Re: [dmarc-ietf] Reports helping spammers? (#81)
Emil Gustafsson <emgu@google.com> Fri, 22 January 2021 04:11 UTC
Return-Path: <emgu@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C6653A0D42 for <dmarc@ietfa.amsl.com>; Thu, 21 Jan 2021 20:11:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.971
X-Spam-Level:
X-Spam-Status: No, score=-17.971 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.373, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sPbJ0i4rQHNi for <dmarc@ietfa.amsl.com>; Thu, 21 Jan 2021 20:11:49 -0800 (PST)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83DC93A0D00 for <dmarc@ietf.org>; Thu, 21 Jan 2021 20:11:49 -0800 (PST)
Received: by mail-ot1-x32d.google.com with SMTP id v1so3897772ott.10 for <dmarc@ietf.org>; Thu, 21 Jan 2021 20:11:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QH62jdaDn8GGCYJ9ryGBpfN+EDJxYwTMYZfW6MqZn1U=; b=Re7OvQR4IFW/x3Wf7pRLQxn0IJnfDgS6PvETkwL3muZzDuJR3q0x1IsunJvZ/tEFL1 kuoAho5xAyykPeL1GcRwl5vYxKrf2QlBLzrrlCW5WBeRhdygMPGhT/EU+bg5wpB4RMXC x7VmmKsXms7ic/69aT6UTk7PdPPbFzf1vHlv5ar0AXIXDqehTcg/nkEz9CXhHHaOsisa 1QCVrvuf3mnoc6CtOB7B/1ARIoIL4aMTN4Bz6iMqcvUDwv1uWMbp7EoRRjEnd3+l7y4D aeTLtWvjuPjoGfWL+G41RKF2PC8OLRcJ1s2kDHW/Pw5h+N9tBZQZnImbudJHGRtUP3n6 GcMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QH62jdaDn8GGCYJ9ryGBpfN+EDJxYwTMYZfW6MqZn1U=; b=EFJps67DYBege3UxsDtT4PIZT7/v6vHXRPJUGdb6STfbAU2Czi31t7RK+ymS16SG27 dRwKYNFAd2oMRW903N570Rm/11pmcJDaweYJ9u2ekC8pKgMffxZm/1vGltuakNeW1EJI Hzfh4Kg7feZD4/zLeo3hzSdPP84AaJUtd5mKR2kjB1AuxDJwMSL1c74wJS/XUY1upzxh CP1kh1S0l7S8Vg0LybHjRzulZ4vbTqkY+wke/cRWarZ0w6ZWAFQ1Pjh5+OOZ/GrAMZnD JAo0NfrY4tY6o564qXuPyvMO2IJxO62FBVuDDpgTw993Rcha6IsPTzD78diOt2+N9Byi lzQg==
X-Gm-Message-State: AOAM532zF5TLfc2SzZjKR00V5sTZ+lkdHXG7JJTL9nzokEXJMofKLL0k Nsi3vfyx6P7ed2pRMGSFSN2EEBGsum76bL0aJC6IkdsXmmE=
X-Google-Smtp-Source: ABdhPJyYI19VGwolcmJNeJUIe1ySiLvjSqmBhkDJWlG98mIZJIYD+Uk9Vq1EagqfnH2hMapIrLniRIWdBOsE2wAiSyU=
X-Received: by 2002:a9d:c43:: with SMTP id 61mr1982463otr.195.1611288708486; Thu, 21 Jan 2021 20:11:48 -0800 (PST)
MIME-Version: 1.0
References: <MN2PR11MB43515A1079F57BD6F6EE0A80F7A19@MN2PR11MB4351.namprd11.prod.outlook.com> <CAOZAAfMDK=oz10O+jMyG5wvYyKpVpoOCyQxQv1_kokWutffXuQ@mail.gmail.com> <CAHej_8n9crrj6xypUJeMJT+5G+8UVPhKLKScHqtcXzJTe7utLg@mail.gmail.com>
In-Reply-To: <CAHej_8n9crrj6xypUJeMJT+5G+8UVPhKLKScHqtcXzJTe7utLg@mail.gmail.com>
From: Emil Gustafsson <emgu@google.com>
Date: Thu, 21 Jan 2021 20:11:37 -0800
Message-ID: <CABZJ8knVg4TYbRzPUCjKSCMD8keHw49oeJr5DiS3UzAQGSuV7g@mail.gmail.com>
To: Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org>
Cc: Seth Blank <seth=40valimail.com@dmarc.ietf.org>, "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="00000000000021962e05b975637a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/hnV3wzo7eF255xiNh3Eli46GlHU>
Subject: Re: [dmarc-ietf] Reports helping spammers? (#81)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2021 04:11:52 -0000
I think spammers would only get two things from the DMARC reports: 1) Have they setup their configuration correctly? 2) Consume resources from the mailbox provider to generate reports. Only if #2 is a concern for the mailbox provider I think there is a need to filter who gets a report and who does not. /E On Thu, Jan 21, 2021 at 3:03 PM Todd Herr <todd.herr= 40valimail.com@dmarc.ietf.org> wrote: > I would submit that it would be in the best interests of mailbox providers > and others who are in the business of making acceptance and filtering > decisions to ensure that spammers properly authenticate their email, so as > to better and more reliably assign a poor reputation to the associated > domains and make it easier to identify them. > > On Thu, Jan 21, 2021 at 4:42 PM Seth Blank <seth= > 40valimail.com@dmarc.ietf.org> wrote: > >> I don't understand this concern. The data in a DMARC report speaks to the >> underlying authentication of a message on receipt, and nothing about the >> "spaminess" or not of a message as it's processed. >> >> On Thu, Jan 21, 2021 at 1:00 PM Brotman, Alex <Alex_Brotman= >> 40comcast.com@dmarc.ietf.org> wrote: >> >>> Hello folks, >>> >>> Thought I'd see if we could come to a conclusion on this ticket. The >>> gist