IETF Logo Mail Archive

Re: [dmarc-ietf] Reports helping spammers? (#81)

Emil Gustafsson <emgu@google.com> Fri, 22 January 2021 04:11 UTC

Return-Path: <emgu@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C6653A0D42 for <dmarc@ietfa.amsl.com>; Thu, 21 Jan 2021 20:11:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.971
X-Spam-Level:
X-Spam-Status: No, score=-17.971 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.373, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sPbJ0i4rQHNi for <dmarc@ietfa.amsl.com>; Thu, 21 Jan 2021 20:11:49 -0800 (PST)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83DC93A0D00 for <dmarc@ietf.org>; Thu, 21 Jan 2021 20:11:49 -0800 (PST)
Received: by mail-ot1-x32d.google.com with SMTP id v1so3897772ott.10 for <dmarc@ietf.org>; Thu, 21 Jan 2021 20:11:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QH62jdaDn8GGCYJ9ryGBpfN+EDJxYwTMYZfW6MqZn1U=; b=Re7OvQR4IFW/x3Wf7pRLQxn0IJnfDgS6PvETkwL3muZzDuJR3q0x1IsunJvZ/tEFL1 kuoAho5xAyykPeL1GcRwl5vYxKrf2QlBLzrrlCW5WBeRhdygMPGhT/EU+bg5wpB4RMXC x7VmmKsXms7ic/69aT6UTk7PdPPbFzf1vHlv5ar0AXIXDqehTcg/nkEz9CXhHHaOsisa 1QCVrvuf3mnoc6CtOB7B/1ARIoIL4aMTN4Bz6iMqcvUDwv1uWMbp7EoRRjEnd3+l7y4D aeTLtWvjuPjoGfWL+G41RKF2PC8OLRcJ1s2kDHW/Pw5h+N9tBZQZnImbudJHGRtUP3n6 GcMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QH62jdaDn8GGCYJ9ryGBpfN+EDJxYwTMYZfW6MqZn1U=; b=EFJps67DYBege3UxsDtT4PIZT7/v6vHXRPJUGdb6STfbAU2Czi31t7RK+ymS16SG27 dRwKYNFAd2oMRW903N570Rm/11pmcJDaweYJ9u2ekC8pKgMffxZm/1vGltuakNeW1EJI Hzfh4Kg7feZD4/zLeo3hzSdPP84AaJUtd5mKR2kjB1AuxDJwMSL1c74wJS/XUY1upzxh CP1kh1S0l7S8Vg0LybHjRzulZ4vbTqkY+wke/cRWarZ0w6ZWAFQ1Pjh5+OOZ/GrAMZnD JAo0NfrY4tY6o564qXuPyvMO2IJxO62FBVuDDpgTw993Rcha6IsPTzD78diOt2+N9Byi lzQg==
X-Gm-Message-State: AOAM532zF5TLfc2SzZjKR00V5sTZ+lkdHXG7JJTL9nzokEXJMofKLL0k Nsi3vfyx6P7ed2pRMGSFSN2EEBGsum76bL0aJC6IkdsXmmE=
X-Google-Smtp-Source: ABdhPJyYI19VGwolcmJNeJUIe1ySiLvjSqmBhkDJWlG98mIZJIYD+Uk9Vq1EagqfnH2hMapIrLniRIWdBOsE2wAiSyU=
X-Received: by 2002:a9d:c43:: with SMTP id 61mr1982463otr.195.1611288708486; Thu, 21 Jan 2021 20:11:48 -0800 (PST)
MIME-Version: 1.0
References: <MN2PR11MB43515A1079F57BD6F6EE0A80F7A19@MN2PR11MB4351.namprd11.prod.outlook.com> <CAOZAAfMDK=oz10O+jMyG5wvYyKpVpoOCyQxQv1_kokWutffXuQ@mail.gmail.com> <CAHej_8n9crrj6xypUJeMJT+5G+8UVPhKLKScHqtcXzJTe7utLg@mail.gmail.com>
In-Reply-To: <CAHej_8n9crrj6xypUJeMJT+5G+8UVPhKLKScHqtcXzJTe7utLg@mail.gmail.com>
From: Emil Gustafsson <emgu@google.com>
Date: Thu, 21 Jan 2021 20:11:37 -0800
Message-ID: <CABZJ8knVg4TYbRzPUCjKSCMD8keHw49oeJr5DiS3UzAQGSuV7g@mail.gmail.com>
To: Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org>
Cc: Seth Blank <seth=40valimail.com@dmarc.ietf.org>, "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="00000000000021962e05b975637a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/hnV3wzo7eF255xiNh3Eli46GlHU>
Subject: Re: [dmarc-ietf] Reports helping spammers? (#81)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2021 04:11:52 -0000

I think spammers would only get two things from the DMARC reports:
1) Have they setup their configuration correctly?
2) Consume resources from the mailbox provider to generate reports.

