IETF Logo Mail Archive

Re: [dmarc-ietf] Reporting DMARC policy in A-R header fields

"Stan Kalisch" <stan@glyphein.mailforce.net> Tue, 30 July 2019 21:22 UTC

Return-Path: <stan@glyphein.mailforce.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63D0E1201C9 for <dmarc@ietfa.amsl.com>; Tue, 30 Jul 2019 14:22:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=Cvce4CpL; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=TLLKf3S5
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tw23FP-VOlIE for <dmarc@ietfa.amsl.com>; Tue, 30 Jul 2019 14:22:12 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5F9012015B for <dmarc@ietf.org>; Tue, 30 Jul 2019 14:22:11 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 344E421F57 for <dmarc@ietf.org>; Tue, 30 Jul 2019 17:22:11 -0400 (EDT)
Received: from imap6 ([10.202.2.56]) by compute7.internal (MEProxy); Tue, 30 Jul 2019 17:22:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=7uV6aXA5qz+1+Eub1ABNEovRqQS4H8g cgUpiuqiKqvM=; b=Cvce4CpLnsFECeGjXwG3fGoj5HGXsdQSkaITb7EuTVUB5EJ FF3UQs3cdypFByYhbEq/227iK46zGbEPr/W6NW/qDdQ4RTiw6Kjfl7Q7hQVncRem AiiqV5yDmleE32b6nmoaSa+h+Qmx+EZy0vdqmnnb5Qtdk9m/EPuGpBM3dOmEox/T LE3lJHBw2irFHVZIxOIbkP4uNh6Ef4+EHI5yV2eoMy8/zqOsd4ArNaGRk7ldj1f5 8evwWKf8ZP/FReVDpERd/4LeBNUoXsOBZNBVudcefe3f8qSKbGCeodPL5qeK3WkG Yg9oivZHCEH5x4305n9Xa1taTIDzZDUzIFozhqQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=7uV6aX A5qz+1+Eub1ABNEovRqQS4H8gcgUpiuqiKqvM=; b=TLLKf3S5pFMsKDONGLLUya lXqzIWQJqOOrB0bYWUN8zmbv5CxoCw9xrYeMuIOp5t1wGj+6cmH3FnJ/WVTKjIag WBOzs2SiLCLlyPwe4N5Vr7BIPBY/H3wqCXD7bVFoHjdoYSbLUb5q6f8q0fEHt6Q7 rckzeKOZuvrJo0jg+TRDfcAsKyULkvrdPUUcH0R0EIgpcomaDNXcM2dw8cDXIPTy Y+rM61niqUy6aSUheJ3bET/hrMCX0tIBl0lReWGBQH1T/3awFeS60FQfPV4BdVuQ bCrs/Ia0dye7acl4zWXqZBOqyxM9Ggqdjp8XOS+f9GaOo96eaCYhuWAxctWQApAg ==
X-ME-Sender: <xms:ArVAXfxcMpIQMV40GI_4msswbUsQQiqQ8dYinLCxhSagcB56LLen9Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrleefgdduheejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsegrtd erreerreejnecuhfhrohhmpedfufhtrghnucfmrghlihhstghhfdcuoehsthgrnhesghhl hihphhgvihhnrdhmrghilhhfohhrtggvrdhnvghtqeenucffohhmrghinhepvgigrghmph hlvgdrnhgvthdpihgvthhfrdhorhhgpdhpohhlihgthidrihhmpdgvgigrmhhplhgvrdgt ohhmnecurfgrrhgrmhepmhgrihhlfhhrohhmpehsthgrnhesghhlhihphhgvihhnrdhmrg hilhhfohhrtggvrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:ArVAXRiyC8xISRySugAnH2-L8AvStjsMk53tlg7WGPE8hFLrbmkC6A> <xmx:ArVAXez_RP7N7YuyCW76n0Xsg57nVF1-yFPhwo8I4VDPpjE1lmO4IQ> <xmx:ArVAXfwefiFU64tK6FPkgCAkQYoXXCKgAQhtpBAc3JgoCp4Mt5hUEA> <xmx:A7VAXX1ZArvkdiLICyTeANNYM74G_zw6Mi7DBudCRjgou5L4SR_0Mg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id BD80E1400FE; Tue, 30 Jul 2019 17:22:10 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-799-g925e343-fmstable-20190729v1
Mime-Version: 1.0
Message-Id: <2b36f1da-581d-4fbf-928d-d9ae1e1b2ba4@www.fastmail.com>
In-Reply-To: <60001A26-503E-4DB0-B164-2AADD47CFE06@kitterman.com>
References: <2577720.3ZthdXZjm2@l5580> <4600949.rz9u5RyGOV@l5580> <ad404895f272ede4a9d0fb7cfb142a65414318d3.camel@aegee.org> <60001A26-503E-4DB0-B164-2AADD47CFE06@kitterman.com>
Date: Tue, 30 Jul 2019 17:21:28 -0400
From: Stan Kalisch <stan@glyphein.mailforce.net>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="9d6598e4bce74139ba773d0d02d050a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/gjkXRNtBBDnI0yDmsRz6L185BcA>
Subject: Re: [dmarc-ietf] Reporting DMARC policy in A-R header fields
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 21:22:14 -0000

