[dmarc-ietf] Thin forensic DMARC reports
Дилян Палаузов <dilyan.palauzov@aegee.org> Sat, 26 January 2019 17:07 UTC
Return-Path: <dilyan.palauzov@aegee.org>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA94D130F0F for <dmarc@ietfa.amsl.com>; Sat, 26 Jan 2019 09:07:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=aegee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jl8IuQGUAmgv for <dmarc@ietfa.amsl.com>; Sat, 26 Jan 2019 09:07:14 -0800 (PST)
Received: from mail.aegee.org (mail.aegee.org [144.76.142.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C1A1130F17 for <dmarc@ietf.org>; Sat, 26 Jan 2019 09:07:13 -0800 (PST)
Authentication-Results: mail.aegee.org/x0QH7B0E025285; auth=pass (PLAIN) smtp.auth=didopalauzov
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aegee.org; s=k4096; t=1548522432; i=dkim+MSA-tls@aegee.org; r=y; bh=HzaAXH+zpoY2ykxfA3jeC3eD4yxc1SnyvAR1f0rFTNw=; h=Subject:From:To:Date; b=fejfavlU/K7lowsEGcBQfWNy3bPm07DHigUFHImi14IQdTsnji4T4JYow9gXQGFDe 5yOQL/2MAuwhUD5l8Dg3l4RYFIqK71iaNmcKjAxil+wONvWCKUHP6B/GVKSKuI1D92 oe/NGVpmmKJr8aG1xsAaaEZqLfttgvwOBvkPt3TsR+MVhzc9hoyja7KDJAhJ+iCBAh yfKY0xTUMYhzWZtKeUOFI5JItSUxH4mNIdA8nhoDDwbZDbIY/+lFSRA6SFWvhE9Fv5 qGuHPtiCAjfDwGVy321BJ6l+j8tHMMD3Lr1Ew2bCOxEnpbSuB3vznlFzm8W/hUENM4 DYnemHIcEKfC8zwCVNPRsIxtD1lYeJ0Zcr27XnmqlXzuv8cV4wAaVf2QZY66MdbzRT vQjrnDYCNUaGkjdhC3cSRxBA4RqYswxYo87Wx9WAM11yIIS7CYXAHM5+WZG3Z/v7I1 yITZgRVYCRK+ifW7V9EAKX3A9cHMg2rlcvoVpK0oy2oxdCBcH876O9rKdkOoazho0/ Z1VNxBRi9KtcWnVNWbk6HihZOT9Od+BwUz5jjWZeLvtFIdX5nFdYPpnrnAfQHX2lQ8 6Cs2psyPCrU3fTFPvJ7TqGxjQg8z7l1h2NJa4tw4yyX7twTqoFyOaFWituVCpVoM0Z DjcL64t7ggZrE8KesXj2E2dE=
Authentication-Results: mail.aegee.org/x0QH7B0E025285; dkim=none
Received: from Tylan (adsl-62-167-97-198.adslplus.ch [62.167.97.198]) (authenticated bits=0) by mail.aegee.org (8.15.2/8.15.2) with ESMTPSA id x0QH7B0E025285 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <dmarc@ietf.org>; Sat, 26 Jan 2019 17:07:12 GMT
Message-ID: <7ff0d2fc379d7d61576fe4d419e0bcd0390f408c.camel@aegee.org>
From: Дилян Палаузов <dilyan.palauzov@aegee.org>
To: dmarc@ietf.org
Date: Sat, 26 Jan 2019 17:07:11 +0000
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.31.90
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.101.1 at mail.aegee.org
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/rzYlB7qbcBkA0EBbd84WqSQxZM8>
Subject: [dmarc-ietf] Thin forensic DMARC reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Jan 2019 17:07:17 -0000
Hello, will be there any concerns for sending slim forensic DMARC reports (ruf=) on failed DKIM validation, if * between sender and recipient there are no intermedates/aliases/redirecting providers, * the third MIME part of multipart/report is cut (contrary to https://tools.ietf.org/html/rfc5965#section-2 bullet d), and * in the message/feedback-report part - either the Original-Envelope-Id is included, - or Original-Message-Id is included (where Original-Message-Id will be defined to be the Message-Id of the message that is reported)? The Original-*-Id identifiers do not expose privacy information, but let the sending server identify for which message the DKIM signing/validation do not match. Whether the sending user has deleted the message in the meantime does not matter. Knowing which message is problematic is a huge improvement compared to the current situation. First, the sender can validate with different implementations whether they all produce the same signature for that message. Second, if the message in question is sent over a mailing list, the From: was changed by the MLM, the DKIM signature was added after the mail left the MLM but before leaving the MLM-mail-server, then this very message is likely to be distributed to several mail providers. If one provider does not validate the signature, and the other providers validate the signatures, (or all mail providers do not validate), then somebody can take some actions so that the cause for the failure is resolved and does not happen again in the future. A clear plus for all DMARC-users. Regards Дилян
- [dmarc-ietf] Thin forensic DMARC reports Дилян Палаузов