Re: [dmarc-ietf] Report bombing is a prolem, Forensic report loops are not
Douglas Foster <dougfoster.emailstandards@gmail.com> Sat, 30 January 2021 12:52 UTC
Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 672853A083E for <dmarc@ietfa.amsl.com>; Sat, 30 Jan 2021 04:52:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VCjxmp1var0J for <dmarc@ietfa.amsl.com>; Sat, 30 Jan 2021 04:52:07 -0800 (PST)
Received: from mail-ua1-x935.google.com (mail-ua1-x935.google.com [IPv6:2607:f8b0:4864:20::935]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A02F73A0839 for <dmarc@ietf.org>; Sat, 30 Jan 2021 04:52:07 -0800 (PST)
Received: by mail-ua1-x935.google.com with SMTP id g5so4163122uak.10 for <dmarc@ietf.org>; Sat, 30 Jan 2021 04:52:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=K7CbGIS+B6Kd3OMrTaOlsMFrEqNkmGV+QtQeULZd2xs=; b=Lyf9QaUBg3BYWxDMUR34feXsyT3v+/Ur7vq4GR5MZvIFHr6aIu1H494VEGkgkbnuDM byUXRF84U1Ams9f2FEySgRYTDzN/NvirnepssTjpeEh6QOjK1eVSJ24GXBBWlcDR70pO Qk8WSvUTmN5q2JWM5fmF5SGUU7wQTOdKafrIZkyc/zAVa2PlLeTdePq47kNzxJABw8fU f+5ygbhUf8p59eczw1CF7FGEAvAgbj6YDz3FeuHB0mAMCnyYOwSewHgAdcmOyRPxKE8L WwK1f0tuEjmLrpjHqVaxBdJ8iRvHI9QvOjdGSflPF4w/5umHa8Ry7EIMOnOeBOG/6ryQ zxTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=K7CbGIS+B6Kd3OMrTaOlsMFrEqNkmGV+QtQeULZd2xs=; b=NnCfIBIucXMZNxE8RG90/0ZWIo7+2hSnDaJSgTM3Zk6ZtjYNi1A5juxzc2fIDExiiv cT6juTSkAIdqPrGahXF3sBKDsElSx1nG/so8akJSlH+2bFqxkPJHex1JWutVeppqScEz aUCSr8Q4X8wz6Run5C4C3SCgjkgbAaBbpXyTVUO2ptRSTHko2w2LE92xWGZ1YQ/oEyzB mvzNnNKg08Sp3ozjyOqby6EbDxXJB4mcfm0oFCUW1rG4+S6H3UH2ioYFNLHcuFXl41rQ TTq0rKSxwtp6gztDCWeJlasCIE0VoFefZHQVgVASyA7ulwQJPsMRxygaTFtklcP6b4aA Bzyg==
X-Gm-Message-State: AOAM5309eIIQcs3DTguNSyqhoqDJfGr0renU9e+JorKkQBU9ThW8DaEf GbfoWix1KaNufEC2h0ndKBxlWCRx0GV/G+fcfar93UdJY40=
X-Google-Smtp-Source: ABdhPJz+/GmHoQ5U43VSl6EVQna+S24Rd4S5VhAJVU3nuJhq0rr5WpXZo7QKR3dyIwkvQtqJx5X/owTeFb0rSj8loOk=
X-Received: by 2002:ab0:5e6:: with SMTP id e93mr5092380uae.109.1612011126412; Sat, 30 Jan 2021 04:52:06 -0800 (PST)
MIME-Version: 1.0
References: <db72db79-272e-5d52-8994-4da81c8723bd@tana.it> <20210129210006.063C66CF2279@ary.qy>
In-Reply-To: <20210129210006.063C66CF2279@ary.qy>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Sat, 30 Jan 2021 07:51:56 -0500
Message-ID: <CAH48ZfxCpFjySAL06a9pDusX1FiuSuVsHkBZG-Zkvxgu3BJmcA@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000905b0105ba1d9686"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/dn4RrEZjb5mz6O0RNjq1VkNFn5o>
Subject: Re: [dmarc-ietf] Report bombing is a prolem, Forensic report loops are not
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2021 12:52:09 -0000
Interesting point. In your experience, how often does reporting produce any change in sender behavior? I have made attempts both to help senders correct their own SPF or DMARC policy, or to get them to stop violating my DMARC policy. As best I can recall, my success rate has been zero. For a responsive organization, finding a problem and getting the change approved is likely to be a time-consuming a quick process. A week turnaround would seem timely, unless they go into emergency mode because lots of mail is being blocked. The spec is confusing because it says (a) failure reports should be sent immediately, (b) failure reports should be aggregated, and (c) failure reports should be throttled but without specifying a limit. Of course, if the cause is a spammer, there is nothing that the domain owner can do at all. I wonder if the rule should be one message per week per source, since any large volume sender will be getting reports from multiple sources. The main problem with this is that law enforcement actions may want to be bombed. DF On Fri, Jan 29, 2021 at 4:00 PM John Levine <johnl@taugh.com> wrote: > In article <db72db79-272e-5d52-8994-4da81c8723bd@tana.it> you write: > >3.3. Transport > > > > Email streams carrying DMARC failure reports MUST conform to the > > DMARC mechanism, thereby resulting in an aligned "pass". Special > > care must be taken of authentication, as failure to authenticate > > failure reports may provoke further reports. > > Reporters SHOULD rate limit the number of failure reports sent > to any recipient to avoid overloading recipient systems. > > > Why would reports due to a mail loop be more of a problem than due to > some random spammer sending a lot of fake mail, or (real life) your > users send mail to mailing lists with thousands of subscribers? Rate > limit your reports, don't worry about where they came from. > > R's, > John > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Steven M Jones
- Re: [dmarc-ietf] Forensic report loops Juri Haberland
- Re: [dmarc-ietf] Forensic report loops Дилян Палаузов
- Re: [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops John Levine
- Re: [dmarc-ietf] Forensic report loops Kurt Andersen (b)
- Re: [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Douglas Foster
- Re: [dmarc-ietf] Forensic report loops Дилян Палаузов
- Re: [dmarc-ietf] Forensic report loops are not a … John Levine
- Re: [dmarc-ietf] Forensic report loops are not a … Douglas Foster
- Re: [dmarc-ietf] Forensic report loops are not a … Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are not a … John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Juri Haberland
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Steven M Jones
- Re: [dmarc-ietf] Forensic report loops are a prob… Steven M Jones
- Re: [dmarc-ietf] Forensic report loops are a prob… Douglas Foster
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] report floods, not Forensic repo… John R Levine
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John Levine
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Douglas Foster
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Alessandro Vesely
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John Levine
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Alessandro Vesely
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Dotzero
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Dotzero
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… John R Levine
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Douglas Foster
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Seth Blank
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Alessandro Vesely
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Alessandro Vesely
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Alessandro Vesely
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John R Levine