Re: [dmarc-ietf] Ticket #61 - Define and add a simplified (redacted) failure report
Alessandro Vesely <vesely@tana.it> Sat, 12 December 2020 10:36 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 652063A0FF0 for <dmarc@ietfa.amsl.com>; Sat, 12 Dec 2020 02:36:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.121
X-Spam-Level:
X-Spam-Status: No, score=-2.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s1xPhUdkrrW4 for <dmarc@ietfa.amsl.com>; Sat, 12 Dec 2020 02:36:44 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B40EB3A0FEB for <dmarc@ietf.org>; Sat, 12 Dec 2020 02:36:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1607769401; bh=U7sV9omDEuZS2ROYzYspNi8qiTad2SRuGZalYXrNc9Q=; l=2657; h=To:References:From:Date:In-Reply-To; b=C4GixwPxejWe74dp6hNZxDGtYl1TQWO5YQuLNGcfZEEZ/Yeas/TisV7+oNP48ER9J adF6EcHyM/lgO96RR/PsJJ7kHxGED8AkmB87fg2Zhz6or6y+RkU5wGxILOajdoou+J 9u0KdyHe/aybnVFR3lOOYnUTj/Ud4FkOixJEEX889aGJTbR+Zu0iALHHW+rKT
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC056.000000005FD49D39.00003732; Sat, 12 Dec 2020 11:36:41 +0100
To: Jesse Thompson <jesse.thompson@wisc.edu>, dmarc@ietf.org
References: <609e1c9b-cc4d-d7d1-0fa8-79f515c1eee4@tana.it> <20201209185246.1D40C29474C4@ary.qy> <CABa8R6sU0RQLSBA2LRk4mnkpzWVP5qBMbbHeTaw6VdgG02preQ@mail.gmail.com> <CAL0qLwa04NVQyP+=4o905ZF-e+NxmHhQqXZ5sGbdU9x8T3jSjg@mail.gmail.com> <CAOZAAfNUGVriJfjhQCo_3phg_pajfJsComr8zJBZcL9_Ucy3Nw@mail.gmail.com> <cf5a0365-b389-3589-48f4-333023caa7ce@wisc.edu> <747eae71-24e7-fd05-2123-2c22ae4588e8@tana.it> <20575bf1-3813-4b3c-e59c-54e38b0da670@wisc.edu>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <5b54d4e3-6bec-2e88-1071-befe236c9812@tana.it>
Date: Sat, 12 Dec 2020 11:36:41 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <20575bf1-3813-4b3c-e59c-54e38b0da670@wisc.edu>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/XrFM1VzN3TKzTx_wxH8NKANIC18>
Subject: Re: [dmarc-ietf] Ticket #61 - Define and add a simplified (redacted) failure report
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Dec 2020 10:36:46 -0000
On Fri 11/Dec/2020 18:24:16 +0100 Jesse Thompson wrote: > On 12/11/20 7:48 AM, Alessandro Vesely wrote: >> On Thu 10/Dec/2020 17:59:54 +0100 Jesse Thompson wrote: >>> On 12/9/20 10:28 PM, seth wrote: >>>> As an individual, I feel extremely strongly that failure reports should go away in their entirety. Although Jesse Thompson has outlined a use case that really has no other good solution, and is equally true in other large complicated organizations. >>> >>> To be clear, I'm not advocating for this From/To use case, but I know of universities who would. There's at least one who cleverly flattened their SPF record to include every known sender specifically because they had no mission to change the way their institution distributively sends email. That is the type of organization who *may* want From/To data, assuming they want to do more validation before adding yet another IP to their SPF. It's a stretch in my mind. >> >> I'm not clear whether you're talking about sending or receiving reports. Received: chains are key for evaluating addresses to add to SPF records. I don't think it makes sense to specify their omission from > > Only the last hop from the receiver's viewpoint is really needed for a domain owner to assess gaps in SPF. That's already addressed with aggregate reports. What's missing is the additional context that the failure reports are intended to provide, to help domain owners determine if the IP address which sent the message was legitimate. Of course, received chains are helpful for troubleshooting. There's no "right" answer regarding the balance of useful information vs privacy, so I'm suggesting that we put things like this on a spectrum of usefulness/privacy-concerning. Thus far, the spec doesn't discuss what to redact, except for mentioning local parts of email addresses. >> My guess at why an organization may want to send only From/To rather than a possibly redacted text/rfc822-headers are as follows: >> >> * It is too hard for them to asses the risk of including unknown header fields, yet they must do it before enabling ruf, >> >> * the software they use doesn't have an option to redact PII, or (unlikely) >> >> * they try to save bandwidth and disk space by reducing that ghastly pile of freaky fields that infest message headers these days. > > If sending only a limited amount of information is considered an acceptable alternative to full/unredacted information, it might help encourage these organizations to send failure reports, perhaps? I'm surprised that the request in this ticket proposes to send only the two most sensitive fields. Best Ale --
- [dmarc-ietf] Ticket #61 - Define and add a simpli… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… John Levine
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… Brandon Long
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… John R Levine
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… Jesse Thompson
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… Brandon Long
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… Murray S. Kucherawy
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… Seth Blank
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… John Levine
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… Jesse Thompson
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… Jesse Thompson
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… Jesse Thompson
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… John Levine
- Re: [dmarc-ietf] Ticket #61 - Define and add a si… Alessandro Vesely