Re: [dmarc-ietf] How are ARC results processed, relative to DMARC?
Seth Blank <seth@sethblank.com> Tue, 15 August 2017 22:41 UTC
Return-Path: <seth@sethblank.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44A4113242D for <dmarc@ietfa.amsl.com>; Tue, 15 Aug 2017 15:41:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sethblank-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ZIggzBXvhuL for <dmarc@ietfa.amsl.com>; Tue, 15 Aug 2017 15:41:00 -0700 (PDT)
Received: from mail-vk0-x22a.google.com (mail-vk0-x22a.google.com [IPv6:2607:f8b0:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96CD71323B1 for <dmarc@ietf.org>; Tue, 15 Aug 2017 15:41:00 -0700 (PDT)
Received: by mail-vk0-x22a.google.com with SMTP id u133so7052242vke.3 for <dmarc@ietf.org>; Tue, 15 Aug 2017 15:41:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sethblank-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=5ia3fQEL607xYLURqebTh6cZhcUiu2/wWGiSjO3pcbA=; b=b1/TrFeHU6EOEoQ0eVxATAbzWhqP1wx6Rsz5AhlRCHiJlMTT6KfasZeRy2z+5aV5Sh zf260ZdxCwUNNHFG+jjfTWFU7VHi+WrxLCsbTXj9KW0BZ+EP3Q8kG8HYhcTirnbCDoRD cWFoXpx8o7Z9CL+NcWKrrp7FUNMvntHfSnYV5+YrqsWqSrx+YQrJReB9eVV+2t3C2FYi d2V4WohufpFJbXtrEfzTSniJji9PduwP8zN0jp1USjfgbSelRvD2RWNeVn6KwX/qjdD1 uEkCdAr03zdthiL9on5mFZIiM5S0DCDuoFTyvTV1P4vMSKhr8Sf9rodVWL+8aErcdzEa ULPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=5ia3fQEL607xYLURqebTh6cZhcUiu2/wWGiSjO3pcbA=; b=BnezaHQZTtdD+IqCSUkrrYfBYWKmw97ksaHThMqQQ3O1bjvMHoaWEKHTBMghMERQo6 uwTL1jP1ny9I1hRKOA2vBoooNtiEz69JqlC7RBWF0C1otgZ0NCUDwkIOpkcCX+XIpmBp wSH8HUdD4tGpNxMTWGVCHVdNegTjFUF/yezShfL5CvV3gMDYP46UPyOXdpvdDmEbGkCA ZmeO4iQm64cNueFB4BX1hlxAXGIgzzTRf4ynW9Hn/rbly52UMNohVay3tT4LjSHNKMY1 GH2IHSINHrppxTE6wNYKNED5lOtVIOhAzQwe33Mp+DXxzoVg7HMCwxYDOIwFA4I9pErr hVfw==
X-Gm-Message-State: AHYfb5jjsIpvto5KjQDMn56jQnJIjnzvt+qawKHCREiqlOYX5Ymgc9xj TTDeosbf83rPasi/cOz2GDfGu45vpDRBfrk=
X-Received: by 10.31.3.99 with SMTP id 96mr18997956vkd.185.1502836859405; Tue, 15 Aug 2017 15:40:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.151.25 with HTTP; Tue, 15 Aug 2017 15:40:38 -0700 (PDT)
In-Reply-To: <CABa8R6tSdBRuTWutmP=wm1PyG0_=kDBVbTug_3OBYi8tzzbzEQ@mail.gmail.com>
References: <47f775ab-5cd3-ff00-1fb1-19328f8507e9@gmail.com> <CABa8R6tSdBRuTWutmP=wm1PyG0_=kDBVbTug_3OBYi8tzzbzEQ@mail.gmail.com>
From: Seth Blank <seth@sethblank.com>
Date: Tue, 15 Aug 2017 15:40:38 -0700
Message-ID: <CAD2i3WMy1iEVNFfUB6AeEqBUu64OX7U5zDh+V=iH9pK_vZ4oEw@mail.gmail.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="001a11426cd22920180556d279f0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/d0CnPl0PP_rD98LFSSs8SkNQ1vs>
Subject: Re: [dmarc-ietf] How are ARC results processed, relative to DMARC?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2017 22:41:03 -0000
I'm on the same page as Brandon. Additionally, earlier on the list and also in Prague, it was discussed formalizing DMARC reporting for ARC in a separate document, which would extend/override 9.6.2 of the current spec. On Tue, Aug 15, 2017 at 3:18 PM, Brandon Long <blong@google.com> wrote: > For our usage, we still consider dmarc=fail, and then include the actual > disposition (dis=) in the comments in the auth-res header. In the xml rua > report, we would then specify in the PolicyEvaluatedType the actual > disposition and the PolicyOverrideType of local_policy with a comment > saying arc=pass. > > This is all said explicitly in draft-ietf-dmarc-arc-protocol-08 9.6.2, > though it does this with the fragment of the dmarc report instead of in > text. > > We could expand this to something like... > > ARC is not used in DMARC evaluation, the DMARC result is independent of > ARC. ARC can be used by a receiver to override the Domain Owner's policy > and apply a different disposition from what they asked for. In that case, > it should be reported as a DMARC fail with a PolicyOverrideType of > local_policy. > > Brandon > > On Tue, Aug 15, 2017 at 11:42 AM, Dave Crocker <dcrocker@gmail.com> wrote: > >> G'day. >> >> ARC is motivated by a desire to deal with a class of DMARC failures. In >> that context, it can be seen as 'augmenting' DMARC, even though it is >> formally separate from DMARC. That is, ARC doesn't and shouldn't specify >> how ARC is used in a DMARC context. But there needs to be some >> understanding -- and I suspect a spec, somewhere, eventually -- that says >> how to integrate ARC into an engine that includes DMARC. >> >> BTW, the DMARC spec uses the terms 'pass' and 'fail' with respect to the >> underlying authentication mechanisms of DKIM and SPF. It also uses it >> within the context of DMARC processing, itself, but it does not define what >> those terms mean, in that context. Beyond reference to DMARC 'policy' >> records, text in the specs that talk about processing DMARC policy is >> similarly implicit, rather than explicit. The only clear, explicit >> directive about DMARC outcomes seems to be Section 6.6.2 #6, Apply policy. >> >> An example of possible confusion in the case of ARC: does DMARC still >> 'fail'? Yet the whole point of ARC is to create the possibility of still >> getting delivered, in spite of this. >> >> So, were one to write something to augment the DMARC spec, in support of >> ARC, what are the kinds of text one ought to formulate and how should they >> be linked to the DMARC spec? >> >> d/ >> >> >> -- >> Dave Crocker >> Brandenburg InternetWorking >> bbiw.net >> >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc >> > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > >
- [dmarc-ietf] How are ARC results processed, relat… Dave Crocker
- Re: [dmarc-ietf] How are ARC results processed, r… Brandon Long
- Re: [dmarc-ietf] How are ARC results processed, r… Seth Blank