Re: [dmarc-ietf] DMARC'ed reports, was Forensic report loops are a problem
Michael Thomas <mike@mtcc.com> Tue, 02 February 2021 02:37 UTC
Return-Path: <mike@fresheez.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 625A63A16A0 for <dmarc@ietfa.amsl.com>; Mon, 1 Feb 2021 18:37:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.751
X-Spam-Level:
X-Spam-Status: No, score=-1.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5K5mHgQBi6oJ for <dmarc@ietfa.amsl.com>; Mon, 1 Feb 2021 18:37:39 -0800 (PST)
Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com [IPv6:2607:f8b0:4864:20::62e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 552773A169F for <dmarc@ietf.org>; Mon, 1 Feb 2021 18:37:39 -0800 (PST)
Received: by mail-pl1-x62e.google.com with SMTP id d13so11622540plg.0 for <dmarc@ietf.org>; Mon, 01 Feb 2021 18:37:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc.com; s=fluffulence; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=vvBrAK5sGMsLcGsp/rybCv2bc4x34Y2lxbnVfMEnTSQ=; b=GgEpQrc5Q2KgpoI6+oG9bUCZan42Bq4XqMRtx58TDbcA4MeKTm+5SAZlfZHSKwW780 N0TZHhyoJbFjGT3PcbnVhXMNN2ZpujW8mM174akY12YtwndJLT1N3zWlKtCjCVvGEAez sHAHfrdIkfD3vXpUcGEG0CvuJITzEhyOgPxWEhJIBra0eqPGi9cASF6zSi041njNhAxd yH/x/TWs9HJkcJXfQHoeXEcL+4jp4vHTlIi7hW1oJ9tyLIopyZvU82akoHHt8c9lK+Lz mCxUb8czqYlQsNs8/T8k3VqnKKkMsyw8nIUqaqAACAPT4A7Az3lIsESjdbAe9l4vOJON o9OQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=vvBrAK5sGMsLcGsp/rybCv2bc4x34Y2lxbnVfMEnTSQ=; b=X3Go3lKVVpFhI+57xz7dfvdUJFQn9BqpRIWo+K6UC09Io82XEp5shhiXzwqX7UVR91 UWJDrwmvtdxR3I/FJlwkinOj4ff5eqNjiTJC9Bd9an9zhQROFmp+PUApNpVt1rNnSnmE 5VV9/0SG7fsvFAktFB4Hb92sUEhkEP08dJ1qxFqDN05DrX1CVPkPfRZSWVBnHuEERAKO QHL3OjTspUts4efh2eLzEht4PV5Cl5QlKeCTwp3jwO7+lKEW/u9VmMgWnHmwu8q3XhMl +D9es8dWxnEdYBlVgHEtU/LadqxJGKe/ZmLvFW49XzI/OJX+EquXP+4+x75ZCm6FgwsN ZJNw==
X-Gm-Message-State: AOAM5311yRuHtutm3WCZGXqd5OzC8e7qJIRu6qJOzt7HF2e5OvXzRQ7Z YQpVqKoWfSOmoy9bgfexoZE0q1y1UytlUg==
X-Google-Smtp-Source: ABdhPJyiY+AIAjxQvUyA+uP6DoqcBXw/fpcty6E9w6VA+JRLPeF0Gw4c7+JxyDAhvJSzU0c7QtJCGQ==
X-Received: by 2002:a17:902:ec83:b029:df:e942:93c0 with SMTP id x3-20020a170902ec83b02900dfe94293c0mr20028715plg.55.1612233458417; Mon, 01 Feb 2021 18:37:38 -0800 (PST)
Received: from mike-mac.lan (107-182-37-188.volcanocom.com. [107.182.37.188]) by smtp.gmail.com with ESMTPSA id g5sm19903960pfm.115.2021.02.01.18.37.37 for <dmarc@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 01 Feb 2021 18:37:37 -0800 (PST)
To: dmarc@ietf.org
References: <20210201232105.1931D6D20971@ary.qy> <41163cd5-be81-6fd7-07dd-7a474874429e@gmail.com> <92b361a1-d9a5-9389-46b-3725d885c02@taugh.com> <b83c7574-3aa9-bd39-1a9b-3be6fa4f47ec@gmail.com> <f28780c0-8533-3a49-d5e3-99fcbbb446ed@mtcc.com> <554d5bd4-8a62-15d2-8f71-aa942c17e654@gmail.com> <18dbfe7b-3f74-69bd-fa54-7f9b1fb66557@mtcc.com> <CAH48ZfwseVXQY6s4PyVrSGLXu8suOQkBA7pvW+EOjkWp674_pg@mail.gmail.com>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <e6665089-1bb3-3ca4-0cce-b1afbd7b1296@mtcc.com>
Date: Mon, 01 Feb 2021 18:37:36 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <CAH48ZfwseVXQY6s4PyVrSGLXu8suOQkBA7pvW+EOjkWp674_pg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/g5ZfUq8u7sYTIpcgUk5TgHPQrmM>
Subject: Re: [dmarc-ietf] DMARC'ed reports, was Forensic report loops are a problem
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2021 02:37:40 -0000
On 2/1/21 6:31 PM, Douglas Foster wrote: > Michael, let it go. > > If someone stops you to say "your zipper is down", you will not ask > them for proof of identity, you will excuse yourself and investigate > the problem. By my reckoning, DMARC reports are a lot like that. > 1. This is already part of DMARC, though it can use some work 2. If somebody says your zipper is down, they can clock you when you look down to check to steal your wallet. Do not underestimate what attackers can do with unauthenticated data. Mike
- [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Steven M Jones
- Re: [dmarc-ietf] Forensic report loops Juri Haberland
- Re: [dmarc-ietf] Forensic report loops Дилян Палаузов
- Re: [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops John Levine
- Re: [dmarc-ietf] Forensic report loops Kurt Andersen (b)
- Re: [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Douglas Foster
- Re: [dmarc-ietf] Forensic report loops Дилян Палаузов
- Re: [dmarc-ietf] Forensic report loops are not a … John Levine
- Re: [dmarc-ietf] Forensic report loops are not a … Douglas Foster
- Re: [dmarc-ietf] Forensic report loops are not a … Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are not a … John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Juri Haberland
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Steven M Jones
- Re: [dmarc-ietf] Forensic report loops are a prob… Steven M Jones
- Re: [dmarc-ietf] Forensic report loops are a prob… Douglas Foster
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] report floods, not Forensic repo… John R Levine
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John Levine
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Douglas Foster
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Alessandro Vesely
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John Levine
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Alessandro Vesely
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Dotzero
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Dotzero
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… John R Levine
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Douglas Foster
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Seth Blank
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Alessandro Vesely
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Alessandro Vesely
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Alessandro Vesely
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John R Levine