Re: [dmarc-ietf] Discussion - ARC/Extensible Reporting (Ticket #56)

"Brotman, Alex" <Alex_Brotman@comcast.com> Tue, 08 December 2020 20:29 UTC

Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 649763A07F0; Tue, 8 Dec 2020 12:29:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XIqykzTHtUTi; Tue, 8 Dec 2020 12:29:31 -0800 (PST)
Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 335103A07EA; Tue, 8 Dec 2020 12:29:28 -0800 (PST)
Received: from pps.filterd (m0184892.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0B8KN9NH031580; Tue, 8 Dec 2020 15:29:27 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=20190412; bh=bYTRYkZF4RPvyGgk3AWfX7/Cb/dRXTQx2TTPswS3Q/M=; b=F3I+aMitQwKQJdKAP1ZEYq38GERD1IwbDmVO27y0BPavZESxy4ZIETv9gySGzdy/kg05 UhbcawGr4ZYIME4zLkuCCFxQRggIW13z2n6lO7WIMYfZxn0z/mFjjim/aPVdiDquod4a 63RBeN5WYHvlLIJxrh35ZRWGxfLKq45bTZQ6U+L2QMeGwOKB4vmPwZJcmQ6cU3qbovd7 94HD0GlaPV+ZwC0l80Gt0DhOZQlOziQPzzSwQhDQkRcPKrtdzcPrGUFaUYsEaUlAmzNx 5xrA2NaO0DFI2dRUTUDwycfUydkPF02Hne9ENKSQWpDawahP1e5WHTKbjEie+AqfSR5q 6g==
Received: from pacdcex51.cable.comcast.com (dlppfpt-wc-1p.slb.comcast.com [96.99.226.136]) by mx0a-00143702.pphosted.com with ESMTP id 3587huu6vt-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 08 Dec 2020 15:29:27 -0500
Received: from PACDCEX49.cable.comcast.com (24.40.2.148) by PACDCEX51.cable.comcast.com (24.40.2.150) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 8 Dec 2020 15:29:22 -0500
Received: from PACDCEXEDGE01.cable.comcast.com (76.96.78.71) by PACDCEX49.cable.comcast.com (24.40.2.148) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 8 Dec 2020 15:29:22 -0500
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.175) by webmail.comcast.com (76.96.78.71) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 8 Dec 2020 15:29:10 -0500
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by BL0PR11MB2882.namprd11.prod.outlook.com (2603:10b6:208:7f::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17; Tue, 8 Dec 2020 20:29:09 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::7ca6:b482:a6b0:4d42]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::7ca6:b482:a6b0:4d42%7]) with mapi id 15.20.3632.021; Tue, 8 Dec 2020 20:29:09 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: Marc Bradshaw <marc=40marcbradshaw.net@dmarc.ietf.org>, DMARC IETF <dmarc@ietf.org>
Thread-Topic: [dmarc-ietf] Discussion - ARC/Extensible Reporting (Ticket #56)
