IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC2 & SPF Dependency Removal

Tero Kivinen <kivinen@iki.fi> Thu, 15 June 2023 13:42 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3F8EC14CE55 for <dmarc@ietfa.amsl.com>; Thu, 15 Jun 2023 06:42:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.1
X-Spam-Level:
X-Spam-Status: No, score=-7.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iki.fi
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mKYy_Adhwt4l for <dmarc@ietfa.amsl.com>; Thu, 15 Jun 2023 06:42:25 -0700 (PDT)
Received: from lahtoruutu.iki.fi (lahtoruutu.iki.fi [IPv6:2a0b:5c81:1c1::37]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCE33C14CE51 for <dmarc@ietf.org>; Thu, 15 Jun 2023 06:42:24 -0700 (PDT)
Received: from fireball.acr.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kivinen@iki.fi) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 4Qhk4C74rKz49Q1x; Thu, 15 Jun 2023 16:42:19 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1686836540; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fKUsyGgbUI+x1EQbamovrXzRq/JEGr2EsQ4kGdZ5cKQ=; b=U09S1Qk1ciF3f+apGchgYi1SURb64tluzdfRzVEoHTHlhKkWYzja/QjghrpF5z3vZaGfF6 lOtxfxM5rR49etB+k63G9MtqNi0tSGcJME3h26C6MzhTd1s4jGbnn3ZsmpV6HApAu0o3/v +oBHat4hLlhE00gA3sZ/qxQInQ64VVljf6RMp6U6ZMwDDenhuc13eRr5xPM/78FvrTV/jA 5GXJ6NFHe5JSAsB2a3nPtfv7iusl6ZNI4rnPMgU/SpOtqNrse5kgO+S2wuiZMLJbiVuA5X gOhAkIo23L6/FNbzRbqr00AghjawdYQ7+hQgpjCOFrjUZrqWowONkjGRxzsAWg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1686836540; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fKUsyGgbUI+x1EQbamovrXzRq/JEGr2EsQ4kGdZ5cKQ=; b=qMRipQVyWnUgXYc1I8pOqFafJSiWcFhje/0dgjnvVKO1IgiuAN04WgSiC8GYfBlsn+dr/V y909eJsfGLUBgXsCIiOr2yArvsWkahQ22dUTh/EAfpeORBNy+P7SagwfLEVsrfhioVxEBs aFcJoxPs5wfwJowB0LVv0dbzVZGAy8z6ZC5TSbdGO4MmVDR2x36LUiblV0cB2YX3+DrHdn C92RZx1l/Vw6snuxkeVxwrqazatZFoSMljRRwI+ftABG96oKs2MFxwBgYa7ND6O8LwFpq0 oxAw7x4Wfp3gD723UH/tczfxLbK23Ke7VFGKcrXKbAi8uFY53YXB0TXKxGwA9g==
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen@iki.fi smtp.mailfrom=kivinen@iki.fi
ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1686836540; a=rsa-sha256; cv=none; b=dYv3/rrjJ8rK1sRPnLCjkhL1orBoicftVPOmWoY3LGb2zpmd0oORbD381aUcQlhcObX3Hm twcMNZv4q7Uv9p0JOkbl9Pt6x5fHuseSuti4RtRxq3vfs/iHwp0sMO9t3kSBQx+1Kl5JQx MnbPD6lmxV6jMAG2lyx4A+lgj2LtA2f6DolE18eZaos6e6bn7Kf08MuPe83sydL5DUirm3 a6O4h3pHqfGFN31R1LYT89DHn/lu4BxI5dzejVVHf1njyJiJ2sHdiqOw7DMVvOedOLwPKF i23FtzrqlOVW73bKerHGSiunRzIkQGOrnwPtrLewwYwTFMz5Sj3rxNKzDtF74Q==
Received: by fireball.acr.fi (Postfix, from userid 15204) id 96DA725C130F; Thu, 15 Jun 2023 16:42:19 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <25739.5435.550786.601699@fireball.acr.fi>
Date: Thu, 15 Jun 2023 16:42:19 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Alessandro Vesely <vesely@tana.it>
Cc: dmarc@ietf.org
In-Reply-To: <1ec42959-977a-9ce0-907a-83a5eb2b6ef2@tana.it>
References: <30BB83B2-B454-41B8-992B-8E2569802D9C@1und1.de> <D225D7FC-C570-4B63-A694-9F16DB1F33E1@kitterman.com> <CALaySJKwuOK-81dW2H9dtURxa5mLQDUNo+MWcs+Hho8N+yP9qg@mail.gmail.com> <2817813.dRqVH37e0G@localhost> <CALaySJJbPFBAV_7mZaARYWuMzuX+74r2Cm0jD+z92_iuFRn_MQ@mail.gmail.com> <25736.57534.195344.782189@fireball.acr.fi> <1ec42959-977a-9ce0-907a-83a5eb2b6ef2@tana.it>
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 6 min
X-Total-Time: 6 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/j3wobnFVusUnK1ajcXtbovxQxxo>
Subject: Re: [dmarc-ietf] DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jun 2023 13:42:29 -0000

Alessandro Vesely writes:
> On Tue 13/Jun/2023 23:33:50 +0200 Tero Kivinen wrote:
> > [...]
> >
> > As you can see 85.75% of incoming email was already signed by DKIM,
> > and 86.5% of emails had SPF records that passed. So they both have
> > about same amount if usage coming in to our servers.
> 
> 
> What are those 0.75%, some 30k SPF - DKIM messages?  Are there cases of DKIM 
> random failure salvaged by SPF?

My current analysis script does not try to calculate that, I would
need to need to add that step there and rerun the script. If I
understand correctly you would like to see cases where if there is
both SPF and DKIM, the cases where the both, only one, or neither
passed, and how many of those cases would be where dkim=fail, but
spf=pass?

I will try to see if I can run the that check later.

> > 	0.19%	7506	none,pass
> > 	0.15%	5910	pass,none
> 
> How do you order DKIM signatures?

My understanding is that rspamd most likely uses the order of DKIM
signatures in the email body. On the other hand order does not matter,
as if ANY of the dkim checks pass, then the whole message passes. The
reason I printed out the combinations of different dkim results was to
show that there are cases where there is multiple dkim headers and
some of those pass and some fail.

I.e there were:

0.00%	4	pass,fail,fail,fail,fail
0.00%	2	pass,pass,pass,pass,pass,pass

I.e. four emails had five dkim records, four of them failing and one
passing, where another two one had six dkim records all passing. Most
of the emails had oly one dkim record, and those of which had two most
of them were so that both passed.
-- 
kivinen@iki.fi

v2.23.0 | Report a Bug | By Email