Re: [dmarc-ietf] Forensic report loops are a problem

Dave Crocker <> Mon, 01 February 2021 18:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E89713A113F for <>; Mon, 1 Feb 2021 10:13:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NoDERgWA3tm2 for <>; Mon, 1 Feb 2021 10:13:05 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8377B3A0D74 for <>; Mon, 1 Feb 2021 10:13:05 -0800 (PST)
Received: by with SMTP id d18so19811537oic.3 for <>; Mon, 01 Feb 2021 10:13:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=30AF6NjwmnsU4Cu+wxRnumT68XXnyhDC5ZTNxWu/wHs=; b=j4xWqvJfC/+xMPZwgInV2Qbh3CiSWYHYoQm9cdC6T3xInr6phN+JPiTKPEOqvV7abT lASp84V5cHtVU9ZPcKkN9ope08ZKtCYIPujBRbgBnZZKbIKbocZArbZ0VD1cZn90TPcO 2o5UWx0OMn8WNz1CdLG1vz5HzShh6d3tTS4CTSMIOELVO8uc+TDaJR7H+05QnoLy/g+4 k51S1eT0+8vOcSAYcjB9+tF+adM/o1F+SM3K6BeJUWXHJ296724hFVWZP0H8533KGY5I N0f79yUkphMys5Aj6S/sG99SnUCNDrvooZao0vOAsi8WC/d40DnXechJ6O1dJ/i7LlGu RZvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=30AF6NjwmnsU4Cu+wxRnumT68XXnyhDC5ZTNxWu/wHs=; b=JkfEABADlITY0O+5DnpYx8wfCQG4hE9D6FZcO8Dm4ZsEdUHyXTim4zMz/5IrfkiaOY LGsgmrNPsyfHZb6mJBEeT3CQQM0dvCslg4EIj8wrCz+NPDDEuVE1aYwvnfzKbVwz6MJE mzjFG5Gx6jXPz1B7wlBN0mKZQaF4v/2QDY84Zt1x083/5w9qy9hVYjMQ95yMCN4j6A3C tLMVPchaEqitEBv5C1CGF7i4hj+3XgeWhlGmZwyDmJePKfsTeknJqYy4sHrj6Xr7sx4w nzVs3wYBq32LCUWuyVoI4wlv74iJy4zjR6J2P9C9EtAvcvW/i31Pijx7hhNdEDWUgs21 gOEA==
X-Gm-Message-State: AOAM530Cd5/wNXOCunYvCWtkSMvIv7bbeLMYkh0dYJsFkB2uaRFNttmn A7Mi1DZV0hZqA75qRnDZjJo1RHzWE62Vdw==
X-Google-Smtp-Source: ABdhPJwe8RW/NatwBIpXMkUSR3dVHZEMt/48002i26rHodVRt75OQYVku7nCHS9w5D++lieu9opqFQ==
X-Received: by 2002:aca:dc56:: with SMTP id t83mr80230oig.75.1612203184504; Mon, 01 Feb 2021 10:13:04 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id a76sm4655086oib.45.2021. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 01 Feb 2021 10:13:03 -0800 (PST)
To: Alessandro Vesely <>,
References: <> <20210127203714.007C86CDB9CA@ary.qy> <> <> <> <>
From: Dave Crocker <>
Message-ID: <>
Date: Mon, 1 Feb 2021 10:13:02 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------152ADBFD33EA181060980680"
Content-Language: en-US
Archived-At: <>
Subject: Re: [dmarc-ietf] Forensic report loops are a problem
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 01 Feb 2021 18:13:07 -0000

On 2/1/2021 10:08 AM, Alessandro Vesely wrote:
> On Mon 01/Feb/2021 17:38:07 +0100 Dave Crocker wrote:
>> Consider the challenges to ensuring a DMARC pass.  That's a pretty 
>> high barrier to entry against generating reports.
> Well, if a mail site is unable to get a DMARC pass, they have more 
> urgent problems to solve than setting up aggregate report generation. 

No, they probably don't have more urgent problems. Sites choose not to 
adopt DMARC for a variety of reasons. It's probably a good idea to 
respect that variety.

The model that a receiving site is not allowed to report DMARC traffic 
unless that site is also generating DMARC authentication is 
Procrustean.  And as I noted, is likely counter-productive.

I understand the zeal that drives a lot of the effort to promote DMARC, 
but the danger with aggressive proselytizing is that it changes from 
serious technical and operational evaluation into purely religious fervor.


Dave Crocker

Volunteer, Silicon Valley Chapter
American Red Cross