Re: [dmarc-ietf] DMARC'ed reports, was Forensic report loops are a problem

Michael Thomas <mike@mtcc.com> Tue, 02 February 2021 02:37 UTC

Return-Path: <mike@fresheez.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 625A63A16A0 for <dmarc@ietfa.amsl.com>; Mon, 1 Feb 2021 18:37:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.751
X-Spam-Level:
X-Spam-Status: No, score=-1.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5K5mHgQBi6oJ for <dmarc@ietfa.amsl.com>; Mon, 1 Feb 2021 18:37:39 -0800 (PST)
Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com [IPv6:2607:f8b0:4864:20::62e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 552773A169F for <dmarc@ietf.org>; Mon, 1 Feb 2021 18:37:39 -0800 (PST)
Received: by mail-pl1-x62e.google.com with SMTP id d13so11622540plg.0 for <dmarc@ietf.org>; Mon, 01 Feb 2021 18:37:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc.com; s=fluffulence; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=vvBrAK5sGMsLcGsp/rybCv2bc4x34Y2lxbnVfMEnTSQ=; b=GgEpQrc5Q2KgpoI6+oG9bUCZan42Bq4XqMRtx58TDbcA4MeKTm+5SAZlfZHSKwW780 N0TZHhyoJbFjGT3PcbnVhXMNN2ZpujW8mM174akY12YtwndJLT1N3zWlKtCjCVvGEAez sHAHfrdIkfD3vXpUcGEG0CvuJITzEhyOgPxWEhJIBra0eqPGi9cASF6zSi041njNhAxd yH/x/TWs9HJkcJXfQHoeXEcL+4jp4vHTlIi7hW1oJ9tyLIopyZvU82akoHHt8c9lK+Lz mCxUb8czqYlQsNs8/T8k3VqnKKkMsyw8nIUqaqAACAPT4A7Az3lIsESjdbAe9l4vOJON o9OQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=vvBrAK5sGMsLcGsp/rybCv2bc4x34Y2lxbnVfMEnTSQ=; b=X3Go3lKVVpFhI+57xz7dfvdUJFQn9BqpRIWo+K6UC09Io82XEp5shhiXzwqX7UVR91 UWJDrwmvtdxR3I/FJlwkinOj4ff5eqNjiTJC9Bd9an9zhQROFmp+PUApNpVt1rNnSnmE 5VV9/0SG7fsvFAktFB4Hb92sUEhkEP08dJ1qxFqDN05DrX1CVPkPfRZSWVBnHuEERAKO QHL3OjTspUts4efh2eLzEht4PV5Cl5QlKeCTwp3jwO7+lKEW/u9VmMgWnHmwu8q3XhMl +D9es8dWxnEdYBlVgHEtU/LadqxJGKe/ZmLvFW49XzI/OJX+EquXP+4+x75ZCm6FgwsN ZJNw==
X-Gm-Message-State: AOAM5311yRuHtutm3WCZGXqd5OzC8e7qJIRu6qJOzt7HF2e5OvXzRQ7Z YQpVqKoWfSOmoy9bgfexoZE0q1y1UytlUg==
X-Google-Smtp-Source: ABdhPJyiY+AIAjxQvUyA+uP6DoqcBXw/fpcty6E9w6VA+JRLPeF0Gw4c7+JxyDAhvJSzU0c7QtJCGQ==
X-Received: by 2002:a17:902:ec83:b029:df:e942:93c0 with SMTP id x3-20020a170902ec83b02900dfe94293c0mr20028715plg.55.1612233458417; Mon, 01 Feb 2021 18:37:38 -0800 (PST)
Received: from mike-mac.lan (107-182-37-188.volcanocom.com. [107.182.37.188]) by smtp.gmail.com with ESMTPSA id g5sm19903960pfm.115.2021.02.01.18.37.37 for <dmarc@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 01 Feb 2021 18:37:37 -0800 (PST)
To: dmarc@ietf.org
References: <20210201232105.1931D6D20971@ary.qy> <41163cd5-be81-6fd7-07dd-7a474874429e@gmail.com> <92b361a1-d9a5-9389-46b-3725d885c02@taugh.com> <b83c7574-3aa9-bd39-1a9b-3be6fa4f47ec@gmail.com> <f28780c0-8533-3a49-d5e3-99fcbbb446ed@mtcc.com> <554d5bd4-8a62-15d2-8f71-aa942c17e654@gmail.com> <18dbfe7b-3f74-69bd-fa54-7f9b1fb66557@mtcc.com> <CAH48ZfwseVXQY6s4PyVrSGLXu8suOQkBA7pvW+EOjkWp674_pg@mail.gmail.com>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <e6665089-1bb3-3ca4-0cce-b1afbd7b1296@mtcc.com>
Date: Mon, 1 Feb 2021 18:37:36 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <CAH48ZfwseVXQY6s4PyVrSGLXu8suOQkBA7pvW+EOjkWp674_pg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/g5ZfUq8u7sYTIpcgUk5TgHPQrmM>
Subject: Re: [dmarc-ietf] DMARC'ed reports, was Forensic report loops are a problem
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2021 02:37:40 -0000

On 2/1/21 6:31 PM, Douglas Foster wrote:
> Michael, let it go.
>
> If someone stops you to say "your zipper is down", you will not ask 
> them for proof of identity, you will excuse yourself and investigate 
> the problem.   By my reckoning, DMARC reports are a lot like that.
>
1. This is already part of DMARC, though it can use some work

2. If somebody says your zipper is down, they can clock you when you 
look down to check to steal your wallet. Do not underestimate what 
attackers can do with unauthenticated data.

Mike