Re: [dmarc-ietf] Which DKIM(s) should be reported? (Ticket #38)
Alessandro Vesely <vesely@tana.it> Tue, 26 January 2021 12:50 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65C023A0AD6 for <dmarc@ietfa.amsl.com>; Tue, 26 Jan 2021 04:50:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.21
X-Spam-Level:
X-Spam-Status: No, score=-0.21 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_HTML_ATTACH=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vVMM3rgtYc8B for <dmarc@ietfa.amsl.com>; Tue, 26 Jan 2021 04:50:37 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D30E3A0AD5 for <dmarc@ietf.org>; Tue, 26 Jan 2021 04:50:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1611665433; bh=w61rJ7hch0ZG098+JgT+tVnwqJUBjINQtGTuXAIYQXE=; l=7750; h=To:References:From:Date:In-Reply-To; b=Cwii0WQ2oYL149FAK8DykRvJexuEYPlwAG7WjPRVmziXLja9/GmQeml0J54MeU/xi /14F6+M3DXdPFrGfBlEXT1V47dikwLh6ym/t9xGGTClIiu4fJRQi+GuYQ1Bw80fO5B zGSxQ7LQGakYEZCs0M+UGiUgzAkq7NF1eMwZZVN2SGe/9z9LPA+HN847WhdXg
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0D6.0000000060101019.00004A43; Tue, 26 Jan 2021 13:50:33 +0100
To: Douglas Foster <dougfoster.emailstandards@gmail.com>, IETF DMARC WG <dmarc@ietf.org>
References: <MN2PR11MB4351BD7203D41DB25771D3B3F7BD9@MN2PR11MB4351.namprd11.prod.outlook.com> <CAH48Zfwat5MmXrvfEp-G=0pTZe2fwwDOJ6s6M1FSWs6M50yk0w@mail.gmail.com> <MN2PR11MB43513C20B5A598496FFBA4AAF7BD9@MN2PR11MB4351.namprd11.prod.outlook.com> <7231cfb1-1553-fd11-e356-57b960c5bfdc@tana.it> <CAH48ZfwvBj3abrAEz1uK2UNyMOBAM1q3pH8cOmazn8VBow3ACQ@mail.gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <adcede1d-a260-7b78-9439-63eb706989e2@tana.it>
Date: Tue, 26 Jan 2021 13:50:32 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <CAH48ZfwvBj3abrAEz1uK2UNyMOBAM1q3pH8cOmazn8VBow3ACQ@mail.gmail.com>
Content-Type: multipart/mixed; boundary="------------6262F3770A673C70EF81536D"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/bYGXi5J6jjhbrYCLwwts2ke5EcQ>
Subject: Re: [dmarc-ietf] Which DKIM(s) should be reported? (Ticket #38)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2021 12:50:39 -0000
On Tue 26/Jan/2021 13:02:46 +0100 Douglas Foster wrote: > DKIM Scopes > I have not heard a compelling argument to require information about > authentication tests that are unrelated to alignment testing. For DKIM > specifically, I think one scope should be sufficient, on this hierarchy: > > - The best-aligned scope that verified, or > - the best-aligned scope that failed verification, or > - a no-signature result otherwise. > > Anything more complex imposes a gratuitous data collection burden on the > reporting domain and reduces aggregation significantly. On the technical > side, it has already been noted that variable-length lists are particularly > problematic for calculating aggregates. Let me attach an HTML rendering of a report I received today, so we can talk about something real. Lines with IP 4.31.198.44 bear a ietf.org identifier. I see no reason to remove it. It is useful for understanding the mailflow, which is what DMARC reporting is designed to do. > Aggregation Controls > > We have discussed whether the target domain should be included in the > report. I understand that doing so is not reasonable for the large hosting > services. On the other hand, including the target domain would be a > trivial matter for smaller operations, and I think it would be valuable for > some research. Similarly, DKIM scopes are known to be useful for most > investigations, but John has already observed that proliferation of DKIM > scopes can be used to force disaggregation down to the individual recipient > level. Even if this is a small example, learning the disaggregated, or even individual recipients does not help my understanding. Authentication is obviously conditioned by how the Mediator treats my messages. I expect that Fastmail Pty Ltd carries out SPF and DKIM validation using the same algorithm, irrespective of the recipient. That is what I, as a sender, am interested in. Splitting the report in 66 lines wouldn't tell me anything more, it would just consume more eyeballs. And is useless for people who sum up all reports and just look at the totals. In any case, I cannot verify if the messages I didn't send directly are real. If a multi-domain host allows personalized validation algorithms for some domains, I'd expect they send separated aggregate reports, if any. Best Ale --
- [dmarc-ietf] Which DKIM(s) should be reported? (T… Brotman, Alex
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Douglas Foster
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Дилян Палаузов
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Douglas Foster
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Murray S. Kucherawy
- Re: [dmarc-ietf] Which DKIM(s) should be reported… John Levine
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Brotman, Alex
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Brotman, Alex
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Alessandro Vesely
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Alessandro Vesely
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Alessandro Vesely
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Douglas Foster
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Douglas Foster
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Alessandro Vesely
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Douglas Foster
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Alessandro Vesely
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Douglas Foster
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Douglas Foster
- Re: [dmarc-ietf] Which DKIM(s) should be reported… Alessandro Vesely