Re: [dmarc-ietf] Report bombing is a prolem, Forensic report loops are not

John R Levine <johnl@taugh.com> Mon, 01 February 2021 16:29 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F43D3A12BC for <dmarc@ietfa.amsl.com>; Mon, 1 Feb 2021 08:29:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=O3wbwxNn; dkim=pass (2048-bit key) header.d=taugh.com header.b=CIGSN9ot
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fn08JCZ1Jx5g for <dmarc@ietfa.amsl.com>; Mon, 1 Feb 2021 08:29:26 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36BF73A12BB for <dmarc@ietf.org>; Mon, 1 Feb 2021 08:29:25 -0800 (PST)
Received: (qmail 70410 invoked from network); 1 Feb 2021 16:29:23 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=11308.60182c63.k2102; bh=QZPcsx1K+A0w9mVyZ43S9nPnxoKyyYfrsGt2Mm6F67Q=; b=O3wbwxNn7J1P3MNYC+U7L4Il++Ww3foYN1wBxqjpFKTm0hN3coem/YAD8QUmyBRe5BInjUulzIKk4t1kzUyehPYCC0iYfJqs07y7W84otC28k1kcHwbNkL7X+HuDNGxyv9VUskB84Od2G8mx/we6ObCKtjCxL/UCTnfT4EMvH57IBpFjdbD1DHC1k01EvPE+DEP/irneB4WzdUdmONE1yh5jeh55M1ojPnlhBGWi5srAzNLDVCSD13ixd6TG3SQxPyWnSBDu/BIojcVvgMuEJxQSJXVwca8e4wP8h2Kw1w8J5Oi1JvrcovdXNHRVcbVwJwCAvd/2eTZmcwkItZRPOg==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=11308.60182c63.k2102; bh=QZPcsx1K+A0w9mVyZ43S9nPnxoKyyYfrsGt2Mm6F67Q=; b=CIGSN9oteGGG18YdcC4w8Zg29M4HkouAR9Fu6pYqYgz5dTaeSo8AHO5bRD9Ednxi6gGEQZLIVe/DrdJiAOka6YLNzZ5QUDBeaoSPkWwOmYswO9JHEx0MTdmYIWtTayr6joNLweU4P054XGIlL9zdbug+XRp11mkphe6z1uS7v6FBpd5CI7QqbKW8M8s29QDCI3fQpAY3JUBnswVVfr5OuHflXfZHZWEnvCUfkKbVHUkbyN++kqOTuBFTP3DgEMTjHCYcxSS2KOn8McPDrl+0VQm9OwzFoClg3rpuUlgt0wBMV7a6Cb+dn4srqf+wFBbvwhWI0RtXqOQud1X1w84pKw==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 01 Feb 2021 16:29:23 -0000
Received: by ary.qy (Postfix, from userid 501) id 388F66D1C56E; Mon, 1 Feb 2021 11:29:23 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id 380246D1C56D; Mon, 1 Feb 2021 11:29:23 -0500 (EST)
Date: 1 Feb 2021 11:29:23 -0500
Message-ID: <41bc91e9-8c9a-e2bd-a351-602436f3f5bb@taugh.com>
From: "John R Levine" <johnl@taugh.com>
To: "Alessandro Vesely" <vesely@tana.it>, dmarc@ietf.org
In-Reply-To: <e7e27e1f-b6e6-96b6-e12e-672084562b8a@tana.it>
References: <20210131200238.931356D11D79@ary.qy> <e7e27e1f-b6e6-96b6-e12e-672084562b8a@tana.it>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/j9lIyVCAhSArDXwk6CJB5ZbbPeA>
Subject: Re: [dmarc-ietf] Report bombing is a prolem, Forensic report loops are not
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2021 16:29:28 -0000

> 3.3.  Transport
>
>   Email streams carrying DMARC failure reports MUST conform to the
>   DMARC mechanism, thereby resulting in an aligned "pass".  Special
>   care must be taken of authentication, as failure to authenticate
>   failure reports may result in mail loops.
>
>   Reporters SHOULD rate limit the number of failure reports sent to any
>   recipient to avoid overloading recipient systems.
>
> Not MUST?

You might have other ways to prevent mailbombing, e.g., only sending 
failure reports to people who you know have bigger mail systems than you 
do.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly