Re: [dmarc-ietf] auth-res vs. dmarc
Todd Herr <todd.herr@valimail.com> Mon, 28 December 2020 13:17 UTC
Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92FF03A0AC8 for <dmarc@ietfa.amsl.com>; Mon, 28 Dec 2020 05:17:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O4pJS8FpZIHS for <dmarc@ietfa.amsl.com>; Mon, 28 Dec 2020 05:17:27 -0800 (PST)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CD3C3A0AC4 for <dmarc@ietf.org>; Mon, 28 Dec 2020 05:17:27 -0800 (PST)
Received: by mail-qt1-x82c.google.com with SMTP id y15so6824884qtv.5 for <dmarc@ietf.org>; Mon, 28 Dec 2020 05:17:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tdaCtwXsPoK9ci5wM9YKUs4Hl3Vll6s5TQMal1nCnnA=; b=VJcx2wd+838Ntw5XRuGk3FdbhrJTVe8raz5os1J4SlMKT2jx6arx6lV2Gm4RC5Fubj 2CMEjIWL4lMjR8U/0aGh9H/CfuY87W5NeI2RqPbDq2zui8v47cJX1bBUO+xRJ/qCOLTR CTNu8rPLfeRQTmkQT7YNY5bUyIHr6kWq+g9DUNC6pWz1AFhrcKj/dUl1Q9gon7q9zy/7 5JjPvsqJ8GYx4UAqHWhy1yNgfEFpatc8iNMG8Y8tmK9O92ePAAUAgS8HFVfnMNEAWsQB YbKUrG3sI3QAqD7eW1+GXBHuT3KTzZswVGAOboY/Vd51d7OoBywxiG9uJDJoSapKYIQ9 ngTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tdaCtwXsPoK9ci5wM9YKUs4Hl3Vll6s5TQMal1nCnnA=; b=Jkh5B1OteZlwWRj7VCt5CUTX0eSMguWAbueei70nBnDKBR8sTMWa44pvR9gItO9H3j DdoDbLHhbaN/Zq/+YBTEmxfKvONWyOor4mFbult3WdAbEtOgU7uAqQXFXEh7Z5oDSinB fqiB7YO2/2PjqWxuX8x1+iS6PsUUHWil8kfHhO4X+ODe/gaTHWDAjA5wtBQffHmmmjgN dBrP6qaHzR161Nm3x0rF+hCniDwMXSBe/uEtSpnvctH6VWWdC9YTzNhyCYgW0QLdERyO 5fRcm5Fw41xAQX+dFhCmFUfpXY6zaokrTcfs66YIBgUPfAB617rigJo1m8CCqRpHokQ7 DWbg==
X-Gm-Message-State: AOAM533b2nPeFNxfa4wPS9Ujxof2yABe3MGQIAhFAPc8Pfl0rK3DeHup LD9zBy1R1Eow1I9VZBDvdxsY7S8iGeYr2bKEkWi1PA==
X-Google-Smtp-Source: ABdhPJxaEJkXsZa9Gbgz6UwSa5Klr1B2Tu3xO17m193aFO3L6VweCzPBhBtbfIwQEljjJbp539ZOvsTQD//FZzTGSac=
X-Received: by 2002:a05:622a:14e:: with SMTP id v14mr44286119qtw.298.1609161444350; Mon, 28 Dec 2020 05:17:24 -0800 (PST)
MIME-Version: 1.0
References: <9f6782b1-e85b-1a9c-9151-98feff7e18ea@mtcc.com>
In-Reply-To: <9f6782b1-e85b-1a9c-9151-98feff7e18ea@mtcc.com>
From: Todd Herr <todd.herr@valimail.com>
Date: Mon, 28 Dec 2020 08:17:08 -0500
Message-ID: <CAHej_8m0OWsTt+tcSgUh+Fxu=HH_57nsb2O1Q_fgA2453ceh4g@mail.gmail.com>
To: Michael Thomas <mike@mtcc.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000046f90b05b78618e8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/r3_0kFAcYYPvq5bv1OISiVylFbc>
Subject: Re: [dmarc-ietf] auth-res vs. dmarc
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2020 13:17:30 -0000
On Sat, Dec 26, 2020 at 6:48 PM Michael Thomas <mike@mtcc.com> wrote: > > I installed this handy dandy t-bird dkim verifier extension which also > allows you to just use the upstream auth-res. After fixing a bug in it, > I could see that it lists DMARC as a fail when DKIM failed, but SPF > passed. The _dmarc record has p=none, so it seems really odd to call > that a DMARC failure. Shouldn't it just be using the appropriate p= tag > instead of "fail"? Is this left over from when Auth-res was mainly for > dkim? > > A DMARC pass verdict requires not only that SPF or DKIM pass, but also that the SPF or DKIM domain in question align with the DMARC (RFC5322.From) domain. A message such as the following: - Return-Path: <foo@a.net> - DKIM domain: b.org - From: bar@c.com Can get an SPF pass for a.net and have its DKIM signature validate, but still fail DMARC for c.com because neither a.net nor b.org align with c.com. Can you share the example auth-res header(s) in question along with the DMARC policy record(s) for the message(s)? -- *Todd Herr* | Sr. Technical Program Manager *e:* todd.herr@valimail.com *p:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Hector Santos
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Laura Atkins
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Douglas Foster
- Re: [dmarc-ietf] auth-res vs. dmarc Kurt Andersen (b)
- Re: [dmarc-ietf] auth-res vs. dmarc Douglas Foster
- Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
- Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Dotzero
- Re: [dmarc-ietf] auth-res vs. dmarc Laura Atkins
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Dotzero
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Dotzero
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Seth Blank
- Re: [dmarc-ietf] auth-res vs. dmarc Hector Santos
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Seth Blank
- Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
- Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Seth Blank
- Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
- Re: [dmarc-ietf] auth-res vs. dmarc Seth Blank
- Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
- Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
- Re: [dmarc-ietf] auth-res vs. dmarc John Levine
- Re: [dmarc-ietf] auth-res vs. dmarc Murray S. Kucherawy