Re: [dmarc-ietf] Two new fields in aggregate reports

"John Levine" <johnl@taugh.com> Fri, 25 October 2019 17:49 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55439120132 for <dmarc@ietfa.amsl.com>; Fri, 25 Oct 2019 10:49:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=sYxb0bVP; dkim=pass (1536-bit key) header.d=taugh.com header.b=eRYpPhVg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U9YfyLUYRAma for <dmarc@ietfa.amsl.com>; Fri, 25 Oct 2019 10:49:22 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFBDB1200DB for <dmarc@ietf.org>; Fri, 25 Oct 2019 10:49:21 -0700 (PDT)
Received: (qmail 98502 invoked from network); 25 Oct 2019 17:49:19 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=180c4.5db3359f.k1910; i=printer-iecc.com@submit.iecc.com; bh=F4hwwApg4svlR0zcAp0/T0xraPxjaqRHD3wuEaz/CvE=; b=sYxb0bVPF3sDhURobkjX6uvJnHC0DUwcqqKXj3z4GPvbKKRz+KUVL4dn6YlDPT2WTZcgq5Hz/vdPQIdeRpV0pvtP/Iqrqp1pqo+cT+A4yXLlo/tFEOpn5KYSsgWiqb1LnXJpyKh2aaSV/4nRXVl8tGBpu0UG442hVJIo7G0R/NQPiWxBRo/Jr0rwHgoJgZMYsMSn4zxpeInv8cdDLFYJ1d5m/2hSxLQMV6EJW1iLITo70JhEe+blR0FW0l8E8/rG
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=180c4.5db3359f.k1910; olt=printer-iecc.com@submit.iecc.com; bh=F4hwwApg4svlR0zcAp0/T0xraPxjaqRHD3wuEaz/CvE=; b=eRYpPhVgTTJjoZovP5sthYXSmwhiSKXnCtK5civ7xfbVSoVqJHc1xpqlmbXpsb7k7wRkReOm5bhHOnU0kz0BpQU05PUqzNd4R3qBpojeIPk1qwsqCcAsWecyc6vsnWa+2Eq76MiNjjaCJ4C9saU3BEZG86nPJkv7zz2skk4u1PBNlh1R71nGYL6vuNIj4BsBLdbVWd5AmN/lhCCs3p38MTe6pcpeYP2yUSCwyIGwJ3728rgiIF17Na/WjDDUFaXZ
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, printer@iecc.com) via TCP6; 25 Oct 2019 17:49:19 -0000
Received: by ary.qy (Postfix, from userid 501) id E8CAFD66F4D; Fri, 25 Oct 2019 13:49:18 -0400 (EDT)
Date: 25 Oct 2019 13:49:18 -0400
Message-Id: <20191025174918.E8CAFD66F4D@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: dilyan.palauzov@aegee.org
In-Reply-To: <e5bc55efd6ef01ab849505a0872c9dc9a36e738f.camel@aegee.org>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/pfKmxA3fYmV9VjqddF4qDR7doXs>
Subject: Re: [dmarc-ietf] Two new fields in aggregate reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2019 17:49:23 -0000

In article <e5bc55efd6ef01ab849505a0872c9dc9a36e738f.camel@aegee.org>; you write:
>What is the purposes of the aggregate and non-aggregate reports?  What are non-goals?  I asked several times here,
>nobody answered.  Perhaps a discussion on the goals and non-goal would help.

As far as I know, the point of DMARC reports is to help domain owners
understand who is sending mail that purports to be from them.  In a
large organization it can be remarkably hard to track down every mail
server in every department or every subcontractor that might be sending
real mail with the domain in the From: header.

The domain owners use the reports to do things like update SPF records
to include all of the sending hosts, update server configs to add DKIM
signatures, or to fix servers that are adding invalid signatures, and
often to shut rogue servers down that shouldn't have been sending mail
in the first place.

I can't see how spam scores would be of any use for any of these tasks.

R's,
John