Re: [dmarc-ietf] auth-res vs. dmarc

Todd Herr <todd.herr@valimail.com> Mon, 28 December 2020 13:17 UTC

MIME-Version: 1.0
References: <9f6782b1-e85b-1a9c-9151-98feff7e18ea@mtcc.com>
In-Reply-To: <9f6782b1-e85b-1a9c-9151-98feff7e18ea@mtcc.com>
From: Todd Herr <todd.herr@valimail.com>
Date: Mon, 28 Dec 2020 08:17:08 -0500
Message-ID: <CAHej_8m0OWsTt+tcSgUh+Fxu=HH_57nsb2O1Q_fgA2453ceh4g@mail.gmail.com>
To: Michael Thomas <mike@mtcc.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000046f90b05b78618e8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/r3_0kFAcYYPvq5bv1OISiVylFbc>
Subject: Re: [dmarc-ietf] auth-res vs. dmarc
Precedence: list

On Sat, Dec 26, 2020 at 6:48 PM Michael Thomas <mike@mtcc.com> wrote:

>
> I installed this handy dandy t-bird dkim verifier extension which also
> allows you to just use the upstream auth-res.  After fixing a bug in it,
> I could see that it lists DMARC as a fail when DKIM failed, but SPF
> passed. The _dmarc record has p=none, so it seems really odd to call
> that a DMARC failure. Shouldn't it just be using the appropriate p= tag
> instead of "fail"? Is this left over from when Auth-res was mainly for
> dkim?
>
>
A DMARC pass verdict requires not only that SPF or DKIM pass, but also that
the SPF or DKIM domain in question align with the DMARC (RFC5322.From)
domain. A message such as the following:

   - Return-Path: <foo@a.net>
   - DKIM domain: b.org
   - From: bar@c.com

Can get an SPF pass for a.net and have its DKIM signature validate, but
still fail DMARC for c.com because neither a.net nor b.org align with c.com.

Can you share the example auth-res header(s) in question along with the
DMARC policy record(s) for the message(s)?

-- 

*Todd Herr* | Sr. Technical Program Manager
*e:* todd.herr@valimail.com
*p:* 703.220.4153

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.

[dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
Re: [dmarc-ietf] auth-res vs. dmarc Hector Santos
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
Re: [dmarc-ietf] auth-res vs. dmarc Laura Atkins
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Douglas Foster
Re: [dmarc-ietf] auth-res vs. dmarc Kurt Andersen (b)
Re: [dmarc-ietf] auth-res vs. dmarc Douglas Foster
Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Dotzero
Re: [dmarc-ietf] auth-res vs. dmarc Laura Atkins
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Dotzero
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Dotzero
Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Seth Blank
Re: [dmarc-ietf] auth-res vs. dmarc Hector Santos
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Seth Blank
Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
Re: [dmarc-ietf] auth-res vs. dmarc Todd Herr
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Seth Blank
Re: [dmarc-ietf] auth-res vs. dmarc Michael Thomas
Re: [dmarc-ietf] auth-res vs. dmarc Seth Blank
Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
Re: [dmarc-ietf] auth-res vs. dmarc Alessandro Vesely
Re: [dmarc-ietf] auth-res vs. dmarc John Levine
Re: [dmarc-ietf] auth-res vs. dmarc Murray S. Kucherawy