Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help

John Levine <johnl@taugh.com> Mon, 25 January 2021 18:47 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F10D33A1735 for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 10:47:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.049
X-Spam-Level:
X-Spam-Status: No, score=0.049 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=OFZjOm+t; dkim=pass (2048-bit key) header.d=taugh.com header.b=IWkf8l9g
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8LC90HEH6SQc for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 10:47:58 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C7503A0F06 for <dmarc@ietf.org>; Mon, 25 Jan 2021 10:47:58 -0800 (PST)
Received: (qmail 79694 invoked from network); 25 Jan 2021 18:47:57 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=13749.600f125d.k2101; bh=f0xrmXSIn2WZ6ANCVpikY5yDbXgM6ZTkr0J4XLzlEkA=; b=OFZjOm+tK2JpZok3L8YlVrWUfwqRpqOJ07aO13EE8b27exMR8/EpbeH/CsxiOGuKPQFu44/9DV5FR2+6r/Sfu8RP8Oh6eAazTIpNiBysSQceM6nv2guK7q9IQdQ12uI2NPEadKvm9Lrby2rI96qMaoBgjo8wYiRjZj1anu/NkZSgpk01MKLFXGZpRy4Wr9PTSOB6T7c2Rn/J6FvF6h10u4y6+VBc5cnXn7xs3E6M8WKzgGDqKvWbGEzp7P7mzUTHwwc74eJ8fmdyfNbuQod6fjK1jq8/nz+WOwAGV7YNMEAkZinnKT0n2AhHm0xsv2+0zzFLSHyPpY3PyQ2r4+7Whg==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=13749.600f125d.k2101; bh=f0xrmXSIn2WZ6ANCVpikY5yDbXgM6ZTkr0J4XLzlEkA=; b=IWkf8l9gjTnzWspudW8MtHZDhStc0QiZ20dlVhs+8VDyfe2uokYLowX33fTuUTZGQCtvKwDFzaenYXOWAs+B4FcA4A9GL9QEOKTkhIttiR0dHzV/h1OPtNIzHcHcPw0K9GmQXPCSZRz14ikJLpmOt0f5t0LV9JLFS42dhZJ/cgnZs1v/LxH7OkeQJlAol4kaE48Qqi72tlSrKoF+9SBGHl3MdJowuaA0KbwjKSEl4HkZckI++42vr2Uq9ZOXtflgayRCH1M/ltakGKSk85bfaXt28h57HK5u2yGMp/9XwKB5kJF663vGEJ3FrB/ipfXlTuDBfKpiebtytp2TSxagkw==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 25 Jan 2021 18:47:56 -0000
Received: by ary.qy (Postfix, from userid 501) id A13A76C1384D; Mon, 25 Jan 2021 13:47:55 -0500 (EST)
Date: 25 Jan 2021 13:47:55 -0500
Message-Id: <20210125184756.A13A76C1384D@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: mike@mtcc.com
In-Reply-To: <ddb67702-01e7-783d-9fa6-3e427542092c@mtcc.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/cl4OK6dGdtYseH4uL2cBcryCSIY>
Subject: Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2021 18:48:00 -0000

In article <ddb67702-01e7-783d-9fa6-3e427542092c@mtcc.com> you write:
>> I continue to believe that authenticating the domain sending reports
>> is of no value, since there is no way to tell what if any connection
>> that domain has to the IPs in an aggregate report or the IPs or
>> domains in a failure report. If I wanted to send fake gmail failure
>> reports, I would register gmail-reports.com and send 100% perfectly
>> aligned fake reports from that domain.
>>
>I send mail to gmail. I send no mail to gmail-reports. If anything you 
>are demonstrating even further that this is at best underspecified.

Hi, Mike. When Google sends aggregate reports, what address do you
think they send them from? It should be easy enough to look at some of
the reports you've gotten and check.

R's,
John