Re: [dmarc-ietf] Forensic report loops are a problem

Michael Thomas <mike@mtcc.com> Mon, 01 February 2021 18:25 UTC

Return-Path: <mike@fresheez.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E1EC3A1438 for <dmarc@ietfa.amsl.com>; Mon, 1 Feb 2021 10:25:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YAPGV56wKNbR for <dmarc@ietfa.amsl.com>; Mon, 1 Feb 2021 10:25:19 -0800 (PST)
Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D21C63A13FA for <dmarc@ietf.org>; Mon, 1 Feb 2021 10:25:16 -0800 (PST)
Received: by mail-pj1-x1030.google.com with SMTP id kx7so101544pjb.2 for <dmarc@ietf.org>; Mon, 01 Feb 2021 10:25:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc.com; s=fluffulence; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=VnqjQTY59vG9dmPLLZIkyS39Tsip5Io7Xrinh8T+Eog=; b=j13cqf8WfTk2ouNV7RYuDGAmRZFTWkBipCVQZ8n87PY+cQUDPcGlRl0CL4LJZ71kjT eyWENkZFkI93KL3uGyPx0udQ/z0OPpE8MleFF/JeeqjDVH74UA8gWIY+Gr/Z/yf4qD6n 6UAA29CAgCs1T1+dOaHbbNmqXTrXibONcEZMvKq3BKWOdI86Pfu5W3HYCe3tp9FSKJiG 7DrXgLF2E/NR+/3T643291wW2EhMXbI6JtLJM5wKfrE37edESEialaPvy3jwZKrIfptE uVDX27Xfon4iPlOfrgu512gMCTuN6BuDWLJTRT9tn+FwC48vdcX+qBzfAzUmxoz8c2en tzag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=VnqjQTY59vG9dmPLLZIkyS39Tsip5Io7Xrinh8T+Eog=; b=toU+NWC9EPpbXX+Nsv9yEvYa8L/7epzaN4zh6m4DYLwNIf1NAMtfBTg105pTB2OFWk pihxApMHe8NcdxsDbzd0vIBO5eYxqKJajQpB6MHRx4G7l64TAGygiAud3Xccs6m7D6lu GPGNQdvGo0u4X7psBRhAHPAtIp1+m3QQirXmF7iAyaQgyNoWMyNy/WqoW9peyA0K3EWE uFA/NonTYe09g0NBJyhNRyo7JXcfutsUrjq4VUYivmYNFEwfe9UdqjwTL/MZtvdSXnQf CCIE7tBKRn0doGpQa/Z4Ilch7D/yVzU0Qa5+75lCORjeh6QEuK4ufdVyHYkLIom9iRLC JsIw==
X-Gm-Message-State: AOAM532VUc0DHwdionZBE0HRNP3swGsWwkAXbudKp9Yb+s7OxO/t3CB8 UJMSZJYTpXL8Mgz1JB09OGh2V/drsBWMsg==
X-Google-Smtp-Source: ABdhPJyUCTZh8nHOjyfLvzjmuZUkitIsroljB8iAQM6Poxt/+lD6YXpsmYCTiPIYO/xCys8NLaVhaw==
X-Received: by 2002:a17:902:b58f:b029:e1:6a9:f744 with SMTP id a15-20020a170902b58fb02900e106a9f744mr19046593pls.1.1612203915743; Mon, 01 Feb 2021 10:25:15 -0800 (PST)
Received: from mike-mac.lan (107-182-37-188.volcanocom.com. [107.182.37.188]) by smtp.gmail.com with ESMTPSA id bk18sm82664pjb.41.2021.02.01.10.25.14 for <dmarc@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 01 Feb 2021 10:25:14 -0800 (PST)
To: dmarc@ietf.org
References: <CAL0qLwY5BbwvS9XXqBk=Mp074ntN=NeS97pJAxPBdQEZAsgohg@mail.gmail.com> <20210127203714.007C86CDB9CA@ary.qy> <CAL0qLwbN+HkGfvw79rPPvqL6jWWAsUtWY9X1gW=vAvoeQS8RHg@mail.gmail.com> <b7ea6cb8-ce79-7df7-c521-544358c1866e@crash.com> <dc398e7b-2fc6-f418-4e66-456a6c1189d6@gmail.com> <379e4493-1287-9dd5-5c8f-ae5adf949cbd@tana.it> <9aea1615-64a5-a310-b8c7-83ec0c316dae@gmail.com>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <2f1cd9ea-487c-10a5-3fdf-2f4135574b51@mtcc.com>
Date: Mon, 1 Feb 2021 10:25:13 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <9aea1615-64a5-a310-b8c7-83ec0c316dae@gmail.com>
Content-Type: multipart/alternative; boundary="------------A4C498D7CA80A693B3171748"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/hImOet_x0sKykRZ_Sd60lbO3PQ8>
Subject: Re: [dmarc-ietf] Forensic report loops are a problem
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2021 18:25:28 -0000

On 2/1/21 10:13 AM, Dave Crocker wrote:
> On 2/1/2021 10:08 AM, Alessandro Vesely wrote:
>> On Mon 01/Feb/2021 17:38:07 +0100 Dave Crocker wrote:
>>> Consider the challenges to ensuring a DMARC pass.  That's a pretty 
>>> high barrier to entry against generating reports.
>>
>> Well, if a mail site is unable to get a DMARC pass, they have more 
>> urgent problems to solve than setting up aggregate report generation. 
>
>
> No, they probably don't have more urgent problems. Sites choose not to 
> adopt DMARC for a variety of reasons. It's probably a good idea to 
> respect that variety.
>
> The model that a receiving site is not allowed to report DMARC traffic 
> unless that site is also generating DMARC authentication is 
> Procrustean.  And as I noted, is likely counter-productive.
>
There is no such thing as "DMARC authentication". The paragraph quoted 
is poorly written and should be rewritten to say that the report should 
pass either SPF or DKIM authentication as I wrote in issue #98. This has 
nothing to do with the DMARC at all. And if requiring authentication is 
"religious fervor", I really don't know what to say.

Mike


> I understand the zeal that drives a lot of the effort to promote 
> DMARC, but the danger with aggressive proselytizing is that it changes 
> from serious technical and operational evaluation into purely 
> religious fervor.
>
>
> d/
>
> -- 
> Dave Crocker
> dcrocker@gmail.com
> 408.329.0791
>
> Volunteer, Silicon Valley Chapter
> American Red Cross
> dave.crocker2@redcross.org
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc