IETF Logo Mail Archive

Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help

Douglas Foster <dougfoster.emailstandards@gmail.com> Mon, 25 January 2021 18:55 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92B173A174D for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 10:55:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fK5SvIzVMWkD for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 10:55:29 -0800 (PST)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6E803A13AB for <dmarc@ietf.org>; Mon, 25 Jan 2021 10:55:28 -0800 (PST)
Received: by mail-ed1-x533.google.com with SMTP id n6so16752699edt.10 for <dmarc@ietf.org>; Mon, 25 Jan 2021 10:55:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=3K8StACYWuHQVCYWbpoe5ir22YpM26px0+M/MosKpMk=; b=bKFrMPvSwSICuW+WXmKqWv8lPbxvFv2wdQCjxgCfpS+ZB6BF4Si2xX+oPugOO2kgFX //u7w9IraxEwwXIJKLIKv056MPzLx2jkYMupHsRsQl6+RciIaJXZMt0R6eH6hDqoWr8H WJ8b3fkdoNleXDFYJ87ayycEP5P6r0nY/q6jBEBZqREI/D7+t5uLpTqQ6hp8hwYC351F 1afgaV2WbHNTYkfeOhmG8W/+Ks22sFB4nAxDuGcgUFQRR82+due1ho3aKUtDu3i/sblZ 3W5CK+TJyy/J/gSMN+1cNTWcLpPvlsYslF+X8XPhGzo4TD4dI59Sj+7au/qbOG+FS7o1 7Wvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=3K8StACYWuHQVCYWbpoe5ir22YpM26px0+M/MosKpMk=; b=APYb+maftXB8vd7v6mHKb7XlGJ3KkhW8CYO/qE4gImM/BE2919DMv1VETPcZ5tfmBw AS+yi3R6HZEEBqSQj1dkmUB9TqawIAECRxwBoihyCu0xrVV2U2s9FQIgAhhUS/1vxK0a q8jl8AwFftda7+bGhsR8O2MlFar3ahNdYCFWklZkNTifq9W+F0Ax7Dzt/wX08xY77KV/ qXQAx7V5iMQ5kty/aTj7ZVjPTG7IkLcM2nSd3EuVAkv9DdHN/ycAEvK6jo/3WKZs72lz LQx/8Rs1s7JD21feInvf7Ys22LrOUH5c5SLIQd/bbm6lc4Llg2zpdkf1C4PhdXGoFSXp A3DA==
X-Gm-Message-State: AOAM532Gx9OJw4P2Gn/g269tSqGz51FtvCVcsBfyAr2AwoSkErQDUPwF 4upLnekDNxwBjVLfz89TJqiJfJmU9DOI41L3CQTWArty
X-Google-Smtp-Source: ABdhPJxl/6qRfxXFil9BeOD04+9mqYF+SMsyVdZkwUKlw+YJrUKkmfO5PwH6UnQtTMTELR3iWun5OuWItawNdsDKFto=
X-Received: by 2002:a50:bf4a:: with SMTP id g10mr1604724edk.201.1611600926611; Mon, 25 Jan 2021 10:55:26 -0800 (PST)
MIME-Version: 1.0
References: <20210125182350.DE0FE6C131FB@ary.qy> <ddb67702-01e7-783d-9fa6-3e427542092c@mtcc.com>
In-Reply-To: <ddb67702-01e7-783d-9fa6-3e427542092c@mtcc.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Mon, 25 Jan 2021 13:55:12 -0500
Message-ID: <CAH48ZfwejX1PHO7x1bjJTYyehXZWMuq3jrHFJzAHWfy1jQ+NQg@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c01b1f05b9be146e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/iSgpRqc8xqVmP0cebnUa494Qk2I>
Subject: Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2021 18:55:31 -0000

DMARC alignment on the report seems of limited value unless it is aligned
to the domain being reported.  But that change would require every unique
domain to generate a unique report.   Gsuite and Office365 would probably
consider that unacceptable.

On Mon, Jan 25, 2021, 1:29 PM Michael Thomas <mike@mtcc.com> wrote:

>
> On 1/25/21 10:23 AM, John Levine wrote:
> >> The list seems to be digging in because no one has raised a use case
> that
> >> shows a need to revisit the text. This was made worse by asserting that
> >> reports must be authenticated, when the text already makes that clear.
> > I think the use case is my proposed https reporting. If you think it
> > would be useful to allow domain authentication, it's easy enough to
> > say that the client SHOULD send a client certificate. Nobody will, but
> > every https server and client library I know supports client certs so
> > it's not hard to implement.
>
> Which means that is done completely in bad faith. No thanks.
>
> >
> > I continue to believe that authenticating the domain sending reports
> > is of no value, since there is no way to tell what if any connection
> > that domain has to the IPs in an aggregate report or the IPs or
> > domains in a failure report. If I wanted to send fake gmail failure
> > reports, I would register gmail-reports.com and send 100% perfectly
> > aligned fake reports from that domain.
> >
> I send mail to gmail. I send no mail to gmail-reports. If anything you
> are demonstrating even further that this is at best underspecified.
>
> Mike
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email