IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

Dotzero <dotzero@gmail.com> Sat, 11 November 2023 14:40 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9330C1519BD for <dmarc@ietfa.amsl.com>; Sat, 11 Nov 2023 06:40:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ljnjfgsQZ5kZ for <dmarc@ietfa.amsl.com>; Sat, 11 Nov 2023 06:40:43 -0800 (PST)
Received: from mail-vs1-xe2c.google.com (mail-vs1-xe2c.google.com [IPv6:2607:f8b0:4864:20::e2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80B27C151990 for <dmarc@ietf.org>; Sat, 11 Nov 2023 06:40:43 -0800 (PST)
Received: by mail-vs1-xe2c.google.com with SMTP id ada2fe7eead31-45f19811ae5so1970273137.0 for <dmarc@ietf.org>; Sat, 11 Nov 2023 06:40:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699713642; x=1700318442; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=sCzzjwoQ9wGpn5H2daBDxPjUhJMW6P1shKqHyD1ZvyQ=; b=Po+tTaaKn4zlqcB6zjwjt8AyiFgByWMyqMqKjvunZ+jvw4+mniwN66ClZKAt3TH67G ekUbfc7n4KNbf8fB0BrxejxrqjOygWt7tylPGGMQiJfNUN2LRdCjVArIlZP+i1FeVGvE ohuKMxAlNOjfZG371UPveyQvJJFqLdRrdcbyedMqo9PmqbD+nNzOvWciGcNukyOlxVku AEg3QhIMBB8yvP1RLDXB65BtWqUOTfDPXmg+FNDAl7rzoUF6TtuUe9b/Zx9iSnbeqBLL V7CsE9bJfSKYsH0ZHOb3hz5nebcxDm8k+3dFIeGrmfMUIfJjuNVxiR2IL9wTa7QQgqBr NdxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699713642; x=1700318442; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=sCzzjwoQ9wGpn5H2daBDxPjUhJMW6P1shKqHyD1ZvyQ=; b=nCBKtwF4nfR2kihK4sgtDiyT6jLuE2+oM/qdZTLZW1XUvZsK7PL8m5L5RkI/yoAeJU kPhqpEfdHaAq0K6dptMRBkWIIDn3q9Wwgf9ruZAl6sh8CY/FFhNmwuqRKiuTIIPXHD+k KZtRsmqTLdOwX1fHWqpq8fzXDGHe6Y7ctCAM64YkOGRnHlWIh+FETSfmjayU4/+f4pXu JbUUM/o2ilZ8mJRGAaAClbRnrJBOlYpQyj3iMamYVh+NgptjXS9JSopNL1l/6bffpX9+ 72wsJ5JLQeQleF/tMyIxEQXKaBZcIJoRWBFDKkV+kLdfZ0x2IK7T4WjMOgFcXhndPXK7 GRUg==
X-Gm-Message-State: AOJu0Yzcav8HmnOsSZdcDkbw+h1ROrKvfbJYpnSJB7HXZeU2kiWq4X9n pEeIEr6MCteQgVQTqD74Jp32p01YT6zKYQSHQ1U+Ti9F
X-Google-Smtp-Source: AGHT+IFxxz2ixM/10TD5SxPJkGKHnNuCgSOdbl8C7o4VFVd5Jjq1bmIE4Ixf5CK8ljBOzkjPyYPbjb9Qp0qsZfMQgxg=
X-Received: by 2002:a05:6102:1294:b0:45d:8726:343 with SMTP id jc20-20020a056102129400b0045d87260343mr2652853vsb.4.1699713641904; Sat, 11 Nov 2023 06:40:41 -0800 (PST)
MIME-Version: 1.0
References: <0c20c9ce-5ad1-477e-9e9f-fb19e575f355@univ-grenoble-alpes.fr> <4FE18C6F-0D32-4772-BEB5-747F2C1E9F7D@marmot-tech.com>
In-Reply-To: <4FE18C6F-0D32-4772-BEB5-747F2C1E9F7D@marmot-tech.com>
From: Dotzero <dotzero@gmail.com>
Date: Sat, 11 Nov 2023 09:40:31 -0500
Message-ID: <CAJ4XoYcPmVeKq1Ve70A6i83WJVyAVJ-yhH8+XW7kYCenJwJKgw@mail.gmail.com>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d87f550609e16b76"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/sA3ZpsvZ_TJWtj4S0g8sk3UJDc0>
Subject: Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Nov 2023 14:40:45 -0000

On Sat, Nov 11, 2023 at 9:17 AM Neil Anuskiewicz <neil=
40marmot-tech.com@dmarc.ietf.org> wrote:

>
>
> On Oct 25, 2023, at 3:57 AM, Olivier Hureau <
> olivier.hureau@univ-grenoble-alpes.fr> wrote:
>
> 
> On 25/10/2023 08:10, Steven M Jones wrote:
>
> It's not so much changing the handling as changing the reporting.
>
> * The policy to apply is "none," because the p/sp/np value was faulty.
> Done.
> * Next step, if there's no "rua" target you can't report - which is now
> equivalent to bailing out of DMARC processing for this message.
>
> I am not fan of this exceptions, it breaks the ABNF ... 'A DMARC policy
> record MUST comply with the formal specification found in Section 5.4
> <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-28.html#formal-definition>
> '
> The record 'v=DMARC1; p=foobar; rua=mailto:rua@example.com
> <rua@example.com>' does not comply with the formal specification (ABNF
> rule dmarc-request)
> Furthemore, 'mailto://example.com <//example.com>' is a valid URI
> according to RFC3986. If we take into consideration the record 'v=DMARC1;
> p=foobar; rua=mailto://example.com <//example.com>' : a 'rua' tag is
> present and contains at least one syntactically valid reporting URI (no
> need to have a mailto). Who are we going to send the reports specifying the
> errors?
>
> What about using the error report of RFC 7489 for this purpose instead of
> aggregate report? (
> https://datatracker.ietf.org/doc/html/rfc7489#section-7.2.2 )
>
> I have never seen any error report but I think that error reports were a
> great ideas because they can advertise the domain owner (through the valid
> URI) for any failing external destination verification
> We could also use the error reports for  to reports any syntactic errors
> in the record could be also useful, in my opinion.
>
> Email is not dead! Now the bad news: error reports (commonly called
> failure or forensic reports are not long for this world. The only major MBP
> that I see failure reports from is Yahoo. I’m not advocating eliminating
> failure reports altogether as when one of these mythical creatures appears
> they can be very useful. But I wonder if Yahoo discusses stopping failure
> reports then failure reports would be far less useful. I do understand the
> PII concerns.
>
> My point is that the concept of failure reports sounds good in theory but
> I’d say we are in irons now with a decent chance of running aground. It
> might be an opportune time to rethink the failure report. I don’t know.
>

The fact that you aren't seeing failure reports doesn't mean they aren't
being generated. My experience has been that they are being made available
through 3rd parties where there is a contractual relationship.

Michael Hammer

v2.23.0 | Report a Bug | By Email