Re: [dmarc-ietf] Is there any recommendation to send DMARC message-specific failure reports FROM:<> ?
Scott Kitterman <sklist@kitterman.com> Mon, 27 May 2019 04:46 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D08A120114 for <dmarc@ietfa.amsl.com>; Sun, 26 May 2019 21:46:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=G36v3eW1; dkim=pass (2048-bit key) header.d=kitterman.com header.b=HMYsWo4V
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 031h_okegd74 for <dmarc@ietfa.amsl.com>; Sun, 26 May 2019 21:46:42 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 532461200EB for <dmarc@ietf.org>; Sun, 26 May 2019 21:46:42 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 56B3EF80820; Mon, 27 May 2019 00:46:40 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1558932400; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : from; bh=zMlJv6quWS9RoO8D0Ojw74d5mCyspCYhZ2zdGT/ZLE8=; b=G36v3eW1sDfk0hUS2pnzpWEP2MxfVK/wA9bHrpDA+lwkfUh7sjRzEBuA Iiaxj+LEN3Ki1yn5LrCfcd4bg1s8CA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1558932400; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : from; bh=zMlJv6quWS9RoO8D0Ojw74d5mCyspCYhZ2zdGT/ZLE8=; b=HMYsWo4VfiguR2t5K7YfIEvFxsfxDIxcfMrgPXN6FFXY37KfB/ATixHi OFbdI9nG5Xhfu+6Q9Plg6wXWxJ4UHkAVH5jowOTLL6LBfvsLzAWgvhoL+2 8jaL5wdBXUwEA1V1+vj1IGdLtF2n65zaCrYiqzR3IbV2Mgsv/ymNHstLdM MiZg3esbTRyDvQMPgKK2hGtuUU8XnOiBjl0q6WYkRfTZDB5dz0EBNU3VVN JYLAVPdKdCqlxhwvBo68gTr25Wdnu7sMnsCCeIgCSOWqn7o/tLrYGVxSjH Y3M2MkRw1AjcWYwwOXNFhSzZspuEbH3GJhTrhk4iO+r0IOciWxcKUQ==
Received: from [192.168.1.184] (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id 1D598F8074A; Mon, 27 May 2019 00:46:40 -0400 (EDT)
Date: Mon, 27 May 2019 04:46:38 +0000
In-Reply-To: <20190526190056.Horde.eosw0oHN3SdnNASHChwrn88@webmail.aegee.org>
References: <20190526050958.Horde.6VaAxRZKGLqyeJ4Uov0vrXR@webmail.aegee.org> <20190526144439.C059D2014A0B4D@ary.qy> <20190526190056.Horde.eosw0oHN3SdnNASHChwrn88@webmail.aegee.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To: dmarc@ietf.org
From: Scott Kitterman <sklist@kitterman.com>
Message-ID: <08EEA97F-F915-4DC1-A88D-FD7CEB71533B@kitterman.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ih_oQrP__6j-0aHDtyNdECgP44s>
Subject: Re: [dmarc-ietf] Is there any recommendation to send DMARC message-specific failure reports FROM:<> ?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 May 2019 04:46:44 -0000
They should publish an SPF record for mail.modernwebsite.pl. Publishing SPF to support HELO checks has been recommended since before RFC 4408. I'm pretty sure that avoids the problem. You'd get an SPF pass and it would align. Scott K On May 26, 2019 7:00:56 PM UTC, Dilyan Palauzov <Dilyan.Palauzov@aegee.org> wrote: >Hello John, > >at SMTP level the server communicates EHLO mail.modernwebsite.pl and >ENVFROM:<>. There is no TXT record for so SPF >fails and cannot align. > >The email itself contains “From: MAILER-DAEMON@modernwebsite.pl (Mail >Delivery System)” without DKIM signature. ⇒ DMARC validation fails. > >You can give it a try and send yourself a message to >“postmaster@modernwebsite.pl”, the answer will be ><template@modernwebsite.pl> (expanded from ><postmaster@modernwebsite.pl>): > unknown user: "template" > >Unfortunately I had another loop back in September 2018. I do not >remember the details. Given that this can happen again to somebody >else, it is better to have recommendation sending the message-specific > >reports with FROM:<> or NOTIFY=NEVER, or at least some text >elaborating on the attack. > >Regards > Дилян > > > > >----- Message from John Levine <johnl@taugh.com> --------- > Date: 26 May 2019 10:44:39 -0400 > From: John Levine <johnl@taugh.com> >Subject: Re: [dmarc-ietf] Is there any recommendation to send DMARC >message-specific failure reports FROM:<> ? > To: dmarc@ietf.org > Cc: Dilyan.Palauzov@aegee.org > > >> In article >> <20190526050958.Horde.6VaAxRZKGLqyeJ4Uov0vrXR@webmail.aegee.org> you > >> write: >>> Hello John, >>> >>> in case of modernwebsite.pl: >>> >>> DNS TXT _dmarc.modernwebsite.pl is "v=DMARC1; p=reject; pct=100; >>> rua=mailto:postmaster@modernwebsite.pl; >>> ruf=mailto:postmaster@modernwebsite.pl; aspf=s;adkim=s;" >>> >>> Emails to postmaster@modernwebsite.pl are answered with “Undelivered >>> Mail Returned to Sender”. The answers do not align to the DMARC >>> policy reject, so a new message-specific failure repot is sent. >> >> Just out of curiosity, where do the reports come from? I see their >> SPF record says "mx a". >> >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc > > >----- End message from John Levine <johnl@taugh.com> ----- > > >_______________________________________________ >dmarc mailing list >dmarc@ietf.org >https://www.ietf.org/mailman/listinfo/dmarc
- [dmarc-ietf] Is there any recommendation to send … Dilyan Palauzov
- Re: [dmarc-ietf] Is there any recommendation to s… John Levine
- Re: [dmarc-ietf] Is there any recommendation to s… Dilyan Palauzov
- Re: [dmarc-ietf] Is there any recommendation to s… Grant Taylor
- Re: [dmarc-ietf] Is there any recommendation to s… Дилян Палаузов
- Re: [dmarc-ietf] Is there any recommendation to s… John Levine
- Re: [dmarc-ietf] Is there any recommendation to s… John Levine
- Re: [dmarc-ietf] Is there any recommendation to s… Dilyan Palauzov
- Re: [dmarc-ietf] Is there any recommendation to s… Juri Haberland
- Re: [dmarc-ietf] Is there any recommendation to s… Scott Kitterman
- Re: [dmarc-ietf] mail loops, Is there any recomme… John Levine