testing… John R. Levine