Thread-Index: AdbI4+CbIMDOrFacSCuqUWajtLQ8TwAgvwMAAA97pBAAAfRzAADOhtAAAC42nxA=
Date: Tue, 8 Dec 2020 20:29:09 +0000
Message-ID: <MN2PR11MB43511AD9A2B8C6CF1356491DF7CD0@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <MN2PR11MB43512A1BB729A717B6E688DFF7F30@MN2PR11MB4351.namprd11.prod.outlook.com> <d14f03ef-f4fd-1b7a-699c-c670dcd9631c@tana.it> <MN2PR11MB4351A6BF2052A98DF95EA2C6F7F20@MN2PR11MB4351.namprd11.prod.outlook.com> <b00d374d-392c-5383-a4a1-31dc26d8e484@tana.it> <caa661e5-dead-493b-ad27-8fef74b5499f@beta.fastmail.com>
In-Reply-To: <caa661e5-dead-493b-ad27-8fef74b5499f@beta.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none; dmarc.ietf.org; dmarc=none action=none header.from=comcast.com;
x-originating-ip: [2601:43:101:380:b8f0:f8ea:7aa9:61ad]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 711725fa-7924-41b1-d177-08d89bb7eab4
x-ms-traffictypediagnostic: BL0PR11MB2882:
x-microsoft-antispam-prvs: <BL0PR11MB288269C6E0A70BF30B5C229DF7CD0@BL0PR11MB2882.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /IwylYeve2kCmYU3AGuJ1MhXUTJtOUTtXqQ4ixx9JeklyPrZE4JMfIP2NwhJJlw9q+GzkdEch2lNyO8dX66bn/8J+u9kteBxxDFrEXL9XRox3K2kr+gjackKittT89SVI7p5BPoEWVzAc2n1S0GIJgDJ4GoXAUF/43Wphe1KVSPsxmi8GwW85jUDkPXyt4FNs1X/dSfPaCLbAD9dMAqRhRSHgjJRF7VzLH+/FWPC1SThmbZiou+DuAIEQmKn+2+w3npvTdoSSjzK22pZqW+Tf3g3WVhn+9UXyIfY04rI+TXOdfhjzGSFvgBwyXWKGpALCEA0x8dyEXF+ncjnosxVdfuCFg70iq+JfdC7c7suPmtSf6wRxmwl5FPjRZcl5pMT9otFN1c12FAMBZjh7GyHvA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(376002)(346002)(136003)(66476007)(166002)(8676002)(55016002)(9686003)(52536014)(71200400001)(966005)(508600001)(186003)(8936002)(53546011)(86362001)(2906002)(110136005)(7696005)(83380400001)(6506007)(66556008)(76116006)(66946007)(64756008)(66446008)(5660300002)(33656002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?PDL2gBe6Fj5U1wHXcfAUGzyGjBqf3WyFbq+ryy5qZhNl7xXNVf6hU7K0QuOD?= =?us-ascii?Q?KG9kcSnv8wui3MVaaLp4Jnj5brBj++93Svso5gsajB+UfaUoKvJVIB3QgvgS?= =?us-ascii?Q?a4NwiPxay3Owfm10swDg4VhdHKp3nxNJUO93TAGo8CoYnCxxhWLthl4zb9Kj?= =?us-ascii?Q?mn1+4K00TuerBE/8z4D2IRhEi6xoEn72hRMNooiVykjYSIjaketKfVYzk7se?= =?us-ascii?Q?tEOiG5gsh9MoksGcr23pjBu8s2aoKcBrnH1zEazAHam0AP/qCH24ioU0z9VO?= =?us-ascii?Q?wCdbhWvhTHSz6B3LDl65Ma5BXP/DxWfvboLjeRU1T2KxS4lZaWXsHYTwXREx?= =?us-ascii?Q?vCNMpsjkLMDcyL9gSzcBjn8fkDCC+jVsayV8v8VaT3flKlShMJ3gLOWsuFWa?= =?us-ascii?Q?HUWjlh8ETnZMvYZeLeADW18fh1i8SdmAiLV/CiZjp3VywbqajMZSNiJmmd4S?= =?us-ascii?Q?4F21x4JhY/HkkSVa5p0E8QKkDjoGIzDBPxiZwcwA8I0XVinb3kjyLZyCblaM?