Re: [dmarc-ietf] DMARC'ed reports, was Forensic report loops are a problem

Dave Crocker <> Tue, 02 February 2021 02:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3FA3A3A1692 for <>; Mon, 1 Feb 2021 18:24:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Q9i2yKI0wjOj for <>; Mon, 1 Feb 2021 18:24:25 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CB2DF3A168E for <>; Mon, 1 Feb 2021 18:24:25 -0800 (PST)
Received: by with SMTP id i20so18420508otl.7 for <>; Mon, 01 Feb 2021 18:24:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=PlH9pyiFroqY7BbZvCd6rnTyP0IB4TLHiA/Be9ReEPU=; b=EhJ3R9jaPgE0IYZsRXPdW3ofGqPhVCsW8uWD1w19/N26uo2AX5fQAf0vcFMm9kUZId RoHJ2u+MKWm07oNdfdKS63ZAdyoHJy/xggKilbZ2Xsih4Mv24my3WU36BRhVcRVjHhd6 UKhoilQyUsEwTQFs6gYWigbwTTTN76UEjmcQxC2sBoIH9SW2FsguJRGs34HS5Qiei+P9 LRyOxc/uuiN+FaNgXdtkKa+DVCTf/bStop5It7df4e3j9rvAnUQzZVjABa4b4DjXDMaU loofglhgyu3YYDJlpG/9rMoOfn5NfpJA7/vqtsUmXrTQNPMIrW+a2r41H7p0Z7epLDJ4 59+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=PlH9pyiFroqY7BbZvCd6rnTyP0IB4TLHiA/Be9ReEPU=; b=hiHzP3p/5D/EoZQoyYTPjBVMqzvS2Homx1wzsoni0pTEDj/41/fUeSqKEt/4ghqi/H 2FXPdJGmzoCdiFdECXRv+U98o3Q9Ny6Ru4YW0N0DOKmpsyVVZohf2Z8yk7U5RDPnV82E FocW6ghgNsUfsAvpPoH1HfBgLTCf6spMTMhgFDlf5Ap729x1BYb/8IQ3CjSt6Lb3GO2B vt5g1BEunVCB2P+l8m942atE6WTZlnZQD7dVul1hTqt5lasIYaxGu8BBcKx574LxmnA/ +yPRY5G8hnDZ6Eu8ZvcPKpgzKJl1O2+Z42oF1+epXRFP59293sQ93mtwXPJxMz6WjVGw H2VQ==
X-Gm-Message-State: AOAM531JEJF3tioH04m+KJy5N23KHxbc8OQdV/zS25c3zFoZXbDvxMRm uldq8CzURCdvcXF/EaBQPgT4BGMV1IXxiw==
X-Google-Smtp-Source: ABdhPJzL6wO/iq84LIBBdwGewSxP+S85YD4X5SqvbFM/SpWBi0lxXUu5YrfL7qg5OlCbW3dvHTZVeg==
X-Received: by 2002:a9d:61d0:: with SMTP id h16mr13303600otk.1.1612232664947; Mon, 01 Feb 2021 18:24:24 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id i26sm4467517oov.47.2021. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 01 Feb 2021 18:24:24 -0800 (PST)
To: Michael Thomas <>,
References: <20210201232105.1931D6D20971@ary.qy> <> <> <> <> <> <>
From: Dave Crocker <>
Message-ID: <>
Date: Mon, 1 Feb 2021 18:24:22 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [dmarc-ietf] DMARC'ed reports, was Forensic report loops are a problem
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Feb 2021 02:24:27 -0000

On 2/1/2021 6:13 PM, Michael Thomas wrote:
> Because we all know how well unauthenticated data worked out for 
> email. I fail to see why anybody would be in favor of digesting 
> unauthenticated data when the method of authenticating it is trivial 
> and well known. It's an extraordinary claim that needs to be backed 
> up. But you don't need to convince me; you need to convince the 
> security AD's and cross area reviewers.

DMARC has been deployed for 6 or 7 years.  Where is this onerous abuse 
on reporting that you feel is inevitable?

I suspect you've assumed the incentives for sending problematic reports 
are the same as the incentives for abuse of generic mail, while they are 
likely quite different.

And no, it isn't trivial at all.  Setting this stuff up properly takes 
skill and effort, which means it's expensive.  And often is fragile.  
Hence the need to attend thoughtfully to pragmatics.


Dave Crocker

Volunteer, Silicon Valley Chapter
American Red Cross