Re: [dmarc-ietf] Forensic report loops are a problem

Juri Haberland <juri@sapienti-sat.org> Sun, 17 January 2021 17:19 UTC

Return-Path: <juri@sapienti-sat.org>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83F443A12A6 for <dmarc@ietfa.amsl.com>; Sun, 17 Jan 2021 09:19:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.362
X-Spam-Level:
X-Spam-Status: No, score=-2.362 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.262, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sapienti-sat.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dAPMkghKUv-U for <dmarc@ietfa.amsl.com>; Sun, 17 Jan 2021 09:19:22 -0800 (PST)
Received: from batleth.sapienti-sat.org (batleth.sapienti-sat.org [IPv6:2a01:4f8:221:43c5::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 016A03A12A3 for <dmarc@ietf.org>; Sun, 17 Jan 2021 09:19:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sapienti-sat.org; h=content-transfer-encoding:content-language:content-type :content-type:in-reply-to:mime-version:user-agent:date:date :message-id:from:from:references:to:subject:subject; s= dkim20170413; t=1610903958; bh=r8VhK0MEX4Ca85Gz1/4UI2XMVA4BOM/cA XqX8pfw4xM=; b=ehULrDQHLEYTwwIieWYEbzcb8zt+U3a8u0v9awTMfCIt5QRMP FDXX5XuvGKAuEiPp+vNOKvKyvl6UocgpBRBqX9HpmQC3Ew0pSBQq9qaug2b59KWg /Ya/ACsTNOS27ORaWcJksFu9VN1eDC/LpowsCcEw7We1zZcHq9gZquKrQS7Y9A4h uKUO5cvFm1Ea59XhVqm1PnKz/8Lx6kiZBjtMsOhbECTpKRF8B2Q/esmfmH02PPbE /EmQJUdoHrX1Y9Re/tEY/yUfsOTOd4lttgYG1g8zIMX4Cscnc4P7ahPtvVDJKh+h 0EpkJOmOxqp6C3k6kzSkkq1mI8nZKXtHUrNbw==
X-Virus-Scanned: Debian amavisd-new at sapienti-sat.org
Received: from [IPv6:2001:470:6d:e38::21] (stargazer.home.sapienti-sat.org [IPv6:2001:470:6d:e38::21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: juri@sapienti-sat.org) by batleth.sapienti-sat.org (Postfix) with ESMTPSA id 5782633E13BA for <dmarc@ietf.org>; Sun, 17 Jan 2021 18:19:18 +0100 (CET)
To: dmarc@ietf.org
References: <CAL0qLwaZx97cztehz_o=cCVZRbEP_yFVS9hTqWDKg7cMgjNvFg@mail.gmail.com> <20210116034026.5C93F6AC0428@ary.qy> <CAL0qLwatEsNrfF5GeWoVhrk_By8K84mYdBNOUFiN7cBaAch8JQ@mail.gmail.com> <3d6db975-4d52-94f0-5ca0-213234d53773@taugh.com>
From: Juri Haberland <juri@sapienti-sat.org>
