[dmarc-ietf] Two new fields in aggregate reports
Alessandro Vesely <vesely@tana.it> Thu, 24 October 2019 17:55 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 6BA4012011B
for <dmarc@ietfa.amsl.com>; Thu, 24 Oct 2019 10:55:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.6
X-Spam-Level:
X-Spam-Status: No, score=-1.6 tagged_above=-999 required=5
tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key)
header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Vx3YazfkxvcN for <dmarc@ietfa.amsl.com>;
Thu, 24 Oct 2019 10:54:58 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id A5CBC1200F4
for <dmarc@ietf.org>; Thu, 24 Oct 2019 10:53:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta;
t=1571939637; bh=jjyIbWZSG8X6wfgm/eZNfFRdDjoS0Gb041j+MbcDIWs=;
l=1128; h=To:From:Date;
b=BKVEIiNzKaBizPQIvGyYjOWSLAQxW6lMs0oPNIKU4QD6Xd7A52W7OmhjISRgOX7eI
IfLq2xfr0JrT8wHkCALZjwrjeb/VWVUDDk42zFQQE9dwcD9qxjehobexB6t9Ux9WLv
a0AYYrsZ6JeIpp5MIHiFJx/1WQV7rSnEo0dRngnZ6ZxKuWQaI2GeyShd9HTpF
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.111] (pcale.tana [172.25.197.111])
(AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA
id 00000000005DC028.000000005DB1E535.00003CEC; Thu, 24 Oct 2019 19:53:57 +0200
To: "dmarc@ietf.org" <dmarc@ietf.org>
From: Alessandro Vesely <vesely@tana.it>
Openpgp: preference=signencrypt
Message-ID: <2c9f5a36-105f-22bd-2029-cb66867355c2@tana.it>
Date: Thu, 24 Oct 2019 19:53:57 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Thunderbird/60.9.0
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/tA-Ug7qVAB3HKN-YjFjsyJLP964>
Subject: [dmarc-ietf] Two new fields in aggregate reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting,
and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>,
<mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>,
<mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2019 17:55:01 -0000
Hi all, it is difficult to tell what is each aggregate report's record. It is easier if the source IP is known. Mailing lists can be told by their (unaligned) SPF domain. Otherwise, it is difficult to tell abuse from legitimate users using the wrong server. Getting a failure report for each source IP is not easy, because few mailbox providers send failure reports. In order to ease the understanding of aggregate reports, I propose two additional per-record fields: *score*: The average score of the messages in the row; let's say an SA-like number (< 0 good, > 10 bad, values in between may be worth human inspection). *list*: An enumerated type, for example "none", "black", "white", "both", indicating if the source IP is listed in some public or private DNSxL that the reporting MTA uses. They're obviously subjective stuff. However, most MTAs deploy at least one of them, and summing up per-IP results every day can bring useful indications. I haven't added those fields to http://bit.ly/dmarc-rpt-schema, yet. Let's discuss. I hope they will make it to rfc7489bis. Best Ale --
- [dmarc-ietf] Two new fields in aggregate reports Alessandro Vesely
- Re: [dmarc-ietf] Two new fields in aggregate repo… Brandon Long
- Re: [dmarc-ietf] Two new fields in aggregate repo… Alessandro Vesely
- Re: [dmarc-ietf] Two new fields in aggregate repo… Дилян Палаузов
- Re: [dmarc-ietf] Two new fields in aggregate repo… Kurt Andersen (b)
- Re: [dmarc-ietf] Two new fields in aggregate repo… Chris Wedgwood
- Re: [dmarc-ietf] Two new fields in aggregate repo… John Levine
- Re: [dmarc-ietf] Two new fields in aggregate repo… Seth Blank
- Re: [dmarc-ietf] Two new fields in aggregate repo… Chris Wedgwood
- Re: [dmarc-ietf] Two new fields in aggregate repo… Dotzero
- Re: [dmarc-ietf] Two new fields in aggregate repo… Alessandro Vesely
- Re: [dmarc-ietf] Two new fields in aggregate repo… John Levine
- Re: [dmarc-ietf] Two new fields in aggregate repo… Alessandro Vesely
- Re: [dmarc-ietf] Two new fields in aggregate repo… Dotzero
- [dmarc-ietf] DMARC domain, was Two new fields in … Alessandro Vesely
- [dmarc-ietf] Purpose of aggregate reports / Re:Tw… Дилян Палаузов