[dmarc-ietf] reporting security requirements
Michael Thomas <mike@mtcc.com> Mon, 25 January 2021 20:41 UTC
Return-Path: <mike@fresheez.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF7803A18B1 for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 12:41:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.15
X-Spam-Level:
X-Spam-Status: No, score=0.15 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YXxSvzdGRZjl for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 12:41:38 -0800 (PST)
Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB6123A18A7 for <dmarc@ietf.org>; Mon, 25 Jan 2021 12:41:38 -0800 (PST)
Received: by mail-pj1-x1029.google.com with SMTP id g15so370320pjd.2 for <dmarc@ietf.org>; Mon, 25 Jan 2021 12:41:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc.com; s=fluffulence; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=BmxhTgnWLsZulRCZ89d0MFUr0Omq3jOCRLmiPbAJSSQ=; b=TK4IsoSsJgWiQSHUj9Jvn0W0iysEMMVQkbK8x6m3a0+46vFpK8FrVc+f/SFJrkbo+d Cmpeo9dEj2d7NSve8zq6j63mtqGl33ntgXEqIBmZz4l1GnJUqjXjNyJdgrUtWevVfZrA XV8aGjDD0OQvfOwO+2mv/pG/9NiIv5JdueO4czkf/6Dq8z9uDXqxdcwuY2SV4esqXhiX g0RiLOafURHcV7MZU7aJAopRGWeh6hXdXNLqZWo5M94GaaXWpTQKVEJuFPJo9yRwJpzr HGcmei7fVG8hJziJfQaVj386ls7pbMWRymVksGMscdYW9VW4AWaTQLNilk0r6rp/K2vN 0rzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=BmxhTgnWLsZulRCZ89d0MFUr0Omq3jOCRLmiPbAJSSQ=; b=TGpSTaPzIXf3/dRt7FjiV4Zx6lzRUhQ3odcRq+G+xfTNhdEFDXddtKNDeFtdy6USHR 9a7eW7EIhejWMBarG3E38Se414bNfi7qDOpDmckXmSGNrSLLt6Y5IB7a7LAebSDblVKO nR4x8qLJHA9hx4BIMQz40iBsNiDyKbYvvxIXfpnAD8DF1fdDhBm/msRxO3WNOmruC57z SprWIELoFfOV8hla/OIysR1k30sqoRNZ0c0p83sOHUr7kNS6ARDXXb8eFgv4D/K8+CNZ sQv1ZFyFT9TfgLNBd+qQq+DIY+8ml6lfHhgW1Uzcp/fKl6ODUoy96rYHJYAledf800b3 Wf9w==
X-Gm-Message-State: AOAM531+oZS23T2bUM1yajJgALNs8/LomNU90YxDSo9ANrJe0z3+tNXc ZZihdB9CL3JWLQSlyIrss0IAAYCXJzosog==
X-Google-Smtp-Source: ABdhPJxj/AXRTVuRXC9jaEIjLS1b8YbxSDx6S+WfvNnxeSi1StXqFcN9mP+bTL0SCcSrAHhsSY2W5A==
X-Received: by 2002:a17:902:bcc7:b029:de:3c03:f45f with SMTP id o7-20020a170902bcc7b02900de3c03f45fmr2290145pls.32.1611607297845; Mon, 25 Jan 2021 12:41:37 -0800 (PST)
Received: from mike-mac.lan (107-182-35-22.volcanocom.com. [107.182.35.22]) by smtp.gmail.com with ESMTPSA id s187sm17309016pfb.161.2021.01.25.12.41.36 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 25 Jan 2021 12:41:37 -0800 (PST)
To: Seth Blank <seth@valimail.com>
Cc: "Murray S. Kucherawy" <superuser@gmail.com>, Douglas Foster <dougfoster.emailstandards@gmail.com>, IETF DMARC WG <dmarc@ietf.org>
References: <34317129-8225-fb38-4ad3-e1b9ffed21fb@iecc.com> <9c84fa50-d23c-a794-fc62-09788ac383a9@mtcc.com> <CAHej_8mTaFo7aESFk4pHjbqbheriYPoAy6f+HhcE6ASVJSyViA@mail.gmail.com> <df867378-5da0-b912-2a0f-b2081d1f2437@mtcc.com> <CAHej_8kfCC1H89pRjgxXK=+BizJHFdKgnr7Gxh_2wWq8P7L-0Q@mail.gmail.com> <a94cb6c0-0a32-da8d-4bd5-9c7ab2866c82@mtcc.com> <CAH48ZfxkQ9g-gmBOPdDsxr4RDvXOi56EaX=aJVDbuL_g7kR+xQ@mail.gmail.com> <CAOZAAfOB93fpYRjwxgQNkG-ydVHLtvgUp0LLROvv-F-amJVy4w@mail.gmail.com> <b9e8da8e-f46a-49c0-4196-1d50ed94d526@mtcc.com> <CAOZAAfPh4kYq0yXhtP9BaPmtP_rc7L-0f=r3Ff_P3oxrhYqvtw@mail.gmail.com> <fd74120f-bfad-ef51-64d7-2f8ec4f00fab@mtcc.com> <CAL0qLwaPmMGR48EUhNkmZTozjoiTMnC6Rfmjdo9vLYD6ZhNoAw@mail.gmail.com> <CAOZAAfMcQ3HCrQAgKWeK-n2Acf+COK+E3HuCauh8g44KiWj=ng@mail.gmail.com> <25ea488b-e432-75c4-c57a-01d03308208c@mtcc.com> <CAOZAAfP5n15=Ez6_SFmkyDOyF=mpD8npZJmJujKP1vw322fGLg@mail.gmail.com>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <2f73843f-eaec-5bb7-c59c-08ff387418e3@mtcc.com>
