IETF Logo Mail Archive

Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result

Douglas Foster <dougfoster.emailstandards@gmail.com> Tue, 25 October 2022 22:03 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF854C14CF1E for <dmarc@ietfa.amsl.com>; Tue, 25 Oct 2022 15:03:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DUxJFK01Y6TY for <dmarc@ietfa.amsl.com>; Tue, 25 Oct 2022 15:03:34 -0700 (PDT)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA534C14F73F for <dmarc@ietf.org>; Tue, 25 Oct 2022 15:03:34 -0700 (PDT)
Received: by mail-lj1-x236.google.com with SMTP id r22so19117832ljn.10 for <dmarc@ietf.org>; Tue, 25 Oct 2022 15:03:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=PCtDSIsjJWFFPkCv9OPrJ42G7+meYeGfb+4rk/ttQ/4=; b=pQECe88HAj9Zs29XzUfrpM22i40dvCFE0kURd52rxuXEFHpttSBO0ru0d7AJrjYRtY Q61hRzBSIewL0EDxCRwouKTHclE6BVKaLiDSJ/6MCryKCYQODdOsxlUzqDb1Z0kYSoMu Ja3oRerjj4Vb/v2Fp0kxODygAbJCEAL4Z08chuF0fFbGdB0b3J65oa31y99pCuS4V0xQ Ypd0agzXiwsf7+qOQQkAXXMBgboYh34Covg5kMzvxvbgcv3mqCOl2eckZzFci5GEPKc2 r5ElDit+mlCZiXUvcoZZf5bLNSv/xxU3zl1qqyAAYppZjcUXaP2A71nGoppLE2h7vlsq ETgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=PCtDSIsjJWFFPkCv9OPrJ42G7+meYeGfb+4rk/ttQ/4=; b=K/YjKDnxhq0HdfHfWtFNcadiUl+XBex4kGVmNBiBLac+FHG52jJzSgTZX6gxSvsFJF hkZsycXIn3TvtNAD3Hk6fYEOJwetpAVV08d+26LBX0T54TWAqEDwz+IHF1OR/6nlIA35 +xR+Fd2b0BajCoP7xHVb+M27Ky0st/efkPMcHMB3MARlGVt79mctMSErJVQCXZgTmruo ftELxGfCU7jMDtQsVCI8cltJT4bYoj/8OhPqDTh3Toavgl1DYyk6wLVRQ28yI2rbxQ4e CXVPq3CAM5Tk1JDVR1sd5W4QOUskJZNBQ8tZZB7/LVOoPYFXjTSYzfhazjB5bPLn9fsT bfhA==
X-Gm-Message-State: ACrzQf2z8zF0uxr8Mq82jKbFCAM11cBQftvtysQEVGfefWvpa/aUso4y XHFvBZyrJmmayF+rHFji13iqGimEelNAHyw7jcXEP/6K
X-Google-Smtp-Source: AMsMyM4UjD4JjrBuH5GFXj95uprxAhRizArv9gcBD3xKa8AUf+Jw3CC7yL7rtbp6tRETuL4vgdJw718uJiUHH76Ea04=
X-Received: by 2002:a2e:3805:0:b0:277:6b2:b4e1 with SMTP id f5-20020a2e3805000000b0027706b2b4e1mr5905033lja.524.1666735411750; Tue, 25 Oct 2022 15:03:31 -0700 (PDT)
MIME-Version: 1.0
References: <9D6D6E80-B0B0-4CAD-B301-B0A17F9C6663@marmot-tech.com> <CAH48Zfx+JPeoaFA4Z2zw982-+BkJcReyjK07u8w69KMSWx8vYQ@mail.gmail.com> <MN2PR11MB4351C32D2621D2024B39802BF72A9@MN2PR11MB4351.namprd11.prod.outlook.com> <CAH48Zfx0B5nvz9B2WJ-uUEeszyaoHbPoc1oubmjnrqo_H3x3Sw@mail.gmail.com> <f0d90ca7-38b7-3a1d-2be9-30cad7bec31c@tana.it> <CAH48ZfxcYFCj_5S7CU+r-d1yypMCOX9=UvLmTCqMNSa_kejycw@mail.gmail.com> <CAJ4XoYdvk506_L6BjZD2EYWfAyCgLWTgGS3qsV0_=XHC76--Nw@mail.gmail.com> <CAH48ZfxHzEHRGW-Omkj_HotO6kSdUByxhJstQTWn5hpOapYaRQ@mail.gmail.com> <CAJ4XoYe+s7BmFcvtNPaWu1i4kv_j=CtqA1DbkusfGk9s4rDYeA@mail.gmail.com> <560ccd88-2217-9e47-f690-6bc413c67ffa@tana.it> <CAJ4XoYdbPzf5ib6TX1s4tASANUj0FdrHb1uuJy52KdQayj8y3Q@mail.gmail.com> <bcdac862-95d3-94b3-9876-1a7b62a231e6@tana.it> <CAJ4XoYerfFq6vz3utqADk=Z5iXRrdgFCyKTAKMCZ8JSUxf2N_A@mail.gmail.com> <MN2PR11MB43518C0FD95E970FA3CD393BF72E9@MN2PR11MB4351.namprd11.prod.outlook.com> <CAH48Zfz1k0UZDHGUYHgqD4gbS32e8Txu7GZsR0hMtFOd9f+jAA@mail.gmail.com> <e9319eeb-4f6e-08f0-c052-1c084d4d7ffb@tana.it>
In-Reply-To: <e9319eeb-4f6e-08f0-c052-1c084d4d7ffb@tana.it>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Tue, 25 Oct 2022 18:03:20 -0400
Message-ID: <CAH48ZfwgF8jOkkYo=UK0BBr2Kpx=8Q6iano6M5+NuA1Li3w1vQ@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000026eddc05ebe314b7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/u7qCGbSdZb2flYkMf_vlurxjZvA>
Subject: Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Oct 2022 22:03:37 -0000

