[dmarc-ietf] Discussion: Removal of validation for external destinations (Ticket #76)

"Brotman, Alex" <Alex_Brotman@comcast.com> Sat, 05 December 2020 13:52 UTC

Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F3B23A0B9D for <dmarc@ietfa.amsl.com>; Sat, 5 Dec 2020 05:52:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, SPOOF_COM2OTH=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N3d2Gx8iXmUL for <dmarc@ietfa.amsl.com>; Sat, 5 Dec 2020 05:51:59 -0800 (PST)
Received: from mx0b-00143702.pphosted.com (mx0b-00143702.pphosted.com [148.163.141.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 271F93A0B9C for <dmarc@ietf.org>; Sat, 5 Dec 2020 05:51:58 -0800 (PST)
Received: from pps.filterd (m0156894.ppops.net [127.0.0.1]) by mx0b-00143702.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0B5DmDo9028372 for <dmarc@ietf.org>; Sat, 5 Dec 2020 08:51:57 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=20190412; bh=0NhTGjAjfAGWYM2m+6zh1k9RYZvG//Qmz2sx7+8QEtA=; b=WrKM+tWxrzyXc9aQYNnrY6+ZTr0c6sG9ypVcedJm0gOnxqh+wVr8qYaK8kOJoHW9CvVb OeEo95at9I9MGGkYdw4zrgaeEZejUK0jjnSCcN5LMMIYBVbKDQ95tEQ+hEt/WzUuuDIe E/KNzsPMscKLWQ8HWN80ejLa0bP9E0LjJGCyQ3nTDcY95a1Z/htfq1jo4MJVBy4i2Syf I5IkbnxI66TtmGsByVHVgxJG++ZY9JVj22zW8wBRRCWIkMgQNhPdiCtCNXQwvyJjr8+4 /fwdrfmGDiBUW3KzNZ/zsHdS3pwC2p2Yi9L5IIxA+PMfBA+R/+7LvwknMOVqmedBh+x/ LA==
Received: from copdcexc39.cable.comcast.com (dlppfpt-po-1p.slb.comcast.com [96.99.226.137]) by mx0b-00143702.pphosted.com with ESMTP id 3587xw8pnn-4 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <dmarc@ietf.org>; Sat, 05 Dec 2020 08:51:57 -0500
Received: from copdcexc33.cable.comcast.com (147.191.125.132) by copdcexc39.cable.comcast.com (147.191.125.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Sat, 5 Dec 2020 06:51:55 -0700
Received: from COPDCEXEDGE01.cable.comcast.com (96.114.158.213) by copdcexc33.cable.comcast.com (147.191.125.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5 via Frontend Transport; Sat, 5 Dec 2020 06:51:55 -0700
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.177) by webmail.comcast.com (96.114.158.213) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sat, 5 Dec 2020 08:52:00 -0500
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by MN2PR11MB4176.namprd11.prod.outlook.com (2603:10b6:208:13b::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17; Sat, 5 Dec 2020 13:51:52 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::7ca6:b482:a6b0:4d42]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::7ca6:b482:a6b0:4d42%7]) with mapi id 15.20.3632.021; Sat, 5 Dec 2020 13:51:52 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: Discussion: Removal of validation for external destinations (Ticket #76)
Thread-Index: AdbLDJ36lgBe/Aa+SKaTRhc/gVa6SQ==
Date: Sat, 5 Dec 2020 13:51:52 +0000
Message-ID: <MN2PR11MB4351D62302C7357DE653F8B4F7F00@MN2PR11MB4351.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=comcast.com;
x-originating-ip: [2601:43:101:380:60ff:eff6:6cc1:16f5]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 31592723-0c94-4315-055d-08d89924eb8a
x-ms-traffictypediagnostic: MN2PR11MB4176:
x-microsoft-antispam-prvs: <MN2PR11MB41764CDDBFAC1A469A0A0749F7F00@MN2PR11MB4176.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 23N08KYngz0xS1wY8TEXxA+OLjRCgSejn/NUeUk47MWxWFVpVgNKimcWK8jBfPm5FxVUx6SnL6TEbeZw+4vPBFAAh6XwqOVtAflkM7Z8TbMaVCVHxPpeuh4p4jLdwxMTZ5ctnnLs519DpfXUWmh4kT5tbOerrpogbHQAKVgyxoEIK41YcKYDjypfYGAVrm1n8crUOU3bRreUA52NmrwKPXwJ21NuYkG6ACkT11y1f7a2zX3nCOnUUCxvQq2Qi5XJ0q5+fKxpAMNU1AeNqiyb8B3KloouuxNlSvLJjHiCG9sPq+v6K0sPad8Z4+t6xPd+w3UvGELcl4J7O7mg39S/Pr8cUp9j1MgSYAJuDNQNCF15nSbhOLBk6meFNPq8HvCSR3FlaUtjwS+cfHjYOflXcA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(39860400002)(376002)(366004)(346002)(186003)(71200400001)(66446008)(2906002)(9686003)(8676002)(86362001)(8936002)(52536014)(4744005)(316002)(5660300002)(966005)(83380400001)(6916009)(66556008)(55016002)(66946007)(6506007)(64756008)(33656002)(478600001)(7696005)(76116006)(66476007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?wdi2fzI68YDzuUxnLH7w52P7xogyZPNzrzoLzDLIYZ0yrJe6vUVm2wCsSqZI?