= =?us-ascii?Q?0k7PTTjPymElHmkKBzIR6G0MXttWxYnrs7kXV8kK6wI/lU7sLHpfyoUjvjzL?= =?us-ascii?Q?T2YqDCU3gXI6lKAoy0y4sjvL7j4CyHxbC1jSpMAXnNgI1JT37xbYRkcdUGST?= =?us-ascii?Q?fW7pc1qX0BLnmsCUiBrY4xGHaurtcZ1EjdER4gkWSdljJKkiP0MKX1vZL1Y8?= =?us-ascii?Q?2aVYgUOJt711Frp24YdtnbDH8fQW93vhF56BI6xsl/lY1c8VDq3VQcTXUl2g?= =?us-ascii?Q?36PhLZ1CV0AslQ2gf5naUh0Wgum86Iqs8qBNwtdA29rK9wbkN7d+SKeRCz33?= =?us-ascii?Q?meKHOMtIIC7q4Pq4qPAEDrZoSHxN1q9/zvN0r5x73nxQdliUiMtyNHisqdQy?= =?us-ascii?Q?ndjmLq9YnFTXHeRcLlTaUwRF/IdZrUibhEUXH9tkcHm5PwwDv16zNV0GGgcW?= =?us-ascii?Q?U8k47kfUIlVTxje7ooR2k+ENJX1CQnAy3LugEprvrlWAQ5jQR5SbQ+CfUAbd?= =?us-ascii?Q?+QubReM/uABCMCH4z/0j1wLMIWEFXKGM2GyDCq1QYPLydCc=3D?=
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jiooas0TGPnq/2sdJ20ayvThVDmw3rKcHmFIiKdwXY6EYiFJ+FDCf6cnytQCw1eluXHqr96V9ox3gxKDhoWwnqEt/fSeHvfdrp2p8Q4hlzgE1J0WsjjCCQDeyCARcJi0PGS/N9MKMaFyGbGZo4XfhE4UrHMoCfpur4x2TCvt0Vn0w9CMBhO418ePPgc9LSJze+9FWHlUW6OD89a2ZvFMyEtVpb2ZAmdmwiglqwW8JyyvzgpQ6vIV0dZPGRyu1K9WuIDLwWuDyKSjRMdsHUUUfZ6hUaaNOLac8MUJyX1rj4C+jbY4eWwcynG4Mh3Fv4UbrDtJ2iEF8r3qy4TnQWVpcQ==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DmXDqH5D/dhgIoQ8xasbPW/q7ruRDFWhd4EzucRHSow=; b=AWVSkoyXe1NWGlCKRNaF/ohx84hn0ca8u4IhV/7ZNTIUonFw1qQAudZgi45J5rLofPqnF3hLIGVuA8q7u7oqREpBDcmPcVSmVEWIRkAYkG2l1wCORks8WDapNae20pJLYB/Z/bVtrmsUy56gp2fQa63P/PXUjNvuHnKOd4R/h+GvxELT0rAmJRE4bzbM6Afi2358xfrrALNAop3hLekD/UOxKznoSNc7OLp3b1gH695/Vnko4CO1yEpZKjlpeX0PJ2dpDeqeFBVZfTQK2gTqndY/PHaJ2mTOsjG1xbucBcrRYC01YmrN6XEFs6L3JLEHUrTeCIvOmpw6Wb4eoAYaOQ==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4351.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 711725fa-7924-41b1-d177-08d89bb7eab4
x-ms-exchange-crosstenant-originalarrivaltime: 08 Dec 2020 20:29:09.0994 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: n/LC1Z3HJKWJGsgtUZU6V3062m9elg/vOaSj14Cz/b4GROSig62Jssb8zeTQssXmWwhXFHVO4/avQPLoJYumJwj4g2lqfIGbd2MXxorpQDE=
x-ms-exchange-transport-crosstenantheadersstamped: BL0PR11MB2882
x-originatororg: comcast.com
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB43511AD9A2B8C6CF1356491DF7CD0MN2PR11MB4351namp_"
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWS
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2020-12-08_15:2020-12-08, 2020-12-08 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/UpIgm2Qhu7BjcjON7t5vouPX2ek>
Subject: Re: [dmarc-ietf] Discussion - ARC/Extensible Reporting (Ticket #56)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2020 20:29:33 -0000

