Re: [dmarc-ietf] Two new fields in aggregate reports
Brandon Long <blong@google.com> Fri, 25 October 2019 00:53 UTC
Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD95912001A for <dmarc@ietfa.amsl.com>; Thu, 24 Oct 2019 17:53:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.499
X-Spam-Level:
X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C_5DTCbvDIiS for <dmarc@ietfa.amsl.com>; Thu, 24 Oct 2019 17:53:46 -0700 (PDT)
Received: from mail-vs1-xe34.google.com (mail-vs1-xe34.google.com [IPv6:2607:f8b0:4864:20::e34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDB9C120019 for <dmarc@ietf.org>; Thu, 24 Oct 2019 17:53:45 -0700 (PDT)
Received: by mail-vs1-xe34.google.com with SMTP id p13so353599vso.0 for <dmarc@ietf.org>; Thu, 24 Oct 2019 17:53:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TY8ombJovOk5g5dLwUXMxewC4BVIFuXj7phSAE89rKg=; b=Pea4RG29dqW0Vj7v34TO8YZowuFOVZXRjuBZ7tkb2elv63eka0wpU/klSkryJTeD1K lebiL5DtYEDL731QeT4f2MDap1zzCmSc3pLRpKmjHL0kbxhl/z70PVvtaG7o6b9NlCZj ycZQfsiY3nfas0M6PXlFnTGE4kTDQT6l0osFThTJRZmdyByCNJai84K0n1FY0CWSBZQ4 FfvIwNezLuocgg8p1pPGpi8dq3i5CGLmlhw4Wo8mGQX0Nz4+vde0ke0NRXpdixFwqZ35 4P3noKRk5NmagETa3DrIaKGuJ8lALX7MtHBps6nTOu/bMjXMlGHRpo4afYtY+vFzwvNi p13A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TY8ombJovOk5g5dLwUXMxewC4BVIFuXj7phSAE89rKg=; b=itoEmxzQN8wEFYhf4pPkLOQLMJbxQwzZjMHqjl5bIzLaDlat591fKXgnRsjzVU+Y0e 6DJfuMwElpyXKl+7icUHLQviPxzsOym9YmFu89Hs9tezX2MqVyy/UvAPYFroQKP3VySb NukpX9/QtiRGTAcM68bw6yMqE6OwaEV2cvXWuFR4d2/VGHvgaDIqvWU2YGRjfP131ev1 hJkKdJI7ht8WglwX9RX0R1yS5opUYKXxnWvdkWMrR44Lak+qV7vD/O/tuTz/AIC9a8Aj yW9Z2uRcS9NKNCOG7qjQ+670dzAR1Nvqq4yi/iVe6sEn0Qn5UcvpMlhQ1hvk0DYExvfd rhIw==
X-Gm-Message-State: APjAAAUzjzrumNXs3NXsQ2W7zkX7K95t6LR/vQl4KVwS2Hk5mqCFC+ba liEVAj3F+v/52TP2Oo+XiZKncwTFU02Wmh9Rw0KhauY=
X-Google-Smtp-Source: APXvYqyuUVYhekibhTE3rJ71S4tG3KHleT2F+2xhzJjDhdtbG3Nwpw6NdgDNMSQF2CBlfoQjBEE3mFvuebM/nQa2NE4=
X-Received: by 2002:a67:edc9:: with SMTP id e9mr589384vsp.76.1571964823977; Thu, 24 Oct 2019 17:53:43 -0700 (PDT)
MIME-Version: 1.0
References: <2c9f5a36-105f-22bd-2029-cb66867355c2@tana.it>
In-Reply-To: <2c9f5a36-105f-22bd-2029-cb66867355c2@tana.it>
From: Brandon Long <blong@google.com>
Date: Thu, 24 Oct 2019 17:53:32 -0700
Message-ID: <CABa8R6uJeP2HRb3G0WrGBYkDTXDhJFmbLV92_fqV1ikw7Zk0Zg@mail.gmail.com>
To: Alessandro Vesely <vesely@tana.it>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ef668f0595b1949a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/izyOTcAsPuxMCEMHdle9jc8OWxc>
Subject: Re: [dmarc-ietf] Two new fields in aggregate reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2019 00:53:48 -0000
On Thu, Oct 24, 2019 at 10:55 AM Alessandro Vesely <vesely@tana.it> wrote: > Hi all, > > it is difficult to tell what is each aggregate report's record. It is > easier > if the source IP is known. Mailing lists can be told by their (unaligned) > SPF > domain. Otherwise, it is difficult to tell abuse from legitimate users > using > the wrong server. > > Getting a failure report for each source IP is not easy, because few > mailbox > providers send failure reports. > > In order to ease the understanding of aggregate reports, I propose two > additional per-record fields: > > > *score*: The average score of the messages in the row; let's say an > SA-like > number (< 0 good, > 10 bad, values in between may be worth human > inspection). > This assumes that your spam system is able to make a spamminess score that approximates a continuum, I'm not sure that's true. Also, it's a lot of spamminess feedback, not sure if that can be abused or not. Also, as rejected at smtp time, especially for DMARC, we're unlikely to have run a full spam assessment on the message. > *list*: An enumerated type, for example "none", "black", "white", "both", > indicating if the source IP is listed in some public or private DNSxL that > the > reporting MTA uses. > At first I was wondering if you were going to have the values of the list-id header. That said, though I've never used any DMARC aggregator services, I would think that one of the values they're likely to provide is IP address identification, useful so you can hunt down what things aren't sending DMARC compliant email yet (ie, looks like you're sending mail from ESP A and ESP B, fix those)... they can just as easily use the various public IP reputation sources. Anyways, I doubt we'd expose anything internally... also, this is kind of the opposite of the spamminess score, in that it expects that things are black & white, and we virtually never classify things as such. Brandon
- [dmarc-ietf] Two new fields in aggregate reports Alessandro Vesely
- Re: [dmarc-ietf] Two new fields in aggregate repo… Brandon Long
- Re: [dmarc-ietf] Two new fields in aggregate repo… Alessandro Vesely
- Re: [dmarc-ietf] Two new fields in aggregate repo… Дилян Палаузов
- Re: [dmarc-ietf] Two new fields in aggregate repo… Kurt Andersen (b)
- Re: [dmarc-ietf] Two new fields in aggregate repo… Chris Wedgwood
- Re: [dmarc-ietf] Two new fields in aggregate repo… John Levine
- Re: [dmarc-ietf] Two new fields in aggregate repo… Seth Blank
- Re: [dmarc-ietf] Two new fields in aggregate repo… Chris Wedgwood
- Re: [dmarc-ietf] Two new fields in aggregate repo… Dotzero
- Re: [dmarc-ietf] Two new fields in aggregate repo… Alessandro Vesely
- Re: [dmarc-ietf] Two new fields in aggregate repo… John Levine
- Re: [dmarc-ietf] Two new fields in aggregate repo… Alessandro Vesely
- Re: [dmarc-ietf] Two new fields in aggregate repo… Dotzero
- [dmarc-ietf] DMARC domain, was Two new fields in … Alessandro Vesely
- [dmarc-ietf] Purpose of aggregate reports / Re:Tw… Дилян Палаузов