= =?us-ascii?Q?2ir6OGEL5Rrm9SOThqbLbuoOSGJZF5ajnqehtzKezRk4b0ZppuLiisvv5zlv?= =?us-ascii?Q?9za3+UhZaVjKzQhapggWj0RXJ4ThIooWqhaSb3+0dRbTZsM5+tzI5MpbKYO2?= =?us-ascii?Q?G4VLU/SvuO44FTycgqfERmuvQFkxkKJqlJHNIQieWTq/QgI6/FficuD9qcb+?= =?us-ascii?Q?nu5J/XFtzIYjTli+39vfdE1B6YiFl0QDY+VH/gCQ8JPHjFuRNanXN2M0z+JL?= =?us-ascii?Q?lKFForwofGt/xgXSr2Q2yQDhMBBPtu3K2QcYhLgIlUwIjCvkeMIucVuX/5gm?= =?us-ascii?Q?JEQOU6UTVrilHBiAdWeCurjGF39NVqCHt7GfiQf0HinFx2epmcZVTbT6ruOC?= =?us-ascii?Q?497KSqarFuFUCDrN5VG0osdZtb30HMiVul3x8tU+zwE2y0qbL2H/b3vCl+ub?= =?us-ascii?Q?avJxUKlEeYiqJX7EDtBy+t5VUhiFK/CgShOrHdPmdU50A0FfoasJPGQ8z++m?= =?us-ascii?Q?qrRCWZlfCscgBl0vtI7pvKhh9SJ+8RUu4y8ycLt5f5y35ZrHWC31lx8lqZ3h?= =?us-ascii?Q?GWVrIf5dKXqg3k35mQgWKHh7YW+HHiUT6R62boZ7UYjhwEnLx/98oBIrcYE/?= =?us-ascii?Q?cCb/0+j1mwBHf9N9Yi8OMLpjWq5NZXsClUzOL43KoX75mFcDeCoQ0CWKoVHG?= =?us-ascii?Q?lpDGMetnJOO76OEYOi/eFwuzAiDWV05fzJ7uCtPrJwx5ClqTRnInAEDAUxAV?= =?us-ascii?Q?aJJIURSiszFC+ReLJAHK/WNXdhMeqqnS7hCe70nms5yznEMiGeBIVrmsEjOr?= =?us-ascii?Q?gnRUz4zLYXVHkLj+4FTP4eS3fuobkxc0tI1D3+1BmYYtyB5Mgxat0PMXyDLY?= =?us-ascii?Q?4A7n/vOvXCEIvAZZrSvW467bMZEB0Y5fV1V2VG6FsZd3xyLVVCRSkpmk4fDF?= =?us-ascii?Q?d6vcOjmhnMMbCQs10Pi8Dw4X+73dmEPNMBXQSH3yzFxOMxG/hzZtYbss9Jdn?= =?us-ascii?Q?by8LChBrJ6+Bnp/sEAlTCE2V0EXmg1V1MZwcpVSj3zoRNPM=3D?=
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VQbrBcsOmqPfYAM44TicuvKLfIWkO60xDx0HQB2evSaC6ZU0hdRs4AYZuUSII3oSRdkDVbSrpi4jfymEXj1wF8mue1+OwKq2UPzVR+fFTi4NvDim1BGiibLmiUJYa6bTlbvmDaDnBMdzBkYIquUAqqs81uv+hnv1O2/S9CI8y+ICOLjlUyHE7C66BT4i2ucqH5gwiDTdtjpFvop07d3QBBiPu0PkIjgpPoncgAvytRIe+YwU0lS7gojWw+vt2xABuU/t5lK2vsdFySdvGck+83byjsIa9/kS/xH7FmtUBQRL9k8JTBhGdHjpQ9pDnrG2nx9cf9LO/ndxZcGuc4ZO5g==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A2SRc0MqYD8zUUIq6aPdyX4zTFYRXqifspwfxl6Ou4E=; b=TTsNJ4Li+ltz66i+flAKilDL5ySCWg7P4oCJyUdBnpm2qwW5R1BhVmXLL5JhuomQY62K2v2HM/ACwKkilkWggz6QFwCfu2cougxlSDZgxGwIHg7phyQ1kptuuUGEKVX+bvKcA4LZE5gFB0X7iohMQfa/8tlsxBtRR7wqAEG9+pJGT71UdsEWl2Ryfzcg2e3hVQbVImprfLOp3cE8PeU8LQfxcxwGSjl45LPYaO3wRF0BZimz/0IN6O1NlhD9acDZ/uidTpgP7uspq3anqwxCBjh7YHxtzBiLf26qzPc1eZ6bcHkXnKElcRPWhwWUxQ9KbC1zWKdQnUFQikixLN0mow==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4351.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 31592723-0c94-4315-055d-08d89924eb8a
x-ms-exchange-crosstenant-originalarrivaltime: 05 Dec 2020 13:51:52.0809 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: wLTH7NkKMmEi+wIOw9vnk0CQatmuEVLcpCrZ/k5cxtlWh5d8X3vWINwGKhV5H1CGom4rltLVLghefKTj2+GKtvqTOCjBqj+PuCl0ehWhOvM=
x-ms-exchange-transport-crosstenantheadersstamped: MN2PR11MB4176
x-originatororg: comcast.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWA
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-12-05_08:2020-12-04, 2020-12-05 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/pL7dsXjXn9BmADxly0yO2cDC_ro>
Subject: [dmarc-ietf] Discussion: Removal of validation for external destinations (Ticket #76)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Dec 2020 13:52:01 -0000

Hello,

There's currently a ticket that suggests that the requirement for external validation be removed.  Today, if example.com has an RUA that points at example.net, the latter must create a record as such:

example.com._report._dmarc.example.net TXT "v=DMARC1"

The original thought was that a bad actor could overwhelm a target with unrequested reports.  It seems in reality, most report generators only send once per day.  Additionally, there appear to be some generators who ignore the absence of these records.

https://tools.ietf.org/html/rfc7489#section-7.1

We'd like to have discussion wrapped up in about two weeks or so.  Again, thank you for your participation.

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast