[dmarc-ietf] Fwd: Reports helping spammers? (#81)

Douglas Foster <dougfoster.emailstandards@gmail.com> Tue, 26 January 2021 01:33 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 780D73A1AA8 for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 17:33:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id AfSOAsu0LSK8 for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 17:33:54 -0800 (PST)
Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com [IPv6:2607:f8b0:4864:20::e36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B79673A1AA7 for <dmarc@ietf.org>; Mon, 25 Jan 2021 17:33:54 -0800 (PST)
Received: by mail-vs1-xe36.google.com with SMTP id o125so8251715vsc.6 for <dmarc@ietf.org>; Mon, 25 Jan 2021 17:33:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=+HsnORCwOJ5yYlEu4FcAu6xhqnazbX+y9Nz/nZRNDls=; b=TBKZbiSmfVlT/bVFlGuKOFByalWF4R8kfeSmF+UlNk43yyHRna8DuHFPGg4664aehK 1iN7RwGYTxzjp47g+/fNxnQVYAlX/quso+InhjpTpambIaApPpSya2xGkFCohLS+BRPV 1zwsyZQEPCUh7BoVN7zNuqHViVmT5eHe3wKYtF/yu24k79UMPRdXCFzWPwbeNGTh4laK UV6gb4ZzgG5M+S6zsJ+nlNflbHZMNyyyzIXCyGyQFeI6C5cO3/hnCBinh4EU8lqwwxEa S6xf8vl1GwU0PTOsXXR4qnxSbEcL2IUZzhRGUUevbH0hFdDIsDSpJuyk070Y73Kt8pqE NOwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=+HsnORCwOJ5yYlEu4FcAu6xhqnazbX+y9Nz/nZRNDls=; b=OvUU4oiznN4tfuL4gKOOg8OUrJ+WbIiUkj6UbsspBFoUxYCuzrPY+TnjwuKhfp94pe 3WhS+HoPgQEmFbXpAbHJRd9xGuMlW0HcBeXZvtciOAOgGsEaOZoUUpFAQyhBB3HDnBHo gHFrjBrlikmb6cleK2cHd5LnJnEP4LDnU03g8pvn8D8sL17RF8lkpZPwrNNUclVsOFYC K26h2xNjKf1Ugh+bnSp+RVHGoRXSBV625XNhCVbPoydOg3HMqcI+baCFrrpJVX3iwlw4 XJXjceAjm8g5nfkL/cz/VpZBFM/soYivNI98oKKtGwhgphHyyaECFXKfOHiJSRRZLgfi 9RyQ==
X-Gm-Message-State: AOAM533Ft1yJU5KzQVmQzKPsmnLlMXOBmb7RU6FbFQUKrPFF94XHhNd8 sF2y+qSt4YBZsMpHTgLlje5dpRCY6No4rPsL1BCtrF9Ak7Y=
X-Google-Smtp-Source: ABdhPJyHYEJzcMh/1whxhbf4vR8WCyzKkWse1GG0285hPGgGduKdLj38GZjJnso5Ve6l7ViXC2BTRdoqkuE/tTIO7yA=
X-Received: by 2002:a67:c29e:: with SMTP id k30mr2868604vsj.45.1611624833437; Mon, 25 Jan 2021 17:33:53 -0800 (PST)
MIME-Version: 1.0
References: <20210122224018.E63E06BF246B@ary.qy> <3a6b6650-0276-d59b-54fa-5a3ec41a44a0@tana.it> <CAH48ZfyvjDQoqQp29LG07tz4g_eRMRboJdQ=qK8kzhyyknbMCg@mail.gmail.com> <e9f251cb-a823-4933-2ea2-4cd258bba8e0@tana.it> <CAH48ZfwxJ4nNmGExCJ=n+Zgz95xwmTNKgr6DJbtE0nd9uJVf0A@mail.gmail.com>
In-Reply-To: <CAH48ZfwxJ4nNmGExCJ=n+Zgz95xwmTNKgr6DJbtE0nd9uJVf0A@mail.gmail.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Mon, 25 Jan 2021 20:33:42 -0500
Message-ID: <CAH48ZfySsxEj3OOA8TEskm_MhMGKcTQUZWghcEZxTmoZJv1siA@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b553f305b9c3a5de"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Z6B52tVuOiEBJ2dK35_Ze361tB0>
Subject: [dmarc-ietf] Fwd: Reports helping spammers? (#81)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2021 01:33:57 -0000

---------- Forwarded message ---------
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Mon, Jan 25, 2021 at 8:32 PM
Subject: Re: [dmarc-ietf] Reports helping spammers? (#81)
To: Alessandro Vesely <vesely@tana.it>

Yes, I think you are right, the information loss to bad actors is limited,
while the benefits of information release may be pretty valuable to good

For reporting users, a "non-aligned" raises important questions:   If it is
a legitimate forward, the sender probably wants it accepted.   If it is a
legitimate forward that the sender wants delivered, but the recipient
blocked because of DMARC, then the sender has to decide whether to drop
back to p=none or From rewrite.  All of this is much easier to evaluate if
the sender provides some disposition feedback.   I think we can say
something along these lines in the security considerations.

You said that the disposition="none" or "sampled out" should only mean "Not
blocked because of DMARC evaluation", without making any indication of
whether the message was blocked for any other reason.   I will rest easier
if this concept is articulated clearly in the document.  It is a big
document and I tend to read it in pieces, so perhaps it is there and I
missed it.

To my original question, I don't think I would ever send a report to a
domain that has a negative reputation, or a domain with no reputation that
came from a source with negative reputation.   I don't want those people
talking to me, so I have no intention of talking to them.   That still
allows for notifying positive-reputation domains if a negative-reputation
source abuses their domain.

Doug Foster

On Mon, Jan 25, 2021 at 6:03 AM Alessandro Vesely <vesely@tana.it> wrote:

> On Sat 23/Jan/2021 15:13:53 +0100 Douglas Foster wrote:
> >
> > I can fully endorse Murray's position that alignment reporting is
> beneficial,
> > even when the sending domain is malicious.   However, it is also
> off-topic.
> >   My focus is on disposition reporting, not alignment reporting.
> I see.
> > Bottom line:  The perceived risk of disposition reporting will differ
> with each
> > person, and therefore with each reporting domain.    The specification
> would be
> > improved by providing a way for skeptical domain owners to redact
> > information that they do not wish to disclose.   Currently, the
> options are to
> > (a) not report at all, or (b) report ambiguous and slightly misleading
> > information such as "dispostion=quarantine, overridereason=other".   A
> better
> > option would be to have options to state "dispositioin=not specified,
> > overridereason=not specified".
> The information that reports actually disclose is when they say why the
> disposition differs from what the author's domain asked.  That info is
> given in
> the comment field, which can be "forwarded", "sampled_out",
> "trusted_forwarder", "mailing_list", "local_policy", or any other reason.
> This
> field is already optional.
> Saying "none" without explaining why doesn't really disclose much, does it?
> Best
> Ale
> --