IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #61 - Define and add a simplified (redacted) failure report

Seth Blank <seth@valimail.com> Thu, 10 December 2020 04:29 UTC

Return-Path: <seth@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E46A23A0A3B for <dmarc@ietfa.amsl.com>; Wed, 9 Dec 2020 20:29:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h8AS51BAlM-5 for <dmarc@ietfa.amsl.com>; Wed, 9 Dec 2020 20:29:08 -0800 (PST)
Received: from mail-ua1-x929.google.com (mail-ua1-x929.google.com [IPv6:2607:f8b0:4864:20::929]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D831B3A0A2D for <dmarc@ietf.org>; Wed, 9 Dec 2020 20:29:07 -0800 (PST)
Received: by mail-ua1-x929.google.com with SMTP id t19so1289349uaq.1 for <dmarc@ietf.org>; Wed, 09 Dec 2020 20:29:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=N1mI/SZ5h00kC7RT4zZl1mGympLdTiahHexqd2iEaXk=; b=XmoKTvXm6chwk/u7W0GOxdOYTUwQDDyG8MQ+7c8KaNHSbrFtMnchYu9CkvtZGHVtOC VHxxQ2YjUVJ2tQiLsCkb9ySzyouekvqB5WS/n1f/61sIFxUwimFEdg9hGo+7RrgIUKYg pB+nbtWV/v+nxfJ7hcQTx7DzNx04sgUyscYHxEfj1E4dIkHtmQPEJMeaMewTrNgs+8tQ nu4u/zgjqvZRTGPGRN4Ipg9jjZcXDWyV9wAQM+asirqwf1WgtjM5fYhF3awhoiCD3IUd pwUxBFl9H85exe8ai948J8oIJp9+LUgHjPJh9Ms22SnoJEj791d+Um9WT1EsuGusA/Pa GuKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=N1mI/SZ5h00kC7RT4zZl1mGympLdTiahHexqd2iEaXk=; b=jVoKMjyqGmdgMHRHIfjqU22pcq0w9eDVRUvNzcor+rdJYTl9plnHJXAdK+A9c8MT+h 43MORLWmklM51TIeSGFoITW0QTHxRUogevzhW7dp22lU6ZpxGN4n++5g+9i9mzHLnUqF hFQj8ztAjhgwEuPmQeORxyt/5lz55LIW2SYEeBT78Qdkt1X3hMXx6lvewiKUmRrLdzUU NnioFADEqzyydQ08PbLKkYaDW/cn6mU0Kd7DmOT/tou2OzhZmmexhlkAVK4T/0cy978I H/pKW8E0IOgwC3kcwypVBdswYMV1qrLFSXiwBHO1DDoew/u+gB+XlzdbfyT3ocCg7bpD F1Ow==
X-Gm-Message-State: AOAM532q2XnArV2PHb4R29stzHqct3KMWFq3ubeItWFuV8rakDGux4Cb Cwu4A4qQokGJ4ipA1u4CCpDrO+73m1PqPorV4nwsOj0bBtA=
X-Google-Smtp-Source: ABdhPJwl5dSHWzRWapEjGVob2cD/sULVKKCBggWok4FqiLC4/xeIBYLEqNGyVDlgGyYMSeZtrm9KiKtttjZeUnDT2IA=
X-Received: by 2002:ab0:648:: with SMTP id f66mr5565239uaf.126.1607574546587; Wed, 09 Dec 2020 20:29:06 -0800 (PST)
MIME-Version: 1.0
References: <609e1c9b-cc4d-d7d1-0fa8-79f515c1eee4@tana.it> <20201209185246.1D40C29474C4@ary.qy> <CABa8R6sU0RQLSBA2LRk4mnkpzWVP5qBMbbHeTaw6VdgG02preQ@mail.gmail.com> <CAL0qLwa04NVQyP+=4o905ZF-e+NxmHhQqXZ5sGbdU9x8T3jSjg@mail.gmail.com>
In-Reply-To: <CAL0qLwa04NVQyP+=4o905ZF-e+NxmHhQqXZ5sGbdU9x8T3jSjg@mail.gmail.com>
From: Seth Blank <seth@valimail.com>
Date: Wed, 09 Dec 2020 20:28:55 -0800
Message-ID: <CAOZAAfNUGVriJfjhQCo_3phg_pajfJsComr8zJBZcL9_Ucy3Nw@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ccbb5a05b6149d9f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/oBY1ww-MjRpVXKlIk3uZ_Nhxoow>
Subject: Re: [dmarc-ietf] Ticket #61 - Define and add a simplified (redacted) failure report
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2020 04:29:10 -0000

On Wed, Dec 9, 2020 at 8:19 PM Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Wed, Dec 9, 2020 at 1:29 PM Brandon Long <blong=
> 40google.com@dmarc.ietf.org> wrote:
>
>> In today's much more privacy conscious world, should we have RUF reports
>> in DMARC
>> at all?
>>
>
> Forensic reports in DMARC are akin to the DKIM failure reporting we added
> to ARF back in the MARF working group.  In fact if you go back and read
> those RFCs, an ancestor to the "pct=" tag is there. (RFC 6591 and RFC 6651
> in particular are what I'm looking at.)
>
> Back in the original DKIM era I always found this kind of reporting to be
> really valuable especially since DKIM can fail for a variety of reasons
> that are far less obvious than SPF.  Being able to get the verifier to tell
> me exactly what it saw and compare it to what I think I sent was key to
> getting the implementation right especially in curious corner cases (any of
> you that remember the DKIM interop event would know what I mean).
>

> Seems to me that's still a useful thing to have, at least sometimes.  We
> might say something like: Include support for this, but don't have it on by
> default.  Or even if it's an extension to DMARC and not part of the base
> protocol, it might be really helpful in some situations.
>

Speaking as a report processor, never in all my years of helping domain
owners use dmarc reports to authenticate their mail has this ever been
necessary.

As an individual, I feel extremely strongly that failure reports should go
away in their entirety. Although Jesse Thompson has outlined a use case
that really has no other good solution, and is equally true in other large
complicated organizations. However, this problem is mitigated with a tree
walk, where you can get the reports to the appropriately localized part of
the organization (like, math.wisc.edu, instead of to Jesse at wisc.edu
who'd need to hunt things down).

As Chair, I've seen relatively strong opinions that people wish for failure
reports to remain. More conversation here is useful.

For this ticket in particular-- the simplified failure report with only
from: and to: addresses speaks to Jesse's exact use case, without any of
the other PII that tends to get failure reports in privacy trouble (like
body content and attachments). This approach to Jesse's use case should get
a fair discussion, separate from whether we want failure reports at all.

Seth

-- 

*Seth Blank* | VP, Standards and New Technologies
*e:* seth@valimail.com
*p:* 415.273.8818


This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.

v2.23.0 | Report a Bug | By Email