Autocrypt: addr=juri@sapienti-sat.org; prefer-encrypt=mutual; keydata= mQGiBEpkkU0RBACvs80AZxmG2dlbE8uFuRtWaGbvdlTKzwn4s37Sc98yNzDr57btydCdasf8 OvctyUrngCuC/JmBDw9MpNVVRJ2lLOSi7r5JgjXSbpeW95UKUnQk2m/+nRkNPrKY0FXhP4VE 04lmV3vb0cKpi3Iuceuc4U/PkwlbfzvMCqMJp/zGGwCgqnxsnNu+MOEPB1zum0pT1ZmZptEE AJkzjTYdnt4zarO0K8Yk9BMy39puGMuW6HD4MiN1DfkqH9RYe7qh6L8DasmSed/TlVNpsH+y fdhwD/9f+8Ifc1vpFjgcm9mEmJqyjpQTKG9oQE1KpcnHXKwG/Gr/lXrQbgiiungc+d18tafN yAKQfmkKIDqFVmKPjlOJHWYN7qlKA/0R3/6RyerO84hsLt6jFWeOm/9KEh6WfnoooDQhAq7M sFjCNUoF32x/hpabB9MqF6vcl/Ka8Dmdj95Ae10K9MD5L7TNaWkL7FepFptcCkHonLQQM4E2 vDAJtyyKUaQiOPw80oEOMISXzQD78Vbg6Q9nmsmkpuSAUVTqUksTTwtnNrQmSnVyaSBIYWJl cmxhbmQgPGp1cmlAc2FwaWVudGktc2F0Lm9yZz6IYAQTEQIAIAUCSmSRTQIbAwYLCQgHAwIE FQIIAwQWAgMBAh4BAheAAAoJED9MVq+NNYZCRlAAn38ddF0pjwOZR0VyoIe4UpfpZV5fAKCO o87TVyYoBYwru4hunuVMOpXgG7kCDQRKZJFTEAgAoBRVOPPgl3foNLJn+C8QnuExrwKdeguE 5l2lSw3Fummo9CQCN72gYrqMNksFeIcoWAWclm/8bA551KWum8g2TjTA7NuVdIvzahr8MFGi oBNktr1GLAJ2SNpzyUA3fICIJqXdUdlvnjk4olQE6ACylbxDT+2x5HVzvhxw1fvz4c4JRvnP J1q2/LMu6sgBta6cgVTzYzBvxf1JyjbHsFKZSJZ+3JO3AO5y40XbU+EZVT60ChbU8GCJEVer 2RFlYfYSdniSxgQPuYVxZsfXgQlv0xQ3QTTDLU9jpJJX4EfwfWaio01X3l8QqIBtVpu07ZXI klOJk1QXC3HDIhAt/uGdVwAEDQgAmK0fEhrg/HY2Zs2VXIkWViS8I68sAw/GRGAsif0pkHTx dQ2oEZYMK1bNW7VFBphby554hUAmvwcCCUso0INqiw0sXs6ZARL3nT6QPc3uU0jMFpg1cWHf yElUopAR0S0kxVfShE3fNKOnizTPcRboCLOVZzuM1BxVO55Dkc9fPX1zik9hzJjbG4bzEqNG cg7+EY0YqeEVFccyRXsjvFRTl4ckvCMhsyqGwE8AnwFOYJXqfbLjEDSBngblniWTEjZ47t5p rN6sri7+sWIUaybzdINKGZMijndTVccMtRvbbx62+0dRoxUV2GIrNcCOvQ7e5Q4/vL8okoK9 MZMUWQnUeYhJBBgRAgAJBQJKZJFTAhsMAAoJED9MVq+NNYZCX74An2lQsova+seE0su7vK2y GGyRrnQdAJ9nvrSrslx2qcHkRycgYoFozVkRsw==
Message-ID: <fe31989b-07a0-56fe-af6d-737182d3077e@sapienti-sat.org>
Date: Sun, 17 Jan 2021 18:19:17 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <3d6db975-4d52-94f0-5ca0-213234d53773@taugh.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/jvHui5jZaM3MVIQ74gf-JucdFlw>
Subject: Re: [dmarc-ietf] Forensic report loops are a problem
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jan 2021 17:19:24 -0000

On 16/01/2021 23:20, John R Levine wrote:
>> What I'm concerned about is that since this has come up before N times
>> (for, admittedly, some currently small value of N), we've seen enough
>> disparate cases of it that we may be missing something bigger, and if so,
>> doing something defensive in the specification would be prudent.  There's
>> smoke here, and there may be fire.
> 
> OK, thanks.
> 
> My guess is that if we can track it down it is likely to be "my software 
> is buggy so I want everyone else to work around it."

The cases that I had to deal with were misconfigurations on the other
side. I had to put these senders on some kind of ignore list to not send
out failure reports for their failing messages. That stopped the loop.

Regards,
  Juri