Re: [dmarc-ietf] Reporting DMARC policy in A-R header fields
Scott Kitterman <sklist@kitterman.com> Tue, 30 July 2019 13:56 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B90781201F8 for <dmarc@ietfa.amsl.com>; Tue, 30 Jul 2019 06:56:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=XHRJN4q1; dkim=pass (2048-bit key) header.d=kitterman.com header.b=kqyhQDOI
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bMOHVP2FwjIS for <dmarc@ietfa.amsl.com>; Tue, 30 Jul 2019 06:56:49 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 218D412022C for <dmarc@ietf.org>; Tue, 30 Jul 2019 06:56:49 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id 2BB83F805B5; Tue, 30 Jul 2019 09:56:18 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1564494978; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : from; bh=UAWDkQDRQzID7+IoPqBOpPR3ykFefezdRROC63U+q64=; b=XHRJN4q16kA3JhkxEbUWPRqeVe3Ol7XUpOKcJVgh7f0Uw9ECGFk+iboo rDyAXcmj/B1z2r7/8tO9mBAMCbrwCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1564494978; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : from; bh=UAWDkQDRQzID7+IoPqBOpPR3ykFefezdRROC63U+q64=; b=kqyhQDOI143Ccd5jidIKXAGS8v/B4ctVR8JsFdaqhIDe/QoAJy/MzO5A FxOHidr+Cqj37ud59tOGH0dzLQOuXhyLz+iV7X4uxc8FNdxN8hEiazMbfR R7Qpt2Y21heQtwQBRTBjM4XUD+hitv4G6rhUcgm2gLh2EKjvgT/3uhfYU0 BHGBFEKnSToE+Pbmw3nq92EXZ09PP1PiXOP24+GQbCgwLxjl+GdPTXkvYw FGemgAdYv+WhDbD3bwWFC5Nzca8KL9krhHDY5LC3kMDNkGZ4nuP4IStt2Z 4uXDQHtMFhRMn4rXtivHSY3jbdpe2YJ0iJFetnQov4sFVgEN+Dl84g==
Received: from [10.228.214.248] (mobile-166-171-59-242.mycingular.net [166.171.59.242]) by interserver.kitterman.com (Postfix) with ESMTPSA id D56FBF80096; Tue, 30 Jul 2019 09:56:17 -0400 (EDT)
Date: Tue, 30 Jul 2019 13:56:16 +0000
In-Reply-To: <ad404895f272ede4a9d0fb7cfb142a65414318d3.camel@aegee.org>
References: <2577720.3ZthdXZjm2@l5580> <4600949.rz9u5RyGOV@l5580> <ad404895f272ede4a9d0fb7cfb142a65414318d3.camel@aegee.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To: dmarc@ietf.org
From: Scott Kitterman <sklist@kitterman.com>
Message-ID: <60001A26-503E-4DB0-B164-2AADD47CFE06@kitterman.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/i3_coGiN4zoz9NpXF9SPEeldQfE>
Subject: Re: [dmarc-ietf] Reporting DMARC policy in A-R header fields
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 13:56:58 -0000
The published policy (that's why I suggest dmarc.policy). I'm not sure if disposition belongs in A-R. If it does, it'd be a local policy override, probably policy.dmarc as described now in RFC 8616. Scott K On July 30, 2019 1:34:46 PM UTC, "Дилян Палаузов" <dilyan.palauzov@aegee.org> wrote: >Hello Scott, > >do you want to include in the A-R header the published policy, as >obtained from DNS (my first interpretation of your >proposal), or the disposition of the message after applying >DKIM/SPF/DMARC validation, pct sampling, and the ominous >reject→quarantine sampling conversions? > >With disposition I mean what is called at >https://tools.ietf.org/html/rfc6591#section-3.2.2 Delivery-Result. > >For the disposition on p=reject only the MTA can make the decision >based on pct to reject, so it makes sense if the >result of disposition is included in the A-R header by the MTA and >consumed by the MDA. In turn, including pct and >published DMARC policy in the A-R header, so that the MDA can do the >sampling, does not make sense. > >If you want to call the new parameter “policy”, then it shall be >articulated that it means disposition, and not >published policy. > >I am in favour of the proposal. > >It allows for forwarded emails/aliases to indicate in the A-R header, >that sampling was already performed by the >aliasing server, and the final server that accepts the email can skip >performing the sampling again. Performing the >sampling again has the disadvantage, that the pct= parameter is >misinterpreted, as the parameter is supposed to be >applied only once. > >On the other side, skipping of the second sampling by whatever server >is pure theory, and has no practical impact. > >Greetings > Дилян > >On Tue, 2019-07-30 at 00:54 -0400, Scott Kitterman wrote: >> On Monday, July 29, 2019 3:37:55 PM EDT Scott Kitterman wrote: >> > I'd like to add the option to record DMARC results in an A-R header >field >> > for consumption by a downstream processor. I think it would be >something >> > like this: >> > >> > Authentication-Results: mail-router.example.net; dmarc=pass >> > header.from=example.com policy.dmarc=none >> > >> > That would take adding an entry in the Email Authentication Methods >registry >> > for: >> > >> > method: dmarc >> > ptype: policy >> > value: dmarc >> > >> > Does that make sense as a way to do it? Does anyone have >alternative >> > suggestions? >> >> I think comments should be free-form. If we want data that can be >machine >> parsed, we should specify it. >> >> I think the above works in ABNF terms. It's: >> >> Authentication-Results:" authserv-id; method=result >ptype.property=value >> ptype.property=value >> >> According to the ABNF, there can be more than one propspec >> (ptype.property=value) per methodspec in resinfo, so I think it's >legal. It >> would just need the new registry values for dmarc. >> >> Scott K >> >> >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc > >_______________________________________________ >dmarc mailing list >dmarc@ietf.org >https://www.ietf.org/mailman/listinfo/dmarc
- [dmarc-ietf] Reporting DMARC policy in A-R header… Scott Kitterman
- Re: [dmarc-ietf] Reporting DMARC policy in A-R he… Дилян Палаузов
- Re: [dmarc-ietf] Reporting DMARC policy in A-R he… Scott Kitterman
- Re: [dmarc-ietf] Reporting DMARC policy in A-R he… Scott Kitterman
- Re: [dmarc-ietf] Reporting DMARC policy in A-R he… Дилян Палаузов
- Re: [dmarc-ietf] Reporting DMARC policy in A-R he… Scott Kitterman
- Re: [dmarc-ietf] Reporting DMARC policy in A-R he… Stan Kalisch
- Re: [dmarc-ietf] Reporting DMARC policy in A-R he… Alessandro Vesely
- Re: [dmarc-ietf] Reporting DMARC policy in A-R he… Scott Kitterman
- Re: [dmarc-ietf] Reporting DMARC policy in A-R he… Stan Kalisch
- Re: [dmarc-ietf] Reporting DMARC policy in A-R he… Kurt Andersen (b)
- Re: [dmarc-ietf] Reporting DMARC policy in A-R he… Murray S. Kucherawy
- Re: [dmarc-ietf] Reporting DMARC policy in A-R he… Alessandro Vesely
- Re: [dmarc-ietf] Reporting DMARC policy in A-R he… John Levine
- Re: [dmarc-ietf] Reporting DMARC policy in A-R he… Stan Kalisch
- Re: [dmarc-ietf] Reporting DMARC policy in A-R he… tjw ietf