IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #61 - Define and add a simplified (redacted) failure report

John Levine <johnl@taugh.com> Wed, 09 December 2020 18:52 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D9983A16F7 for <dmarc@ietfa.amsl.com>; Wed, 9 Dec 2020 10:52:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.851
X-Spam-Level:
X-Spam-Status: No, score=-1.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=sBmX3yVm; dkim=pass (2048-bit key) header.d=taugh.com header.b=R0X4pnPa
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WYQkRFUjQb7K for <dmarc@ietfa.amsl.com>; Wed, 9 Dec 2020 10:52:48 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55B4E3A16F8 for <dmarc@ietf.org>; Wed, 9 Dec 2020 10:52:47 -0800 (PST)
Received: (qmail 7954 invoked from network); 9 Dec 2020 18:52:46 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=1f10.5fd11cfe.k2012; bh=pMB8v3JmwnPz1z46E5oQTVXnflEaO9SuAejz3bi8nCU=; b=sBmX3yVmX/pVq5ekYFO37arUXkJOz4Fp+fhZbMLk0922rFCXFmTJGVcOzojajcaX44Ag/HM5Y0xGwggGtmyQcevpHLY7L16+DhF6BYzYmp0tkPr4sExtcpZUPipoNGTRFTjgd8/8mssNl1WdQ0UqxvTzK8Cn6q9bFrkLxuhDA9oHURlroXZT34QIzUDvhP6FHl/aUpCmtAK3sJm3R3TuY4pyNqPzLdsk58yRtGQsMD1p9CSdg4okZphw9sq8p3v2gDIr9hBLhszEuSQSd0ujSe2TvD2zSHDTm4rvnyqtbs7Xhdvc124tuTpk43V+Qc+r6MNwHtaHbf9DwYHo+0fTZw==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=1f10.5fd11cfe.k2012; bh=pMB8v3JmwnPz1z46E5oQTVXnflEaO9SuAejz3bi8nCU=; b=R0X4pnPaxYViA763MSt5DfsBtcM48fyi05YIp6gNKOfm0YX+PJi4RufuGRSKGPT+vOS83yYsBY5BCDKwwSTdIZxyCOMoyN1kR3RkoPrZpVFuTBjdyrndFWFov0AAhUhPVdYCjhd/1uj7CZzhyxFIGU22eIqql+P9UEALK6pe1nWhtNDQvUPwsKMMEXTaGfPLwucC9y3Ei+Pz0PonhPQpijvVkWRgiMxUwlPf5janMDgOrYRxOOx6DQBFxRgbDANfpnqfnSNow7Bwt0BajOCEjVLtqSiTp7NeIMhkEUoFnE/di8GZfpgQw6NZPVSsmjREN4UVqQuHmEoKfTchMmY+kg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 09 Dec 2020 18:52:46 -0000
Received: by ary.qy (Postfix, from userid 501) id 1D40C29474C4; Wed, 9 Dec 2020 13:52:45 -0500 (EST)
Date: Wed, 09 Dec 2020 13:52:45 -0500
Message-Id: <20201209185246.1D40C29474C4@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: vesely@tana.it
In-Reply-To: <609e1c9b-cc4d-d7d1-0fa8-79f515c1eee4@tana.it>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/gIfzAUQ_1LfwvFhZeb0kPn54wcg>
Subject: Re: [dmarc-ietf] Ticket #61 - Define and add a simplified (redacted) failure report
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2020 18:52:50 -0000

In article <609e1c9b-cc4d-d7d1-0fa8-79f515c1eee4@tana.it> you write:
>     It has been asked for a new report type (perhaps a subset of failure
>     reports) that provides minimal data from the email (specifically, the
>     initial ask is for the to: and from: email addresses only) in order to aid
>     identification of the email's destination (and hence, the owner who can
>     help with getting it authenticated) without providing other PII.

As always, I would want to see some evidence of an actual problem to
be solved here. In the existing format, reporters can and do redact as
much as they want.  Why isn't that sufficient?

Looking at the actual forensic reports I get, the majority are from
antispamcloud.com which gloms some report info and the failed
message's headers into a text body, ignoring the spec that says it's
supposed to be multipart/report. I presume if we changed the spec they
still wouldn't follow it, so why bother.

The rest of the reports are multipart/report, some with the whole
message, some with just the headers.

I think that if a reporter isn't willing to provide the headers it's
unlikely to provide anything.  If we have a concrete reason to believe
that there are people who would send these proposed super-redacted
failure reports who do not send reports now, I might consider this.
Otherwise, it's not a problem and close the ticket.

R's,
John

v2.23.0 | Report a Bug | By Email