Re: [dmarc-ietf] DMARC'ed reports, was Forensic report loops are a problem

Michael Thomas <> Tue, 02 February 2021 02:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6D6183A169B for <>; Mon, 1 Feb 2021 18:33:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.751
X-Spam-Status: No, score=-1.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3lYNp1xdyo0s for <>; Mon, 1 Feb 2021 18:33:43 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 805733A1690 for <>; Mon, 1 Feb 2021 18:33:43 -0800 (PST)
Received: by with SMTP id g3so11618027plp.2 for <>; Mon, 01 Feb 2021 18:33:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=fluffulence; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=RiqRe63PcvOLbDsDxCxNA86eAThR7IsHAMgUx4IjVPM=; b=JTK8KvE/eZ+vr386AkSOeBaBnydrCDL+7/dIiiW7LEdbRvGMnXfoznTYUaB9JxyHQB 7fJamwypNzoTp+VGr/+0RPFtSSTor6tle+q6CBEWzwrBtUsB7Ro2ZOO3Bnm2fST3mmKr t415OQxjTtBrnFUvc1Qh5wDFY9VbvjxV+UBUrVRNJBIaTevqoIQ3pdE3DXlwpCZ4l8+C q9wHwhd4m8jqfR2/uQmYXeFCkhG9yGbU04ED9Tnbn6zwib9W7/G/s6TyJSmontF9IOwy Q/Fhw+i955lvN8hd7HorkaYFiMtmQGrojkxiqdYypmXroIjKbEI/VyqWI7CRjE2ZVJ1y j+ig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=RiqRe63PcvOLbDsDxCxNA86eAThR7IsHAMgUx4IjVPM=; b=o9e2iOAqikOcFMjX5ZwBWlJje/pXMMGt9RDDm30OyKYurF7CCKqRX37mmLrt1Gtq3d iLKxudXWojS95AkONsilM/MkKBBIa6zfqeQO1tIuCnmeLZJHrYyKZTrvxIQwwrps1y/m Un3dkQas6y4Gyw2aERI13UF+J+e7zoaMNPgmR726wbCJvdRa5TsXA561yBg4YzuIfeK1 Z1lQ66eZaQuFV3Xomyk8AnmEavkjqW3zZqgioX8bVrD3gyHPjHLVPvvyrwFSuIn1ZOzo aXZNK7YOhAk4aFWUg2dMRHAIcGHPikSfrQMkGZmq4gOaf86fVN/PrCjXOBMjF7qSvM+S u6TA==
X-Gm-Message-State: AOAM530z92ofuqCrmuOdMMM8VCdtf4zV1glx1HpfcrgE1+05DYEdvdin tQAiorSYcYGZfpXIwuHYhBL//3fmfK5hKg==
X-Google-Smtp-Source: ABdhPJx2sRR1Mm9+eTOsRFou7id4qjXnMcLrHkaA8doOLt5bS8nXNB74Utw2iywcNzry3mb9XxofAw==
X-Received: by 2002:a17:90a:4548:: with SMTP id r8mr1910294pjm.16.1612233222508; Mon, 01 Feb 2021 18:33:42 -0800 (PST)
Received: from mike-mac.lan ( []) by with ESMTPSA id i9sm19737145pfo.146.2021. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 01 Feb 2021 18:33:41 -0800 (PST)
To: Dave Crocker <>,
References: <20210201232105.1931D6D20971@ary.qy> <> <> <> <> <> <> <>
From: Michael Thomas <>
Message-ID: <>
Date: Mon, 1 Feb 2021 18:33:40 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [dmarc-ietf] DMARC'ed reports, was Forensic report loops are a problem
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Feb 2021 02:33:44 -0000

On 2/1/21 6:24 PM, Dave Crocker wrote:
> On 2/1/2021 6:13 PM, Michael Thomas wrote:
>> Because we all know how well unauthenticated data worked out for 
>> email. I fail to see why anybody would be in favor of digesting 
>> unauthenticated data when the method of authenticating it is trivial 
>> and well known. It's an extraordinary claim that needs to be backed 
>> up. But you don't need to convince me; you need to convince the 
>> security AD's and cross area reviewers.
> DMARC has been deployed for 6 or 7 years.  Where is this onerous abuse 
> on reporting that you feel is inevitable?

Email was around for 20 years until spam became a problem. We know how 
this plays out: bad guys do the least amount of work possible until they 
have to react. When it becomes a barrier as p=reject does, they take 
action to protect their turf. Plugging an obvious security hole with a 
well known and trivial set of authentication mechanisms to prevent 
forgery should be the default posture. Anybody who is against that needs 
to explain in depth why it should not be the case. Especially since it's 
part of DMARC now.

Mike, security related specs thumbing their nose at security is a very 
peculiar stance.