Re: [dmarc-ietf] Forensic report loops are a problem

Dave Crocker <dcrocker@gmail.com> Mon, 01 February 2021 18:52 UTC

Return-Path: <dcrocker@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 263863A140D for <dmarc@ietfa.amsl.com>; Mon, 1 Feb 2021 10:52:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LXWGYreeI88l for <dmarc@ietfa.amsl.com>; Mon, 1 Feb 2021 10:52:14 -0800 (PST)
Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B126C3A1402 for <dmarc@ietf.org>; Mon, 1 Feb 2021 10:52:14 -0800 (PST)
Received: by mail-ot1-x32f.google.com with SMTP id f6so17317952ots.9 for <dmarc@ietf.org>; Mon, 01 Feb 2021 10:52:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=LCMusnIPY8LWnTuVjBjG55H9SAHIwIL06DAAshbUzpM=; b=a3EH4/5e0CbhOH/sslcu8S/QbrDXt4RBRJgQ8BiV/QEJWXrReK/Ouam8i6Z1ca2R3C aN9/FdT+72OdJsy7LYPa7BGiveuuKeD7dVGMrsA//x+2hiT/XPSkTeps8/qyZdIRQBaK QLP1J7U0+ak+/KMJfV4A0rnf2e+Eusms/i0AJpD/Og2SADcC4ZHxV0j9mhsZcBOoTPp4 0HAT6c40GeocAYqA0XYs1p8uahmwa+pDSo/RlA5wtiATRr3JGn40e5NKjRXTsni9t8uj xAGXGt6JJhDBUYcrJaHbSIcTIL4uV/oBPIRingGNDVgg+Fi2LLI10uMwJPmjnbpqaBux J0WQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=LCMusnIPY8LWnTuVjBjG55H9SAHIwIL06DAAshbUzpM=; b=Tuwxa59QSmFbolJpoNJRn1WAHvrbboE0xAFr5mqrHQ9j5R2ClTOl/M3dhZyaC8LYeI sLSbjTs6AdTEcjntYWLmhuuvSkl07AKo0hUSjJrYT/FgW/g+usJcxgCfqo9/DG45Ljel PxxqQYzhnxz6BFQCwmFb/tv7YKQ6RGluhVMnPeJtj6IdyMWRUg/h+8FpWWQIYO/UpbU2 t2lmNy2lH1a5oiW+t09TLXJos1etildCRNeLBI+B3VJCE6y86R4C4KhWRDeZSgtVqXBz GiCC8FXekwLyQ4y7q+KRGGtCEWpfn3+OP1pvJj9mM7W3CIT/Vy67YntkQBNKjMsrcf/y 56hg==
X-Gm-Message-State: AOAM5332fUaI6+sLIjvBSkfsHL3mmXBJaWaUgiDpbHa8cvGgCqPT73FT UVMaI98u7kkheXa4Z96OwUH/Il1b7qujCg==
X-Google-Smtp-Source: ABdhPJyj129HkwVKa4UuJrbQcJP/t7Nwski8pcJd2+ABokom+bTwTHNPtlsYAuSAbSiQ/lmixsqVLg==
X-Received: by 2002:a05:6830:13ce:: with SMTP id e14mr12579406otq.356.1612205533778; Mon, 01 Feb 2021 10:52:13 -0800 (PST)
Received: from [192.168.0.109] (108-226-162-63.lightspeed.sntcca.sbcglobal.net. [108.226.162.63]) by smtp.gmail.com with ESMTPSA id q195sm3804296oic.15.2021.02.01.10.52.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 01 Feb 2021 10:52:13 -0800 (PST)
To: Michael Thomas <mike@mtcc.com>, dmarc@ietf.org
References: <CAL0qLwY5BbwvS9XXqBk=Mp074ntN=NeS97pJAxPBdQEZAsgohg@mail.gmail.com> <20210127203714.007C86CDB9CA@ary.qy> <CAL0qLwbN+HkGfvw79rPPvqL6jWWAsUtWY9X1gW=vAvoeQS8RHg@mail.gmail.com> <b7ea6cb8-ce79-7df7-c521-544358c1866e@crash.com> <dc398e7b-2fc6-f418-4e66-456a6c1189d6@gmail.com> <379e4493-1287-9dd5-5c8f-ae5adf949cbd@tana.it> <9aea1615-64a5-a310-b8c7-83ec0c316dae@gmail.com> <2f1cd9ea-487c-10a5-3fdf-2f4135574b51@mtcc.com>
From: Dave Crocker <dcrocker@gmail.com>
Message-ID: <96336f0f-a93d-a61f-c691-ce2a01f04d11@gmail.com>
Date: Mon, 1 Feb 2021 10:52:11 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0
MIME-Version: 1.0
In-Reply-To: <2f1cd9ea-487c-10a5-3fdf-2f4135574b51@mtcc.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/XHitquqX-8MBDKErE10n5hQwOjY>
Subject: Re: [dmarc-ietf] Forensic report loops are a problem
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2021 18:52:19 -0000

On 2/1/2021 10:25 AM, Michael Thomas wrote:
>
>
> On 2/1/21 10:13 AM, Dave Crocker wrote:
>> The model that a receiving site is not allowed to report DMARC 
>> traffic unless that site is also generating DMARC authentication is 
>> Procrustean.  And as I noted, is likely counter-productive. 
>
> There is no such thing as "DMARC authentication".
>
Actually, there is.  DMARC's requirement for alignment with the author's 
From: field domain name asserts a specific bit of authenticated 
semantics that does not exist elsewhere.


> The paragraph quoted is poorly written and should be rewritten to say 
> that the report should pass either SPF or DKIM authentication as I 
> wrote in issue #98.
>
It might be written better, but its requirement is for support of 
applying DMARC to generated reports.  That's more than just requiring 
SPF or DKIM.

This is separate from not asserting the requirement at all, of course.

d/

-- 
Dave Crocker
dcrocker@gmail.com
408.329.0791

Volunteer, Silicon Valley Chapter
American Red Cross
dave.crocker2@redcross.org