IETF Logo Mail Archive

Re: [dmarc-ietf] Guidance around constructing an AAR when multiple AR headers are present?

Brandon Long <blong@google.com> Wed, 24 May 2017 23:10 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8092C1288B8 for <dmarc@ietfa.amsl.com>; Wed, 24 May 2017 16:10:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nfRXue9wKp0W for <dmarc@ietfa.amsl.com>; Wed, 24 May 2017 16:10:20 -0700 (PDT)
Received: from mail-oi0-x231.google.com (mail-oi0-x231.google.com [IPv6:2607:f8b0:4003:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 870FC126D05 for <dmarc@ietf.org>; Wed, 24 May 2017 16:10:20 -0700 (PDT)
Received: by mail-oi0-x231.google.com with SMTP id h4so260962713oib.3 for <dmarc@ietf.org>; Wed, 24 May 2017 16:10:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=hrqAY4AE07BBp77QkLDLQwhrQdyL0Dob3NTOmc6sqYI=; b=NBuzmIFvGcP8AQz+lH4mYgq+2PAUDRu5dca66Qzfqitou+ZLrohmYShDbuooNgWy5R o5+Z6wSLnuxvIAh9MYloAdiB5O8TFQNbqtoh85vnqvvVxJnrQ19Hkex7XFgy1hqljHBa x0jD0kX2UUl5q2yW6Dk4J1TgbwQ8a11uuZnqRt8Khy0nO5oQSv3kFIhzAUbCjcJ5IvKs I91N12k7cCzmxrn1B8lRoFYo5YiiH+H9+eAJj3HN+bfFL9YdUtiaBJpr5TQ0rZN18KB/ SW8NuwOD0X75p8ROsR+CmH6ZtiPO4oR+LMuJPr2R1i0KGR/wSMCkkRwoFhH6FE5lRSbt hNSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=hrqAY4AE07BBp77QkLDLQwhrQdyL0Dob3NTOmc6sqYI=; b=rm/NIj4FSUbHI3Vmb3FyT2pxgK8IxLC2HV24tv8WrajrbkwYiGULgYjpIJla1hr4di hgxN9Om7/JD4Tgj96y/1SsicPtpDJ/WsPN3/5EgVJGC4WCBXBx6noD3wTO8WqchaZjJ1 SM9QS2gAs5Ili1aBHdGWZDVLLC8Ji8V4RgBk0nz3lBZu1e5wezknNQb/T/a6KIeLKQrd n+cIOTf4b8+m3O5fcthAvdOvDojGMFbsfzUQbRe1olQj4r76qMqk149o0NRMtTtF6BZ/ UFKDbsIzrhyYcEoC7uvil7Aqijr7kKRVmcsuuRykyogcNNqwajyWriOVCu6WBb1w4Yxc nNAg==
X-Gm-Message-State: AODbwcDnVoYKkmCczFePCs5OwWTPVsQoce88NBeOAFvwkp4iSV9/+cVF JQ+YxH+pXu5uznO4VLeMqmPv0Qamtjrbc8g=
X-Received: by 10.202.178.85 with SMTP id b82mr17013855oif.51.1495667419690; Wed, 24 May 2017 16:10:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.8.34 with HTTP; Wed, 24 May 2017 16:10:19 -0700 (PDT)
In-Reply-To: <20170524192617.36732.qmail@ary.lan>
References: <CAOZAAfOsRrQF2M3NzcB3h2Tc03mtFfG8mOJ0pqU+_cx=whcBLQ@mail.gmail.com> <20170524192617.36732.qmail@ary.lan>
From: Brandon Long <blong@google.com>
Date: Wed, 24 May 2017 16:10:19 -0700
Message-ID: <CABa8R6v4oGpFYeO8qGaKpbocr6f8V_+Hf7XavZ0h12d1RgWLBQ@mail.gmail.com>
To: John Levine <johnl@taugh.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>, Seth Blank <seth@valimail.com>
Content-Type: multipart/alternative; boundary="001a1146ac5e41271c05504d3550"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/b1Vglg8lcgnhp69pKR7-jDTrkxE>
Subject: Re: [dmarc-ietf] Guidance around constructing an AAR when multiple AR headers are present?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 May 2017 23:10:22 -0000

On Wed, May 24, 2017 at 12:26 PM, John Levine <johnl@taugh.com> wrote:

> In article <CAOZAAfOsRrQF2M3NzcB3h2Tc03mtFfG8mOJ0pqU+_cx=whcBLQ@mail.
> gmail.com> you write:
> >Looking at random messages on this list, I've seen anywhere from two to
> >five AR headers per message. Locally, with opendkim and opendmarc running,
> >there are three locally generated AR headers that get passed to openarc.
> It
> >looks like seeing multiple AR headers is going to be a common occurrence
> >for ARC implementations to handle.
>
> When I take a look, I only see one, from ietfa.amsl.com.  If I were
> having the list mailed to me, I'd expect to see two, that one plus the
> one my system adds.  It is rather peculiar to have multiple headers
> with the same service identifier, since section 5 of RFC 7601 says
> that you normally delete exsting A-R headers with the same
> authserv-id before you add a new one.
>

Section 1.6 specifies that you would delete them on entrance to the ADMD,
and 2.1 seems to specify that multiple are allowed, and example B.4 shows
an example where multiple are used.

On my system, the SMTP daemon calls the spf2, opendkim, and opendmarc
> libraries, and then puts all the results in a single A-R header.  For
> example, when I look at mail from a list I forward to a gmail account,
> I see one A-R header from mx.google.com, one from my system, and maybe
> one from the original system.  I think that's more typical.
>
> >Is this a problem the group thinks needs discussion?
>
> Only if there are a lot of MTAs that don't report their results in one
> header.
>

I think the default using the open* libs is to do so, so probably.  OTOH,
how to do so seems fairly obvious, I'm not clear on why doing so needs to
be specified.  Being sure the spec specifies that only one is allowed,
definitely.

Brandon

v2.23.0 | Report a Bug | By Email