IETF Logo Mail Archive

Re: [dmarc-ietf] Reporting DMARC policy in A-R header fields

Scott Kitterman <sklist@kitterman.com> Tue, 30 July 2019 13:56 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B90781201F8 for <dmarc@ietfa.amsl.com>; Tue, 30 Jul 2019 06:56:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=XHRJN4q1; dkim=pass (2048-bit key) header.d=kitterman.com header.b=kqyhQDOI
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bMOHVP2FwjIS for <dmarc@ietfa.amsl.com>; Tue, 30 Jul 2019 06:56:49 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 218D412022C for <dmarc@ietf.org>; Tue, 30 Jul 2019 06:56:49 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id 2BB83F805B5; Tue, 30 Jul 2019 09:56:18 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1564494978; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : from; bh=UAWDkQDRQzID7+IoPqBOpPR3ykFefezdRROC63U+q64=; b=XHRJN4q16kA3JhkxEbUWPRqeVe3Ol7XUpOKcJVgh7f0Uw9ECGFk+iboo rDyAXcmj/B1z2r7/8tO9mBAMCbrwCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1564494978; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : from; bh=UAWDkQDRQzID7+IoPqBOpPR3ykFefezdRROC63U+q64=; b=kqyhQDOI143Ccd5jidIKXAGS8v/B4ctVR8JsFdaqhIDe/QoAJy/MzO5A FxOHidr+Cqj37ud59tOGH0dzLQOuXhyLz+iV7X4uxc8FNdxN8hEiazMbfR R7Qpt2Y21heQtwQBRTBjM4XUD+hitv4G6rhUcgm2gLh2EKjvgT/3uhfYU0 BHGBFEKnSToE+Pbmw3nq92EXZ09PP1PiXOP24+GQbCgwLxjl+GdPTXkvYw FGemgAdYv+WhDbD3bwWFC5Nzca8KL9krhHDY5LC3kMDNkGZ4nuP4IStt2Z 4uXDQHtMFhRMn4rXtivHSY3jbdpe2YJ0iJFetnQov4sFVgEN+Dl84g==
Received: from [10.228.214.248] (mobile-166-171-59-242.mycingular.net [166.171.59.242]) by interserver.kitterman.com (Postfix) with ESMTPSA id D56FBF80096; Tue, 30 Jul 2019 09:56:17 -0400 (EDT)
Date: Tue, 30 Jul 2019 13:56:16 +0000
In-Reply-To: <ad404895f272ede4a9d0fb7cfb142a65414318d3.camel@aegee.org>
References: <2577720.3ZthdXZjm2@l5580> <4600949.rz9u5RyGOV@l5580> <ad404895f272ede4a9d0fb7cfb142a65414318d3.camel@aegee.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To: dmarc@ietf.org
From: Scott Kitterman <sklist@kitterman.com>
Message-ID: <60001A26-503E-4DB0-B164-2AADD47CFE06@kitterman.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/i3_coGiN4zoz9NpXF9SPEeldQfE>
Subject: Re: [dmarc-ietf] Reporting DMARC policy in A-R header fields
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 13:56:58 -0000

The published policy (that's why I suggest dmarc.policy).  I'm not sure if disposition belongs in A-R.  If it does, it'd be a local policy override, probably policy.dmarc as described now in RFC 8616.

Scott K

On July 30, 2019 1:34:46 PM UTC, "Дилян Палаузов" <dilyan.palauzov@aegee.org> wrote:
>Hello Scott,
>
>do you want to include in the A-R header the published policy, as
>obtained from DNS (my first interpretation of your
>proposal), or the disposition of the message after applying
>DKIM/SPF/DMARC validation, pct sampling, and the ominous
>reject→quarantine sampling conversions?
>
>With disposition I mean what is called at
>https://tools.ietf.org/html/rfc6591#section-3.2.2 Delivery-Result.
>
>For the disposition on p=reject only the MTA can make the decision
>based on pct to reject, so it makes sense if the
>result of disposition is included in the A-R header by the MTA and
>consumed by the MDA.  In turn, including pct and
>published DMARC policy in the A-R header, so that the MDA can do the
>sampling, does not make sense.
>
>If you want to call the new parameter “policy”, then it shall be
>articulated that it means disposition, and not
>published policy.
>
>I am in favour of the proposal.
>
>It allows for forwarded emails/aliases to indicate in the A-R header,
>that sampling was already performed by the
>aliasing server, and the final server that accepts the email can skip
>performing the sampling again.  Performing the
>sampling again has the disadvantage, that the pct= parameter is
>misinterpreted, as the parameter is supposed to be
>applied only once.
>
>On the other side, skipping of the second sampling by whatever server
>is pure theory, and has no practical impact.
>
>Greetings
>  Дилян
>
>On Tue, 2019-07-30 at 00:54 -0400, Scott Kitterman wrote:
>> On Monday, July 29, 2019 3:37:55 PM EDT Scott Kitterman wrote:
>> > I'd like to add the option to record DMARC results in an A-R header
>field
>> > for consumption by a downstream processor.  I think it would be
>something
>> > like this:
>> > 
>> > Authentication-Results: mail-router.example.net; dmarc=pass
>> > header.from=example.com policy.dmarc=none
>> > 
>> > That would take adding an entry in the Email Authentication Methods
>registry
>> > for:
>> > 
>> > method: dmarc
>> > ptype: policy
>> > value: dmarc
>> > 
>> > Does that make sense as a way to do it?  Does anyone have
>alternative
>> > suggestions?
>> 
>> I think comments should be free-form.  If we want data that can be
>machine 
>> parsed, we should specify it.
>> 
>> I think the above works in ABNF terms.  It's:
>> 
>> Authentication-Results:" authserv-id; method=result
>ptype.property=value 
>> ptype.property=value
>> 
>> According to the ABNF, there can be more than one propspec 
>> (ptype.property=value) per methodspec in resinfo, so I think it's
>legal.  It 
>> would just need the new registry values for dmarc.
>> 
>> Scott K
>> 
>> 
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>
>_______________________________________________
>dmarc mailing list
>dmarc@ietf.org
>https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email