IETF Logo Mail Archive

Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result

Dotzero <dotzero@gmail.com> Sun, 02 October 2022 21:00 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C74A5C14F727 for <dmarc@ietfa.amsl.com>; Sun, 2 Oct 2022 14:00:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.681
X-Spam-Level:
X-Spam-Status: No, score=-6.681 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_GREY=0.424, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BER6mx7HQGJf for <dmarc@ietfa.amsl.com>; Sun, 2 Oct 2022 14:00:00 -0700 (PDT)
Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16DE8C14F724 for <dmarc@ietf.org>; Sun, 2 Oct 2022 14:00:00 -0700 (PDT)
Received: by mail-pj1-x1036.google.com with SMTP id p3-20020a17090a284300b0020a85fa3ffcso1969904pjf.2 for <dmarc@ietf.org>; Sun, 02 Oct 2022 14:00:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=yxt9m3fK60ZwCVxuad21tDBgTynaRT0bf3d6T3nn5xk=; b=dCtyR/KQl37xdRKPzio4CMuYV4/VJ1OY2mZWCNjMECIY9yE5+eOst2oxuz9+ggQB7C KTdTvcJ7S0d0V0z4qKxtoNqbinJcrJxYxZtevLax8K2e+2n26dD1VlAu0+iN9TxzvA+l GwtsVgyoMGVI0/0Y+75ToU8uU7QftNagrOoO0n1rylvSUxV5O2MBfqde6saQ5C9nlm7V YeJm++lDPd/A3zcQyxyWYuPVd9iyPTD5Qcmj6gKCrQ6TeuCVta3TTu/Hahj3Qz/KDIqm u00kt6I1mXCeg0tRzegOkqmjpouYD0njh7PwHjwVeDLFbzxCLd9BSENAci51ifdsvkvM sdmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=yxt9m3fK60ZwCVxuad21tDBgTynaRT0bf3d6T3nn5xk=; b=VXWMq4e/Bma2ha+YOEXpJ2kC0Va47minxP7ttjm2IW64ZFLm5DCyFopTQ6GFQ1Ciz/ 6GV88/G1/W4jeF8W67CXa4bW9jiWgdS8eFItK2loFH9TUIT+hlUrxpCoqFEVukt1HoXc jaKlHbDu7nrBwlilzP5PgcCvCzZ/j3xilXvDx89TcbvI5dB0+hSF7YE40pyEvGjUqGUW xHqFfpJZdnbtFZzWOX0l+aN6Ryaic2yHQWZylbhoNfRJ5Y8yQ5Avo7UdjbdE/Pxfhd0V bk0pA6YpgBbfdQfSvHg1m49XTABiPf8MKLxFiawNKrlrRk7WtqMZ2e+GEqFZf1yp4Krp ZMKQ==
X-Gm-Message-State: ACrzQf3ISFW5luBlxEX7DWnH2LSeiFXw+LKTjdu8EP0hL5sc81g9MlEQ NcuEb1jff/Fhfob69Yyc3MJKc5hEMtctI61t/iV+7cnVKOo=
X-Google-Smtp-Source: AMsMyM7xbrcyHM/5NXWcd+Z0gixUDwy+zc4SUcDhmRCQtSOsi7WVSr6cK3hHpKzDSAi8kTKR/RYhJF+J0XWwgOQNIXc=
X-Received: by 2002:a17:90b:1c8b:b0:203:dcf1:128a with SMTP id oo11-20020a17090b1c8b00b00203dcf1128amr8627292pjb.182.1664744399401; Sun, 02 Oct 2022 13:59:59 -0700 (PDT)
MIME-Version: 1.0
References: <165046214335.10055.16398898629460366752@ietfa.amsl.com> <CAH48ZfxZOq68=P-Qxjvjk1c8PxWAWDvaBPPQcb4DWmd6cL=u4Q@mail.gmail.com>
In-Reply-To: <CAH48ZfxZOq68=P-Qxjvjk1c8PxWAWDvaBPPQcb4DWmd6cL=u4Q@mail.gmail.com>
From: Dotzero <dotzero@gmail.com>
Date: Sun, 02 Oct 2022 16:59:48 -0400
Message-ID: <CAJ4XoYen6n06L1UBqzu9nr2jCC7v_-GOAdJXMzCks6d-AaKqUA@mail.gmail.com>
To: Douglas Foster <dougfoster.emailstandards@gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000091780605ea138283"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/gsOVacugFLhSRaqXFYNAh4MDfSI>
Subject: Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Oct 2022 21:00:03 -0000

On Sun, Oct 2, 2022 at 2:01 PM Douglas Foster <
dougfoster.emailstandards@gmail.com> wrote:

> In many cases, an evaluator can determine a DMARC PASS result
> without evaluating every available identifier.
>
>    - If a message has SPF PASS with acceptable alignment, the evaluator
>    has no need to evaluate any DKIM signatures to know that the message
>    produces DMARC PASS.
>    - Some identifiers are easily excluded by simple inspection:   A "
>    sendgrid.net" identifier cannot authenticate "example.com"
>
> When the evaluator has an identifier which is known but not evaluated, he
> does not have a way to document this outcome in the aggregate reports.   To
> fix this hole, we should add an authentication result of "not evaluated"
>
> Doug Foster
>

It is absolutely a wrong thing to suggest not evaluating DKIM if there is
an SPF pass. One of the purposes of aggregated reporting is to help sending
domains to understand the what is breaking in their mail streams. SPF
PASS/DKIM PASS is totally different than SPF PASS/DKIM FAIL. The overhead
cost to perform the DKIM check is relatively low. Why wouldn't you do this.

Do you believe that preventing a sender from getting this additional piece
of information is a good thing?

Michael Hammer

v2.23.0 | Report a Bug | By Email