is that the reporter believes that (aggregate?) reports can help >>> spammers to determine some effectiveness of their message attempts. >>> >>> Full Text: >>> ------------- >>> Spammers could use DMARC reports to monitor the effectiveness of their >>> campaigns, and we do not want to help them. Do existing implementations >>> send reports to any domain that requests them, or only to those domains >>> that are considered "acceptable"? If reports are only sent to acceptable >>> domains, what sort of criteria have been useful? >>> >>> System administrators will appreciate such advice. Product developers >>> will need guidance about the features they should provide so that a system >>> administrator can control which domains do not receive reports. >>> ------------- >>> >>> >From an operator side, I don't agree with this assessment. The reports >>> do not show if/why a MBP may place a message in the Junk folder. Could it >>> be DMARC quarantine? Sure. It could also be any number of things from a >>> large matrix of decisions, none of which are shown in a DMARC report. >>> Also, the reports are typically sent once per day (seems like most ignore >>> the 'ri'), quite likely some time after the end of the reporting period. >>> Additionally, they probably have more efficient/immediate methods of >>> evaluating their success rate. >>> >>> If you believe something has been overlooked, please feel free to share. >>> >>> -- >>> Alex Brotman >>> Sr. Engineer, Anti-Abuse & Messaging Policy >>> Comcast >>> >>> _______________________________________________ >>> dmarc mailing list >>> dmarc@ietf.org >>> https://www.ietf.org/mailman/listinfo/dmarc >>> >> >> >> -- >> >> *Seth Blank* | VP, Standards and New Technologies >> *e:* seth@valimail.com >> *p:* 415.273.8818 <(415)%20273-8818> >> >> >> This email and all data transmitted with it contains confidential and/or >> proprietary information intended solely for the use of individual(s) >> authorized to receive it. If you are not an intended and authorized >> recipient you are hereby notified of any use, disclosure, copying or >> distribution of the information included in this transmission is prohibited >> and may be unlawful. Please immediately notify the sender by replying to >> this email and then delete it from your system. >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc >> > > > -- > > *Todd Herr* | Sr. Technical Program Manager > *e:* todd.herr@valimail.com > *p:* 703.220.4153 <(703)%20220-4153> > > > This email and all data transmitted with it contains confidential and/or > proprietary information intended solely for the use of individual(s) > authorized to receive it. If you are not an intended and authorized > recipient you are hereby notified of any use, disclosure, copying or > distribution of the information included in this transmission is prohibited > and may be unlawful. Please immediately notify the sender by replying to > this email and then delete it from your system. > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- [dmarc-ietf] Reports helping spammers? (#81) Brotman, Alex
- Re: [dmarc-ietf] Reports helping spammers? (#81) Seth Blank
- Re: [dmarc-ietf] Reports helping spammers? (#81) Todd Herr
- Re: [dmarc-ietf] Reports helping spammers? (#81) Emil Gustafsson
- Re: [dmarc-ietf] Reports helping spammers? (#81) Douglas Foster
- Re: [dmarc-ietf] Reports helping spammers? (#81) Alessandro Vesely
- Re: [dmarc-ietf] Reports helping spammers? (#81) Todd Herr
- Re: [dmarc-ietf] Reports helping spammers? (#81) Douglas Foster
- Re: [dmarc-ietf] Reports helping spammers? (#81) Todd Herr
- Re: [dmarc-ietf] Reports helping spammers? (#81) Douglas Foster
- Re: [dmarc-ietf] Reports helping spammers? (#81) Seth Blank
- Re: [dmarc-ietf] Reports helping spammers? (#81) Douglas Foster
- Re: [dmarc-ietf] Reports helping spammers? (#81) John Levine
- Re: [dmarc-ietf] Reports helping spammers? (#81) Alessandro Vesely
- Re: [dmarc-ietf] Reports helping spammers? (#81) Douglas Foster
- Re: [dmarc-ietf] Reports helping spammers? (#81) Brotman, Alex
- Re: [dmarc-ietf] Reports helping spammers? (#81) Alessandro Vesely
- [dmarc-ietf] Fwd: Reports helping spammers? (#81) Douglas Foster