IETF Logo Mail Archive

Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help

John Levine <johnl@taugh.com> Mon, 25 January 2021 19:52 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 109DE3A184D for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 11:52:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.049
X-Spam-Level:
X-Spam-Status: No, score=0.049 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=UNZXq1tn; dkim=pass (2048-bit key) header.d=taugh.com header.b=2SaQJ6Xj
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oyLWTlOF5ItE for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 11:52:34 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A85743A184C for <dmarc@ietf.org>; Mon, 25 Jan 2021 11:52:34 -0800 (PST)
Received: (qmail 93606 invoked from network); 25 Jan 2021 19:52:32 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=16da3.600f2180.k2101; bh=TJII+uxsGPoR7+tJ1Nww6GXYw+KQoELDsfNmaLB4Uyg=; b=UNZXq1tnBKQvWxl6q6Qj2ziDnmcJQMND9j+Ixol2iqDdadI/k8HBBRxB/goq1n17JIj/2n9OZC4gronFJ0BakFn00Oq47dTLa8yGWTXhjzgHzUepzAam0lBv96yEjcwUd/n3hcdFLTeRaEeUZsAr7q8lMhGOP50fxpZWHO785RCsx+8TYjCzX55DFlGYi/vHrLZTaus+zBiFiyfAQvBY7RyIDS4thhN6VlEJJRZTv/ZrdIUMuSROKJQyXKPwuApwrGLddNRrOYzpuSPzLSnlkhw4UBJ4jqwF1/dc+k5cptoDCpXyiQAfqJTCLpN/ldX72gRBrDLowRZ1Pcsz0JI5mA==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=16da3.600f2180.k2101; bh=TJII+uxsGPoR7+tJ1Nww6GXYw+KQoELDsfNmaLB4Uyg=; b=2SaQJ6XjJS+oHkykEqDqvOmgUPYXfiXAPrjXI1BSg3iFEvg8tYNoo7pzApU1SD+uRQkax9ZIVisvs/Pq7ICwnDwIkA3WDIvAjAP7Zw/Co3BIRyBP+qKMLRgjJdk4Pb5QqYnaXn4oAnA241kxb+/LQRmqQlIuj7Ou0jT9BEUC+3+2rqrMCpkLvixLGUTc1n1osyffiziQZuxDW3LF0EgEq6h6vfIsZBtBYyAuAP8CgmOurnD+PQ25Um60DK2eJx78f5xMLVnPB2R/tbVI6kG9BxYhzG8+SfSOeFGjuyxoJ7SQBx2/u584HjUFjyz/J5Pp+Zk1VGcMDkOPYcST8xVz7g==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 25 Jan 2021 19:52:32 -0000
Received: by ary.qy (Postfix, from userid 501) id E0DE16C13E26; Mon, 25 Jan 2021 14:52:31 -0500 (EST)
Date: Mon, 25 Jan 2021 14:52:31 -0500
Message-Id: <20210125195231.E0DE16C13E26@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: dougfoster.emailstandards@gmail.com
In-Reply-To: <CAH48ZfwejX1PHO7x1bjJTYyehXZWMuq3jrHFJzAHWfy1jQ+NQg@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/WNAhvY94kg7VQueMzgUsM-ZwvnI>
Subject: Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2021 19:52:37 -0000

In article <CAH48ZfwejX1PHO7x1bjJTYyehXZWMuq3jrHFJzAHWfy1jQ+NQg@mail.gmail.com> you write:
>-=-=-=-=-=-
>
>DMARC alignment on the report seems of limited value unless it is aligned
>to the domain being reported. ...

I'm getting the impression that some of us have not looked at any DMARC reports.

Aggregate reports contain the domain of the reporter, and the domain
of the sender to whom they are sending the report. They do NOT have
the domains to which the messages were sent or where they were
received, which are often different for forwarded or mailing list mail.

For at least the third time, there is no "domain being reported". When
I get reports from Google or any other multi-tenant mail provider,
they do not say to which of their gazillion hosted domains the mail
was sent. That is not a bug, and it's been like that for a decade. 

R's,
John

v2.23.0 | Report a Bug | By Email