I feel (as a receiver of reports) as though another reason to have these as a single report is so that the receiver of the report is able to more easily correlate the data/times.  I should be able to believe that all reports (without a specified ri) will be 0000-2359, though things happen, and systems break down.

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

From: dmarc <dmarc-bounces@ietf.org> On Behalf Of Marc Bradshaw
Sent: Monday, December 7, 2020 5:17 PM
To: DMARC IETF <dmarc@ietf.org>
Subject: Re: [dmarc-ietf] Discussion - ARC/Extensible Reporting (Ticket #56)


There is value in including these in one report, especially where the extended property being reported on influences how DMARC is evaluated.

Using ARC as the example, when a p=reject policy was overriden by the receiver because of an ARC evaluation, when that data is included in the report the indirect mail flow can be clearly seen, which would not be the case if ARC were included as a separate report.

This could be included in an <extension> element, or could be included directly in the auth_results section of the report, based on an assumption that the things being reported SHOULD have an authentication results entry in processed mail.

<auth_results>
<dkim>...</dkim>
<spf>...</spf>
<arc> (as defined in arc standard) </arc>
<foo> (as defined in foo standard) </foo>
</auth_results>

These would be defined in a registry with reference to each standard, and parsers would ignore any sections they did not understand.

On Fri, 4 Dec 2020, at 6:43 AM, Alessandro Vesely wrote:
On Thu 03/Dec/2020 19:54:51 +0100 Brotman, Alex wrote:
>
>> -----Original Message-----
>> From: dmarc <dmarc-bounces@ietf.org<mailto:dmarc-bounces@ietf.org>> On Behalf Of Alessandro Vesely
>> Sent: Thursday, December 3, 2020 6:24 AM
>> To: dmarc@ietf.org<mailto:dmarc@ietf.org>
>> Subject: Re: [dmarc-ietf] Discussion - ARC/Extensible Reporting (Ticket #56)
>>
>> On Wed 02/Dec/2020 20:46:54 +0100 Brotman, Alex wrote:
>>>
>>> While this ticket/enhancement specifically mentions ARC, I could
>>> perhaps see the usefulness in other places.  It seems like it would be
>>> more beneficial to create a method by which other documents could
>>> provide XML- based "extensions" to the report.  This would allow
>>> mechanisms relying on DMARC to independently define their reporting
>>> schema to be included in DMARC aggregate reports.  Alternately, we could
>>> focus specifically on ARC, and work to include that in the base XML.
>>> This means that any later reporting requirements could again require
>>> changes to the core drafts.>>>
>>
>>
>> Another possibility is for ARC to define its own report format.  Hijacking
>> rua= targets to send a different kind of report should be allowed.
>> Otherwise, we could define a new tag, e.g. rue= (e for Extension).>>
>> In either case, as we're introduce variations in aggregate report content,
>> we have to devise a method for determining what version/kind of report is
>> attached to a given message.>>
>
> We could add an element called "<extensions>", and we allow ARC or whatever
> it may be to exist under that element.  The Aggregate Reporting document
> needs to specify that any extensions are expected to be proper XML, and if
> there are no extensions, an empty element is sufficient.  We could create a
> bit more structure as a requirement if we wanted:>
> <extensions>
>    <extension name="arc" standard="ARC_DMARC_REPORTING_EXTENSION_DEFINITION">
>      ... (as defined in referenced standard)
>    </extension>
> </extensions>
>
> If a report parser doesn't know what ARC is (or any of the extensions), it could skip the processing.  I do understand this means that <extensions> element may break existing parsers, even when empty, though, I expect many of the things we're proposing may fracture the expected XML.


We can do a better job at producing aggregate reports with an automatically verifiable content.  For example, prepending stuff like this:

<?xml version="1.0" encoding="UTF-8"?>
<dmarc:feedback xmlns:xs="http://www.w3.org/2001/XMLSchema-instance<https://urldefense.com/v3/__http:/www.w3.org/2001/XMLSchema-instance__;!!CQl3mcHX2A!W_xDXVx707gc61M5TAh1t1CL61wpj57BHndbtFxULnxLzggrXnZfXLDP5T6PCW5mqmCE$>"
xmlns:dmarc="http://dmarc.org/dmarc-xml/0.1<https://urldefense.com/v3/__http:/dmarc.org/dmarc-xml/0.1__;!!CQl3mcHX2A!W_xDXVx707gc61M5TAh1t1CL61wpj57BHndbtFxULnxLzggrXnZfXLDP5T6PCX_7HCv_$>"
xs:schemaLocation="http://dmarc.org/dmarc-xml/0.1<https://urldefense.com/v3/__http:/dmarc.org/dmarc-xml/0.1__;!!CQl3mcHX2A!W_xDXVx707gc61M5TAh1t1CL61wpj57BHndbtFxULnxLzggrXnZfXLDP5T6PCX_7HCv_$> rua.xsd">
<report_metadata>
        ...

(Perhaps something better than "http://dmarc.org/dmarc-xml/0.1<https://urldefense.com/v3/__http:/dmarc.org/dmarc-xml/0.1__;!!CQl3mcHX2A!W_xDXVx707gc61M5TAh1t1CL61wpj57BHndbtFxULnxLzggrXnZfXLDP5T6PCX_7HCv_$>" for the version)

But then, would the <extensions> imply dmarc-xml grammar should be upgraded every time ARC (or whatever) is upgraded?

Separate reports sounds simpler.


Best
Ale
--

















_______________________________________________
dmarc mailing list
dmarc@ietf.org<mailto:dmarc@ietf.org>
https://www.ietf.org/mailman/listinfo/dmarc<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/dmarc__;!!CQl3mcHX2A!W_xDXVx707gc61M5TAh1t1CL61wpj57BHndbtFxULnxLzggrXnZfXLDP5T6PCcp8JAZr$>


--
[https://secure.gravatar.com/avatar/b214a020f4eb135ce2a6901d7540bdb1?s=44&d=404]

  Marc Bradshaw
  marcbradshaw.net<https://urldefense.com/v3/__http:/marcbradshaw.net/__;!!CQl3mcHX2A!W_xDXVx707gc61M5TAh1t1CL61wpj57BHndbtFxULnxLzggrXnZfXLDP5T6PCcwnsT8Z$> | @marcbradshaw<https://urldefense.com/v3/__https:/twitter.com/marcbradshaw__;!!CQl3mcHX2A!W_xDXVx707gc61M5TAh1t1CL61wpj57BHndbtFxULnxLzggrXnZfXLDP5T6PCZsg4P4v$>