IETF Logo Mail Archive

Re: [dmarc-ietf] SMTP Result Codes was -Re: Another p=reject text proposal

Todd Herr <todd.herr@valimail.com> Wed, 12 July 2023 13:11 UTC

Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BF2FC151B09 for <dmarc@ietfa.amsl.com>; Wed, 12 Jul 2023 06:11:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cBNDc_Cvg2pN for <dmarc@ietfa.amsl.com>; Wed, 12 Jul 2023 06:11:54 -0700 (PDT)
Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1D69C151700 for <dmarc@ietf.org>; Wed, 12 Jul 2023 06:11:54 -0700 (PDT)
Received: by mail-io1-xd2a.google.com with SMTP id ca18e2360f4ac-76c64da0e46so237497539f.0 for <dmarc@ietf.org>; Wed, 12 Jul 2023 06:11:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; t=1689167513; x=1691759513; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=1i0YxCA9Q0phjwhJ0st/rlIEmAr+pcYPIRjHgCjeVnc=; b=EkZjLB4Brs9/qiiUE1PIosa0RDpxau+HsQVNGXhgzX9vrZxQHtlwrmA0hJB1nSOU3o CtWw1h8IYail1q0NlXfIytJkEmQO69ysJLkRPVECMeRAEeRY+BnXP5pwwsMjSz8zraUm Mq9n2jFDBu/gNbQNP1gJzs6RCNWc7NMNyUFMzqZhbx4y9X68Iglcg0KQvpKl+FLJA/eE uF17Lhc/orDX5JyAVaTcw2d6Wpd393N4FlJGnInZkrpRPf6FEwYrLm0lc4Spzze728L+ tXIsFExMHmHOiO9v9+05mhwJnpgOPk4yGhCvhplCbSqIXgzEAAKb1c+Y5/uyz01hBOhh J6gg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689167513; x=1691759513; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1i0YxCA9Q0phjwhJ0st/rlIEmAr+pcYPIRjHgCjeVnc=; b=LiGBvlmJNWIhe1AWjr5IaRyAwQ6fk5RZcqnjGdxTmcMyvRZx7rgyl/uNk72UhilwbN Wj7Vy0NjL74HVBNf8Sy7P6TgrMgdn/9qCbp8xfQlTIpFj+3EGEbS+a6PuK2hBtGqztA/ vl72OYcWuMU4Xc2Gm8kHu4352pVhTXRMWHaneUlv4rG7Oi3obJvEwNOzPsN8em/z2/ZI 5R9+YWjwHaOuy8Ge7Ax6xsF0Ytbkzv0aIMlhss100a3C6tpFwixXRgZlV8fBF71H/ENi zqQqdBXiDSXSJZlKERg5oBOBH7yxWDhAYLroIzWadeY+Vkt/iP0YFSWVQb3fK+1VXN1e 9/lQ==
X-Gm-Message-State: ABy/qLY7VDS73mSl9EI2VKu0BQOUdUeeqQrqhfrnKQJHvLkP//ulDzBW yEF30KtgPxWAj+Cv3bMPXneBmviBeO55uIAr2kdONRLf3AucGv9mdxQ=
X-Google-Smtp-Source: APBJJlHpHUlSDZZVT8M10X+qaO7ZKv1kjHyqQiAdQZ5cb8A3fyLGc4v+Nj26f7uRTH4gh4nfGNbXesFcP9muyPSNJSU=
X-Received: by 2002:a92:d383:0:b0:346:c04e:c668 with SMTP id o3-20020a92d383000000b00346c04ec668mr1462865ilo.2.1689167513465; Wed, 12 Jul 2023 06:11:53 -0700 (PDT)
MIME-Version: 1.0
References: <CALaySJJSxpjmi4PgY27afc0iiMwimRtqj3m2NxKud1Bxb33jxg@mail.gmail.com> <2637666.BddDVKsqQX@l5580-debian> <5f7b5e0a-bd1f-1a09-faa8-4af56bf2cd1b@tana.it> <9182698.rMLUfLXkoz@l5580-debian>
In-Reply-To: <9182698.rMLUfLXkoz@l5580-debian>
From: Todd Herr <todd.herr@valimail.com>
Date: Wed, 12 Jul 2023 09:11:37 -0400
Message-ID: <CAHej_8=OzWXbPYqnXMW7jRMUD902UTgCADFwYCLH-QpZaET0kQ@mail.gmail.com>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="0000000000009baa98060049f5cc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/jZxAJPG34xoKUzoTAQni38kMtaA>
Subject: Re: [dmarc-ietf] SMTP Result Codes was -Re: Another p=reject text proposal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jul 2023 13:11:59 -0000

On Wed, Jul 12, 2023 at 7:30 AM Scott Kitterman <sklist@kitterman.com>
wrote:

> On Wednesday, July 12, 2023 7:04:38 AM EDT Alessandro Vesely wrote:
> > On Wed 12/Jul/2023 12:54:38 +0200 Scott Kitterman wrote:
> > > On Wednesday, July 12, 2023 3:29:34 AM EDT Baptiste Carvello wrote:
> > > ...
> > >
> > >> Why? Because it's brittle and will only bring them more headaches? At
> > >> the very least, DMARC would need to use its own 5xy reply code to
> avoid
> > >> the need for parsing the reply text…
> > >
> > > This is a very good point.  The IANA Simple Mail Transfer Protocol
> (SMTP)
> > > Enhanced Status Codes Registry [1] has codes for SPF and DKIM (RFC
> 7372)
> > > and ARC (RFC 8617), but not DMARC.  Adding one is not currently in the
> > > DMARCbis draft, but I think it should be.
> >
> > +1; still, having the word "DMARC" in the text greatly simplifies parsing
> > logs.
> >
> >
> > I noted that Baptiste wrote 5xx, not 5.x.x.  5xx has to be 550 methinks.
>
> I agree re 550.  Also, if I were writing the reject message that goes
> after
> the code, I would include DMARC in it.  I suspect most will for human
> readability, but programatically, I'd use the codes if present.
>

Google uses 5.7.26 for the purpose (and for SPF and DKIM rejects):

https://support.google.com/a/answer/3726730?sjid=16541570162287939258-NA

Their use of 5.7.26 seems in keeping with IANA - Multiple authentication
checks failed - since in order to fail DMARC, both SPF and DKIM must fail.

https://www.iana.org/assignments/smtp-enhanced-status-codes/smtp-enhanced-status-codes.xhtml
-- 

*Todd Herr * | Technical Director, Standards & Ecosystem
*e:* todd.herr@valimail.com
*p:* 703-220-4153
*m:* 703.220.4153

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.

v2.23.0 | Report a Bug | By Email