Re: [dmarc-ietf] Forensic report loops are a problem

John Levine <johnl@taugh.com> Mon, 01 February 2021 23:21 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E1463A1586 for <dmarc@ietfa.amsl.com>; Mon, 1 Feb 2021 15:21:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.851
X-Spam-Level:
X-Spam-Status: No, score=-1.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=fSYP1o1g; dkim=pass (2048-bit key) header.d=taugh.com header.b=u53TdxuM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qP-2NFileqJj for <dmarc@ietfa.amsl.com>; Mon, 1 Feb 2021 15:21:07 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1998E3A1585 for <dmarc@ietf.org>; Mon, 1 Feb 2021 15:21:06 -0800 (PST)
Received: (qmail 84904 invoked from network); 1 Feb 2021 23:21:05 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=14ba4.60188ce1.k2102; bh=S/0IOC6WOiysfA5BAu5riwlCY2I84i8xSgKqGC4jxH8=; b=fSYP1o1g0WE6264eRqEVAxHAD4R7krBVnLI6sQFfVH7AJ6TsXKZK+MOf4XpM9qz7iyGdnyvmnKV/ET9vEJyjfISfVZNgPRHOPGG6J9USly/tV8iUhHwC8UdEnzzK/noqvwFWuxh4LPg5/nhbsN1EoahEjE7P23Dd37zvus7uA50LFAoGKi0mX8a9KHca1DcxTDINilQ9cCZeAmHWSy9aYe/str5dZ9vJxayh9aVX7MuQ3YBaGMFinVG5tXKVdWdZAmnzBNCYQzK8JiTRQvKEs7ZmxfqF6xTUHK6HhDGNlsYY4k3r9k7rWpNv1zL86A97Xa0n5pQBh5fIba9Ffe7/6A==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=14ba4.60188ce1.k2102; bh=S/0IOC6WOiysfA5BAu5riwlCY2I84i8xSgKqGC4jxH8=; b=u53TdxuMWtVX2EQIBixFu9r+3PQmQts78pt+Yj4ZNbIbVrmz92QlPybuaUGnTuZDKxgHOazEfUCKs4w8jY0F5P5HkekDs3+PK8OapDj8CXGAkdrYpxBLAkVx20U/taRMPimNOxRkoJPkr4cMQ5GVLngPIppRcaO8WNiEwyRdABjUFEznUq9Qk5TyJ7c6kRhGqSJ4D+HFOiQE1SY/pNv/sr15rfEgucP/OFTQ62MXJgepG98gVgnc+jmXXbtRNvdEUH4vYIDRM2UYVFPgnY+xCOHoYHuMnMVEtJVpU5fEMeHKaAFOOh4N+Uy5Gtc93S+krw2MEXI0y8knMufghim7mA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 01 Feb 2021 23:21:05 -0000
Received: by ary.qy (Postfix, from userid 501) id 1931D6D20971; Mon, 1 Feb 2021 18:21:04 -0500 (EST)
Date: 1 Feb 2021 18:21:04 -0500
Message-Id: <20210201232105.1931D6D20971@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: dcrocker@gmail.com
In-Reply-To: <dc398e7b-2fc6-f418-4e66-456a6c1189d6@gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/WsoLtrU7czQDEg1R9Pj0Kz0mlq0>
Subject: Re: [dmarc-ietf] Forensic report loops are a problem
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2021 23:21:09 -0000

In article <dc398e7b-2fc6-f418-4e66-456a6c1189d6@gmail.com> you write:
>-=-=-=-=-=-
>
>On 1/27/2021 7:17 PM, Steven M Jones wrote:
>> 3.3. Transport
>>
>>    Email streams carrying DMARC failure reports MUST conform to the
>>    DMARC mechanism, thereby resulting in an aligned "pass". 

>Mostly this will discourage reporting.  Legitimate reporting.

It's been like this for a decade.

>Consider the challenges to ensuring a DMARC pass.

Looking at the results I get (and understanding that the results that
arrive via private agreements are likely different), I get reports
from linkedin.com and seznam.cz that are aligned via SPF and are DMARC
reject and none, respectively, and from antispamcloud.com that are
totally broken, not even multipart/report.

I find it hard to believe that if you are going to enough effort to
maintain the data to create and send reports, you can't figure out how
to install an SPF record for your reporting domain.

R's,
John