IETF Logo Mail Archive

Re: [dmarc-ietf] Fwd: Eliot's review of the DMARC spec

"John R Levine" <johnl@taugh.com> Thu, 23 May 2013 23:11 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2966721F9401 for <dmarc@ietfa.amsl.com>; Thu, 23 May 2013 16:11:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iAymvlzzLncW for <dmarc@ietfa.amsl.com>; Thu, 23 May 2013 16:11:51 -0700 (PDT)
Received: from leila.iecc.com (leila6.iecc.com [IPv6:2001:470:1f07:1126:0:4c:6569:6c61]) by ietfa.amsl.com (Postfix) with ESMTP id D559C21F96B4 for <dmarc@ietf.org>; Thu, 23 May 2013 16:11:46 -0700 (PDT)
Received: (qmail 47132 invoked from network); 23 May 2013 23:11:46 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=b81b.519ea232.k1305; bh=aUV2SZht8mUZ+L6DGmoIzP1bpuqXP8tr01ImVVxXBL4=; b=FjUhf+vBXERjKSgbNEwT7xzpfsHIrgh37ArNuYT3FrezeblcTJ4XFA68xm8FRXTLFFTRjHCignH1R7vpvYL2n2oPhqFM2fu7jZJilsDdnMVpSQT80+QHH8qdE+z5ZqrQAbNEB5bpJcdgaSjyXkRtXdefhoQkNdelZLdSoF6DGB8=
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=b81b.519ea232.k1305; bh=aUV2SZht8mUZ+L6DGmoIzP1bpuqXP8tr01ImVVxXBL4=; b=TI5WHIK9S8AxVZv4Pn99SVyeDTXv/MAB6+EW8hBR1jPW8/ZjPK9vVkgkMc/68FZk+E7+7wr26y4JFu1CjRd13Y6xFjrA8wodtGcq69L8aQbhI25hwkizHPFe7OzCKK4e6nR9Xr5WDpxXadnr/07Edgk9wz0Z9NBtCPlWG268oeg=
Received: (ofmipd 127.0.0.1); 23 May 2013 23:11:23 -0000
Date: Thu, 23 May 2013 19:11:45 -0400
Message-ID: <alpine.BSF.2.00.1305231859220.27371@joyce.lan>
From: John R Levine <johnl@taugh.com>
To: Matt Simerson <matt@tnpi.net>
In-Reply-To: <A3033A6D-B42B-48B9-90C4-FEA9621F2A95@tnpi.net>
References: <20130523181505.26913.qmail@joyce.lan> <A3033A6D-B42B-48B9-90C4-FEA9621F2A95@tnpi.net>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Cleverness: None detected
MIME-Version: 1.0
Content-Type: MULTIPART/signed; protocol="application/pkcs7-signature"; micalg="sha1"; BOUNDARY="3825401791-1021801674-1369350706=:27371"
Cc: dmarc@ietf.org, Eliot Lear <lear@cisco.com>
Subject: Re: [dmarc-ietf] Fwd: Eliot's review of the DMARC spec
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 May 2013 23:11:52 -0000

> I wonder whether DMARC shouldn't be two specifications? It seems that 
> the validation portions of DMARC are well defined, straight forward to 
> implement, and could easily be implemented by most modern MTAs (whether 
> by milter, Amavis, or SpamAssassin).
>
> The reporting aspects OTOH, are complex and encumbered with technical 
> issues, security issues and sticky legal questions about information 
> disclosure. While the reporting is valuable, its value will certainly be 
> diminished by the number of organizations that implement it.

I don't see any benefit in that.  I expect the spec will be somewhat 
shorter when we're done, and in most cases I expect that people who 
implement one will at least partially implement the other.

>> I implement it as perform policy if (time mod 100) < pct, which I
>> think is what everyone else does, no DMARC state needed.  It's worth
>> mentioning this as an adequate implementation.
>
> I implemented with rand:
>
> $result->reason( type => 'sampled_out' ) if rand(100) >= $policy->pct;

rand() is usually seeded from the stuff including clock so it amounts to 
the same thing.  The point of course is that you can do the percent stuff 
by rolling dice, not by a rolling average.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
"I dropped the toothpaste", said Tom, crestfallenly.

v2.23.0 | Report a Bug | By Email