A long time ago, John said something like, "It is not the sender's business
whether I forward my mail or where I send it."   Later, Laura expressed
concern about malicious actors trying to obtain forwarding data to
facilitate stalking.   I have found these arguments persuasive, and its
fits well with my current position that evaluators should not have to do
extra work on every message to satisfy the vaguely-defined reporting whims
of domain owners.

On the other hand, our specification must allow for extra identifiers to be
documented, to ensure upward compatibility with RFC 7489.   Some evaluators
will be willing to provide that extra information indefinitely.

Domain owner reporting is intended to help the domain owner verify that his
senders are properly configured or to identify a confirmed malicious actor
that needs law enforcement action.   ARC reporting is intended to help a
forwarder know whether From munging is needed or unmunging was provided.
They are different data sets created for different purposes and send to
different actors.    As long as they are not mixed, I am OK with trying to
develop a specification for ARC reporting, as part of an overall review of
ARCs effectiveness.

Doug


On Tue, Oct 25, 2022 at 4:33 AM Alessandro Vesely <vesely@tana.it> wrote:

> On Mon 24/Oct/2022 22:30:06 +0200 Douglas Foster wrote:
> > If there is detailed ARC reporting, the only target should be the
> forwarder, as
> > the message originator and domain owner are not parties to the ARC
> process.
> > Consequently, ARC reporting cannot be part of the aggregate report going
> to the
> > domain owner.
> >
> > To send reports to the ARC domain owner, we will need a DNS token for
> them to
> > request those reports.   This could be a new token in the DMARC policy
> record,
> > if we can assume that forwarders would be willing to publish a DMARC
> policy to
> > also obtain ARC reports.
> >
> > Given the trust issues around ARC, I think only acceptance events should
> be
> > reported to the ARC domain.
> >
> > The message's domain owner can get a status of "accepted by local
> policy," with
> > a code for ARC as the supporting reason.  This is equivalent to
> "redeemed" but
> > less disruptive to installed base.  I see no reason to give him anything
> more.
>
>
> A bank, say, can be interested in knowing who forwards its messages and
> whether
> they are trusted as forwarders.  It is the very same kind of business that
> allows the bank to have feedback about affiliated forwarders —those whose
> public key is published in the bank's zone.
>
> DMARC looks up records based on the domain in an email address, not on a
> signature's d=.  BTW, the d= and authserv-id domains of an ARC set can
> well be
> three distinct domains.
>
> Let's consider a message from someone@A, munged as someone@B, forwarded
> by C.
> The message contains various signatures and a long ARC chain.  A report
> generator prepares a row where this message is aggregated according to the
> authentication status of the evaluated tokens.  If we extend DMARC
> linearly,
> besides the address at _dmarc.B —the munged From: domain— we can include
> the
> same row in the report sent to the address found at _dmarc.C where C is
> the
> domain in Sender:, notwithstanding Appendix A3.
>
> By the same token, we could consider _dmarc.A if there was an Author:
> domain
> pointing there.  We can say that while From: defines message ownership,
> Author:, Sender, and possibly Resent-From: claim some interest in the
> message
> and the aligned authenticator(s).  Or do we look up DMARC records at the
> d=
> domains?
>
>
> Best
> Ale
> --
>
>
>
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email