Re: [dmarc-ietf] Ticket #28 - Failure report mail loops
Alessandro Vesely <vesely@tana.it> Tue, 08 December 2020 12:32 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56E873A0C92 for <dmarc@ietfa.amsl.com>; Tue, 8 Dec 2020 04:32:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.122
X-Spam-Level:
X-Spam-Status: No, score=-2.122 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uZFF8hlDcDAp for <dmarc@ietfa.amsl.com>; Tue, 8 Dec 2020 04:32:14 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 804023A0C96 for <dmarc@ietf.org>; Tue, 8 Dec 2020 04:32:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1607430731; bh=4Sp7S0Sr7QZ9X/USQUnSVy6nF4TQxTzm7I8WkYHFn1E=; l=1444; h=To:References:From:Date:In-Reply-To; b=DFzk2RX5H6SU4gE98b+53EO6C4RDqRhqprP9d2tpXg3iaUjKMOyl/iqGG0vuAqcov EduPPLfsRysgc69vxgUhaQzLKncwkSnXyAgz+f8khGfu+xAGggAhf2EeAHvWkWL3Fq dxq6p4O5SIP1FGm8aabojtICp3KPGYTnHGbHee+kF/7ax+2kTPyJI507SIcVi
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0DC.000000005FCF724B.0000132C; Tue, 08 Dec 2020 13:32:11 +0100
To: dmarc@ietf.org
References: <0408ae98-e1c1-71fe-fdd4-8bc7a7c151d3@tana.it> <CAL0qLwZXJ+mq1cq0yby05fN9-igt-U+Miht5LHpaYmqM=Omk3w@mail.gmail.com> <faada008-12c3-59f8-49b5-4a71882bc2b1@tana.it> <rqm13g$1l9$1@gal.iecc.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <62b7d80e-2c39-4d02-0b5a-bd6ede7d51dc@tana.it>
Date: Tue, 08 Dec 2020 13:32:11 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <rqm13g$1l9$1@gal.iecc.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/i0eapCynyYq4RpR-9t5vXvYoh3U>
Subject: Re: [dmarc-ietf] Ticket #28 - Failure report mail loops
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2020 12:32:19 -0000
On Mon 07/Dec/2020 20:51:12 +0100 John Levine wrote: > In article <faada008-12c3-59f8-49b5-4a71882bc2b1@tana.it>, > Alessandro Vesely <vesely@tana.it> wrote: >>> 4. Some explicit loop prevention specification may be added. For example: >>>> 4.1. send reports from a subdomain having a DMARC record without ruf=, or >>>> 4.2. never send failure reports about failed reports. >>> >>> The latter, which is consistent with SMTP never generating a bounce about a >>> bounce. >> >>However, SMTP has an operational definition of bounce, MAIL FROM:<>. Should we >>take the same stance? That is, send failure reports with an empty bounce >>address and never send failure reports to bounces or failure reports? > > We're talking about DMARC failures, not SMTP delivery failures. I > don't see what the latter has to do with the former. When dmarc authentication method fails on a message, an MTA may decide to send a failure report. If the message is itself a failure report, however, no failure report should be sent. The question is, how does the MTA determine whether the message is a failure report, without resorting to lengthy content analysis? One possibility is to never send failure reports when the bounce address is empty, and mandate that failure reports be sent with an empty bounce address. That way, also regular SMTP bounces won't be reported if dmarc authentication fails. Overly simplistic? Ale --
- [dmarc-ietf] Ticket #28 - Failure report mail loo… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #28 - Failure report mail… John Levine
- Re: [dmarc-ietf] Ticket #28 - Failure report mail… Murray S. Kucherawy
- Re: [dmarc-ietf] Ticket #28 - Failure report mail… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #28 - Failure report mail… John Levine
- Re: [dmarc-ietf] Ticket #28 - Failure report mail… John Levine
- Re: [dmarc-ietf] Ticket #28 - Failure report mail… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #28 - Failure report mail… John Levine
- Re: [dmarc-ietf] Ticket #28 - Failure report mail… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #28 - Failure report mail… John R Levine
- Re: [dmarc-ietf] Ticket #28 - Failure report mail… Dave Crocker
- Re: [dmarc-ietf] Ticket #28 - Failure report mail… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #28 - Failure report mail… John R Levine
- Re: [dmarc-ietf] Ticket #28 - Failure report mail… Alessandro Vesely