Re: [dmarc-ietf] Guidance around constructing an AAR when multiple AR headers are present?
Scott Kitterman <sklist@kitterman.com> Sun, 28 May 2017 15:54 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4A69126D74 for <dmarc@ietfa.amsl.com>; Sun, 28 May 2017 08:54:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.102
X-Spam-Level:
X-Spam-Status: No, score=-0.102 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bbRqCfUk6_DU for <dmarc@ietfa.amsl.com>; Sun, 28 May 2017 08:54:04 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80354124D68 for <dmarc@ietf.org>; Sun, 28 May 2017 08:54:04 -0700 (PDT)
Received: from [10.145.196.213] (mobile-166-171-56-218.mycingular.net [166.171.56.218]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 67A39C4010C; Sun, 28 May 2017 10:54:00 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1495986841; bh=VPuVq3kVTP0Z0NF+ApqjPx3zl1ejYbJ+RsDrBxQHRpQ=; h=Date:In-Reply-To:References:Subject:To:From:From; b=xdjesSmRPWs3DCFTXz0Q0DXS2st1Dubf6bPYPSu/R6NWrv+4FzZnYvl/Mudd9SHOg C4Ij5m9/IXxB27aykfqUEZdSGsj62S2EehWAZkZqG0eqoFBJNi2O/c2URZ630T9D9S qa1OUWkwtoec7pNt1SHKD+9izjxv2K22k/x1hGVE=
Date: Sun, 28 May 2017 15:53:57 +0000
In-Reply-To: <ogeq97$2u0k$1@gal.iecc.com>
References: <43d13efe-c0c4-62a6-490c-4e92eb265d65@gmail.com><alpine.OSX.2.21.1705242026410.29429@ary.qy> <43d13efe-c0c4-62a6-490c-4e92eb265d65@gmail.com> <8F87F9DE-C87E-406E-BA49-6AEA5DC17283@kitterman.com> <ogeq97$2u0k$1@gal.iecc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To: dmarc@ietf.org
From: Scott Kitterman <sklist@kitterman.com>
Message-ID: <4BC08AA6-02AE-4186-B0DB-ED773A35809C@kitterman.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ocmH5wzGDAjtnFdoD5p43O-ws-Y>
Subject: Re: [dmarc-ietf] Guidance around constructing an AAR when multiple AR headers are present?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 May 2017 15:54:06 -0000
On May 28, 2017 11:27:35 AM EDT, John Levine <johnl@taugh.com> wrote: >In article <8F87F9DE-C87E-406E-BA49-6AEA5DC17283@kitterman.com>, >>Nothing other than potentially ARC requires multiple AR header fields >for different authentication types to be combined. These different >>verification operations (e.g. SPF, DKIM, and DMARC) are generally >performed be different processes that add their own AR field. > >Since DMARC needs the results of SPF and DKIM, how does that work? >Does DMARC look at the A-R that the other two created or is there a >side channel? It occurs to me that a DMARC process has everything >needed to make a header that combines all three. snip At least for OpenDMARC, if it's not doing it's own SPF check (which seems odd to me because it's done after DATA, but it works), it will look at multiple AR fields for both SPF and DKIM results. Scott K
- [dmarc-ietf] Guidance around constructing an AAR … Seth Blank
- Re: [dmarc-ietf] Guidance around constructing an … John Levine
- Re: [dmarc-ietf] Guidance around constructing an … Brandon Long
- Re: [dmarc-ietf] Guidance around constructing an … Seth Blank
- Re: [dmarc-ietf] Guidance around constructing an … John R Levine
- Re: [dmarc-ietf] Guidance around constructing an … Brandon Long
- Re: [dmarc-ietf] Guidance around constructing an … John R Levine
- Re: [dmarc-ietf] Guidance around constructing an … Dave Crocker
- Re: [dmarc-ietf] Guidance around constructing an … John R Levine
- Re: [dmarc-ietf] Guidance around constructing an … Scott Kitterman
- Re: [dmarc-ietf] Guidance around constructing an … John Levine
- Re: [dmarc-ietf] Guidance around constructing an … Scott Kitterman
- Re: [dmarc-ietf] Guidance around constructing an … Seth Blank
- Re: [dmarc-ietf] Guidance around constructing an … Scott Kitterman
- Re: [dmarc-ietf] Guidance around constructing an … Murray S. Kucherawy