On Tue, Jul 30, 2019, at 9:57 AM, Scott Kitterman wrote:
> The published policy (that's why I suggest dmarc.policy). I'm not sure if disposition belongs in A-R. If it does, it'd be a local policy override, probably policy.dmarc as described now in RFC 8616.

In that case, if the downstream were to make use of the upstream's disposition, it's extrapolating a meaning from the disposition, but not actually deriving meaning from the authentication results themselves, so I'm inclined to agree.


Thanks,
Stan

> Scott K
> 
> On July 30, 2019 1:34:46 PM UTC, "Дилян Палаузов" <dilyan.palauzov@aegee.org> wrote:
> >Hello Scott,
> >
> >do you want to include in the A-R header the published policy, as
> >obtained from DNS (my first interpretation of your
> >proposal), or the disposition of the message after applying
> >DKIM/SPF/DMARC validation, pct sampling, and the ominous
> >reject→quarantine sampling conversions?
> >
> >With disposition I mean what is called at
> >https://tools.ietf.org/html/rfc6591#section-3.2.2 Delivery-Result.
> >
> >For the disposition on p=reject only the MTA can make the decision
> >based on pct to reject, so it makes sense if the
> >result of disposition is included in the A-R header by the MTA and
> >consumed by the MDA. In turn, including pct and
> >published DMARC policy in the A-R header, so that the MDA can do the
> >sampling, does not make sense.
> >
> >If you want to call the new parameter “policy”, then it shall be
> >articulated that it means disposition, and not
> >published policy.
> >
> >I am in favour of the proposal.
> >
> >It allows for forwarded emails/aliases to indicate in the A-R header,
> >that sampling was already performed by the
> >aliasing server, and the final server that accepts the email can skip
> >performing the sampling again. Performing the
> >sampling again has the disadvantage, that the pct= parameter is
> >misinterpreted, as the parameter is supposed to be
> >applied only once.
> >
> >On the other side, skipping of the second sampling by whatever server
> >is pure theory, and has no practical impact.
> >
> >Greetings
> > Дилян
> >
> >On Tue, 2019-07-30 at 00:54 -0400, Scott Kitterman wrote:
> >> On Monday, July 29, 2019 3:37:55 PM EDT Scott Kitterman wrote:
> >> > I'd like to add the option to record DMARC results in an A-R header
> >field
> >> > for consumption by a downstream processor. I think it would be
> >something
> >> > like this:
> >> > 
> >> > Authentication-Results: mail-router.example.net; dmarc=pass
> >> > header.from=example.com policy.dmarc=none
> >> > 
> >> > That would take adding an entry in the Email Authentication Methods
> >registry
> >> > for:
> >> > 
> >> > method: dmarc
> >> > ptype: policy
> >> > value: dmarc
> >> > 
> >> > Does that make sense as a way to do it? Does anyone have
> >alternative
> >> > suggestions?
> >> 
> >> I think comments should be free-form. If we want data that can be
> >machine 
> >> parsed, we should specify it.
> >> 
> >> I think the above works in ABNF terms. It's:
> >> 
> >> Authentication-Results:" authserv-id; method=result
> >ptype.property=value 
> >> ptype.property=value
> >> 
> >> According to the ABNF, there can be more than one propspec 
> >> (ptype.property=value) per methodspec in resinfo, so I think it's
> >legal. It 
> >> would just need the new registry values for dmarc.
> >> 
> >> Scott K
> >> 
> >> 
> >> _______________________________________________
> >> dmarc mailing list
> >> dmarc@ietf.org
> >> https://www.ietf.org/mailman/listinfo/dmarc
> >
> >_______________________________________________
> >dmarc mailing list
> >dmarc@ietf.org
> >https://www.ietf.org/mailman/listinfo/dmarc
> 
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email