Re: [dmarc-ietf] Forensic report loops are a problem
John R Levine <johnl@taugh.com> Wed, 27 January 2021 16:17 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 188553A0B23 for <dmarc@ietfa.amsl.com>; Wed, 27 Jan 2021 08:17:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=gaMuSTs+; dkim=pass (2048-bit key) header.d=taugh.com header.b=NVzWz5dr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5mLrOjOjeILn for <dmarc@ietfa.amsl.com>; Wed, 27 Jan 2021 08:17:41 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02FBD3A0AFA for <dmarc@ietf.org>; Wed, 27 Jan 2021 08:17:40 -0800 (PST)
Received: (qmail 69222 invoked from network); 27 Jan 2021 16:17:39 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=10e64.60119223.k2101; bh=pcRTtF+ZNkovaIJiSh8cIOWV0qmOdP8y1IEypSh5hDg=; b=gaMuSTs+XYWqhjpwvtLx+tyOjIgW6py1R29+unJgNOXRbQe7IYrqOAkHJPKzd5jfPad17EhjYEzBFVXqtAWMT0iveJrQPZazRfWkBgAeOPW9uizKB0l3vU7cb5STmFtCJjst5DsyCRg4boU8StCqieZh65SPp8tD9QDaOI51NvobVJr6Xwm4yl26tNEJB/EqrXjXKvYGgayZszdpJt/XAqe9wxXK7A4+ETIwPiNfkvCiPpB4p/w+e/Dyt6a/k8fMkC7zYAf0SL5yFzrY9eprwKlV+mZRDB/cvVVSQoG3KLZDdknIju9exjpNfjxS9aOSCvTnTJTJEEEbmZ/lLWZzVw==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=10e64.60119223.k2101; bh=pcRTtF+ZNkovaIJiSh8cIOWV0qmOdP8y1IEypSh5hDg=; b=NVzWz5drTpnpWmfR+6zzy+VCZSWPaBFsF++kDfJ3flFYiM0yL9ZU5t/D9cBzkcs54TN2ziTVnnFe1jdeG8+PR1iBWF98e+rH1M550L7DCcI8OqV+J2t3bLi1VqABtMyoaEpsQVBkTXKSDPHMOhvMKi0O8GWLCZV1LWXHgEb+Q9qAHmQHvD8cGH+x7HfiZCBK2FWR2+ImDfrCs6sqvq6ENJlrahchrlR/cdb+/LCJaxZi4KYBRa6UVnOLk5eh/3z8N5lsOJwbxOXeIevZSmnhq9JTChPcumc9RwxXDfM6p7gWn0IEqy72L00XIexLYUzckbybKvcX1O1fNqS3og5FtA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 27 Jan 2021 16:17:38 -0000
Received: by ary.qy (Postfix, from userid 501) id 6782B6C2CB34; Wed, 27 Jan 2021 11:17:38 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id 37FA26C2CB16; Wed, 27 Jan 2021 11:17:38 -0500 (EST)
Date: Wed, 27 Jan 2021 11:17:38 -0500
Message-ID: <52ea482c-86f8-f879-eefb-ff14e8819b56@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Alessandro Vesely <vesely@tana.it>, IETF DMARC WG <dmarc@ietf.org>
In-Reply-To: <29f5c140-6b07-e3be-f188-8b2104690385@tana.it>
References: <CAL0qLwaZx97cztehz_o=cCVZRbEP_yFVS9hTqWDKg7cMgjNvFg@mail.gmail.com> <20210116034026.5C93F6AC0428@ary.qy> <CAL0qLwatEsNrfF5GeWoVhrk_By8K84mYdBNOUFiN7cBaAch8JQ@mail.gmail.com> <29f5c140-6b07-e3be-f188-8b2104690385@tana.it>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/WpL2Ae0h9258FKPohD91Yyw9b9E>
Subject: Re: [dmarc-ietf] Forensic report loops are a problem
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2021 16:17:43 -0000
>> disparate cases of it that we may be missing something bigger, and if so, >> doing something defensive in the specification would be prudent. There's >> smoke here, and there may be fire. >> >> Will report back. > Examining my report folder, I note I'm sending one-liner aggregate reports to > domains I never wrote to. The pattern is their sending me feedback for one > or more mailing list posts, followed by my one-liner acknowledging their > report later on the same day or on the next day, depending on their sending > time. That's not a "loop", it's the way that DMARC reports work. > While this is a minor problem for aggregate reports, it can be a real problem > for naive failure reports generators. Juri reported he had to target a > specific address, attributing the loop to a remote misconfiguration. > However, if it is possible to screw up authentications, the probability to > meet a loop is just its square, times the number of generators. If the authentication is screwed up, sending a failure report is exactly the right thing to do. That's what they're for. I think we should close this. DMARC is working the way it is supposed to, and people don't want to get reports about their reports, there are obvious ways to prevent them, like not sending unaligned reports, or sending reports from a domain that doesn't get reports back. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly
- [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Steven M Jones
- Re: [dmarc-ietf] Forensic report loops Juri Haberland
- Re: [dmarc-ietf] Forensic report loops Дилян Палаузов
- Re: [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops John Levine
- Re: [dmarc-ietf] Forensic report loops Kurt Andersen (b)
- Re: [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Douglas Foster
- Re: [dmarc-ietf] Forensic report loops Дилян Палаузов
- Re: [dmarc-ietf] Forensic report loops are not a … John Levine
- Re: [dmarc-ietf] Forensic report loops are not a … Douglas Foster
- Re: [dmarc-ietf] Forensic report loops are not a … Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are not a … John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Juri Haberland
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Steven M Jones
- Re: [dmarc-ietf] Forensic report loops are a prob… Steven M Jones
- Re: [dmarc-ietf] Forensic report loops are a prob… Douglas Foster
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] report floods, not Forensic repo… John R Levine
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John Levine
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Douglas Foster
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Alessandro Vesely
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John Levine
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Alessandro Vesely
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Dotzero
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Dotzero
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… John R Levine
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Douglas Foster
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Seth Blank
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Alessandro Vesely
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Alessandro Vesely
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Alessandro Vesely
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John R Levine