Only if #2 is a concern for the mailbox provider I think there is a need to
filter who gets a report and who does not.

/E

On Thu, Jan 21, 2021 at 3:03 PM Todd Herr <todd.herr=
40valimail.com@dmarc.ietf.org> wrote:

> I would submit that it would be in the best interests of mailbox providers
> and others who are in the business of making acceptance and filtering
> decisions to ensure that spammers properly authenticate their email, so as
> to better and more reliably assign a poor reputation to the associated
> domains and make it easier to identify them.
>
> On Thu, Jan 21, 2021 at 4:42 PM Seth Blank <seth=
> 40valimail.com@dmarc.ietf.org> wrote:
>
>> I don't understand this concern. The data in a DMARC report speaks to the
>> underlying authentication of a message on receipt, and nothing about the
>> "spaminess" or not of a message as it's processed.
>>
>> On Thu, Jan 21, 2021 at 1:00 PM Brotman, Alex <Alex_Brotman=
>> 40comcast.com@dmarc.ietf.org> wrote:
>>
>>> Hello folks,
>>>
>>> Thought I'd see if we could come to a conclusion on this ticket.  The
>>> gist is that the reporter believes that (aggregate?) reports can help
>>> spammers to determine some effectiveness of their message attempts.
>>>
>>> Full Text:
>>> -------------
>>> Spammers could use DMARC reports to monitor the effectiveness of their
>>> campaigns, and we do not want to help them. Do existing implementations
>>> send reports to any domain that requests them, or only to those domains
>>> that are considered "acceptable"? If reports are only sent to acceptable
>>> domains, what sort of criteria have been useful?
>>>
>>> System administrators will appreciate such advice. Product developers
>>> will need guidance about the features they should provide so that a system
>>> administrator can control which domains do not receive reports.
>>> -------------
>>>
>>> >From an operator side, I don't agree with this assessment.  The reports
>>> do not show if/why a MBP may place a message in the Junk folder.  Could it
>>> be DMARC quarantine?  Sure.  It could also be any number of things from a
>>> large matrix of decisions, none of which are shown in a DMARC report.
>>> Also, the reports are typically sent once per day (seems like most ignore
>>> the 'ri'), quite likely some time after the end of the reporting period.
>>> Additionally, they probably have more efficient/immediate methods of
>>> evaluating their success rate.
>>>
>>> If you believe something has been overlooked, please feel free to share.
>>>
>>> --
>>> Alex Brotman
>>> Sr. Engineer, Anti-Abuse & Messaging Policy
>>> Comcast
>>>
>>> _______________________________________________
>>> dmarc mailing list
>>> dmarc@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dmarc
>>>
>>
>>
>> --
>>
>> *Seth Blank* | VP, Standards and New Technologies
>> *e:* seth@valimail.com
>> *p:* 415.273.8818 <(415)%20273-8818>
>>
>>
>> This email and all data transmitted with it contains confidential and/or
>> proprietary information intended solely for the use of individual(s)
>> authorized to receive it. If you are not an intended and authorized
>> recipient you are hereby notified of any use, disclosure, copying or
>> distribution of the information included in this transmission is prohibited
>> and may be unlawful. Please immediately notify the sender by replying to
>> this email and then delete it from your system.
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>>
>
>
> --
>
> *Todd Herr* | Sr. Technical Program Manager
> *e:* todd.herr@valimail.com
> *p:* 703.220.4153 <(703)%20220-4153>
>
>
> This email and all data transmitted with it contains confidential and/or
> proprietary information intended solely for the use of individual(s)
> authorized to receive it. If you are not an intended and authorized
> recipient you are hereby notified of any use, disclosure, copying or
> distribution of the information included in this transmission is prohibited
> and may be unlawful. Please immediately notify the sender by replying to
> this email and then delete it from your system.
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email