Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help

Todd Herr <> Mon, 25 January 2021 20:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D37523A186A for <>; Mon, 25 Jan 2021 12:08:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DXISk71lBLrH for <>; Mon, 25 Jan 2021 12:08:39 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CEDE73A1868 for <>; Mon, 25 Jan 2021 12:08:38 -0800 (PST)
Received: by with SMTP id o18so10612397qtp.10 for <>; Mon, 25 Jan 2021 12:08:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=TQxz3IzuDm9EiiKBlSUzMvsvH22Cl1Rm/EOopvzymPc=; b=bT4MwNKM6/ORz5umoJas7iED8wxZeN2y3E/F7knflT7L7ENL/2aDGCaJS6/dYRf273 a3M3dkeRoawBJwg7siLytcwjyFtp9CgDO+peOXKZgO1kSK8xMcJZhUJ3TKCIhErK1fq0 jpMOwqRONvq+3J2/g8igjEtLV23Iu0gpPGaQdLgyoKORdNOkknzhaeHuI0NDhZN3oKb0 4634gZVy1oOGXEsLvrad9dgm2Vd/pGF7xiY18bn27SR53q9wflJ6BAe4HahUGxELqvV6 AgsirattaVnsMTL5K7Y7TQlkSYpdTfVTNgy4mIqLXw5pF0FhKBvbnr8WsDWkvc9qScbG bE2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=TQxz3IzuDm9EiiKBlSUzMvsvH22Cl1Rm/EOopvzymPc=; b=ps8YFA1YleKRCDIhcPC8RCyQ7UVmL4XBGxl7kaawAfuX8lQF9sQsxzV0digGqgAJen 7sDNS2PnuiBuLxLEh7VyfEdVTngFdROuSbHz+8PjlnKPIsd63jcAcI8ur/1KgKP3YJ28 iWZQ7i1kBT5BHcxKX3WArOhHcAEzis8pg5BHD9AFMflCdkDOhWFF5SirIVmb+DZ/J/tY J0+o4lQ3lcnRU8aNiqeXmjSd3I/85x3K5FfPdjvcUOBB9y2T+q6bpPZMZ4hyL8Y1d5Lg il1apUwnimEcUmwfYTrFBIg9tzAK3lXxFh3KiG2W+PMIguUSWaecY+WYNkrjMG/C5KCo EIfw==
X-Gm-Message-State: AOAM530FNrQKb8Rw7GH5WU8/ScsDiE8e2dd31rxAsr+pFwKKQD5Hmw0q CET2D1zW8LJ50WFt9JqN+q1PFLAOneA42qVzcIeWu0jQNRg=
X-Google-Smtp-Source: ABdhPJxkmfZGfkwc1u6AEuoetwEqXkE/SwDxgWcDGgAby2wA4D/ZN0NwBzjeOUxqzMx1aIs54FGGvMwhpVnpWrTcZcI=
X-Received: by 2002:ac8:4a82:: with SMTP id l2mr2193488qtq.298.1611605317407; Mon, 25 Jan 2021 12:08:37 -0800 (PST)
MIME-Version: 1.0
References: <20210125195231.E0DE16C13E26@ary.qy> <>
In-Reply-To: <>
From: Todd Herr <>
Date: Mon, 25 Jan 2021 15:08:21 -0500
Message-ID: <>
Content-Type: multipart/alternative; boundary="000000000000766a1305b9bf1ad7"
Archived-At: <>
Subject: Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 25 Jan 2021 20:08:41 -0000

On Mon, Jan 25, 2021 at 2:56 PM Michael Thomas <> wrote:

> On 1/25/21 11:52 AM, John Levine wrote:
> > In article <
>> you
> write:
> >> -=-=-=-=-=-
> >>
> >> DMARC alignment on the report seems of limited value unless it is
> aligned
> >> to the domain being reported. ...
> > I'm getting the impression that some of us have not looked at any DMARC
> reports.
> >
> > Aggregate reports contain the domain of the reporter, and the domain
> > of the sender to whom they are sending the report. They do NOT have
> > the domains to which the messages were sent or where they were
> > received, which are often different for forwarded or mailing list mail.
> >
> > For at least the third time, there is no "domain being reported". When
> > I get reports from Google or any other multi-tenant mail provider,
> > they do not say to which of their gazillion hosted domains the mail
> > was sent. That is not a bug, and it's been like that for a decade.
> >
> Sounds like a bug to me and an issue should be opened. Just because it's
> a 10 year old bug doesn't mean it's not a bug.
I disagree.

Authentication results should not differ at a given provider based solely
on the destination domain, so there is no reason to report results
separately for each destination domain. Further, there's no value to the
report generators, especially at large sites like Google, to expend the
resources necessary to generate and send X reports when one will do.


*Todd Herr* | Sr. Technical Program Manager
*p:* 703.220.4153

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.