Date: Mon, 25 Jan 2021 12:41:35 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <CAOZAAfP5n15=Ez6_SFmkyDOyF=mpD8npZJmJujKP1vw322fGLg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Xz2FeBfU8ALzoOVGe01D0yuwbK0>
Subject: [dmarc-ietf] reporting security requirements
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2021 20:41:40 -0000
On 1/25/21 10:02 AM, Seth Blank wrote: > Michael, are you aware of anyone not following the guidance in the > document? This thread feels like we're discussing a non-issue. > Aggregate reports are already required to be authenticated and I'm > unaware of anyone sending failure reports, let along unauthenticated > ones. Is the language causing problems? Such problems have not been > brought to the list, and would be a good place to start if you want to > build consensus. From the looks of it, it doesn't seem like the security requirements of reporting was ever undertaken. There seems to be a wide range of disagreement even if there was given the thread from which this came. From there is actually text, to don't know if it's an issue, to there hasn't been a problem before (as if that were some sort of barometer), to authentication might inconvenience google, to contradicting your assertion that authentication in the way you mentioned can be done. Since this is going to proposed standard from informational, that is not a very good state of affairs, IMO. Mike
- [dmarc-ietf] Tickets 98 and 99 -- fake reports ar… John R. Levine
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Todd Herr
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Todd Herr
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Douglas Foster
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Seth Blank
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Seth Blank
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Seth Blank
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Murray S. Kucherawy
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Seth Blank
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Seth Blank
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Seth Blank
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Todd Herr
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… John Levine
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… John Levine
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Douglas Foster
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Douglas Foster
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… John Levine
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Todd Herr
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Alessandro Vesely
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Alessandro Vesely
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… John R Levine
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Alessandro Vesely
- [dmarc-ietf] reporting security requirements Michael Thomas
- Re: [dmarc-ietf] reporting security requirements Seth Blank
- Re: [dmarc-ietf] reporting security requirements Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Todd Herr
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Steven M Jones
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Seth Blank