Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result
Barry Leiba <barryleiba@computer.org> Mon, 03 October 2022 16:10 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58A24C1524C6 for <dmarc@ietfa.amsl.com>; Mon, 3 Oct 2022 09:10:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.41
X-Spam-Level:
X-Spam-Status: No, score=-1.41 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q3iSGQWReQOY for <dmarc@ietfa.amsl.com>; Mon, 3 Oct 2022 09:10:50 -0700 (PDT)
Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com [209.85.208.45]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84DA8C1524BD for <dmarc@ietf.org>; Mon, 3 Oct 2022 09:10:45 -0700 (PDT)
Received: by mail-ed1-f45.google.com with SMTP id m3so15253763eda.12 for <dmarc@ietf.org>; Mon, 03 Oct 2022 09:10:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date; bh=Xwa86BFZPaKS3CtKrnG/RWoUZikqO9ReCosyQ2aNTus=; b=Q7qYPNj3/OtcvWWgTdHnzYiM2ySh5vGcsrn2XN8v4IppeDuv9hABKSzKpWuGwBA/Ps qSQpWxYfm++tp6bhmL2ezd30HBvZk2aRBIOUGLcahhl5avAlNZZOHOT3V5VAdmlyHtOl OAdRFd/tUBOfGktnPSv18stlAGrEjOUXln7UarxAAyB0uHFV2KMWeysUakXQ5c8CX1ct J0/dHPSnAtDe5OOGd41d7nD+LL9VQnHb03TcM0uK2H/sBUNiRzqsDCCVryl/AIO6XsAc woO0p3nei1XDYDkqfoGrbNJqmz9iollscSBc9G1BZgqbiYqkOHK7l7JLn5IedNkfPqTT aAKw==
X-Gm-Message-State: ACrzQf0CdWcQ5e1hn2C2+1elhYTTNaFNoT9UN6n0VOcNJR8iv29T4/SU tw/veVLoVWabPyJkG7BswJYeReMEgYaqmjz08yw=
X-Google-Smtp-Source: AMsMyM4waY+Vp7KMQU1oyx3lbWafGBvUgPYzzIWR27tpzyBob8LysIDc+ahizt8KLx1M3nHKuqr29X1P0M/FC3K9klg=
X-Received: by 2002:a05:6402:e9d:b0:443:7833:3d7b with SMTP id h29-20020a0564020e9d00b0044378333d7bmr18774121eda.151.1664813443789; Mon, 03 Oct 2022 09:10:43 -0700 (PDT)
MIME-Version: 1.0
References: <165046214335.10055.16398898629460366752@ietfa.amsl.com> <CAH48ZfxZOq68=P-Qxjvjk1c8PxWAWDvaBPPQcb4DWmd6cL=u4Q@mail.gmail.com> <CAJ4XoYen6n06L1UBqzu9nr2jCC7v_-GOAdJXMzCks6d-AaKqUA@mail.gmail.com> <CAH48ZfzVt=+yoj280VxL_SV+YM4C7eqMWhL=41YpVybaPmLcLg@mail.gmail.com> <CAHej_8mgKjpo6DDbOS9bBdTarThKOa9F55QBtrM6G-oq1YfX+w@mail.gmail.com> <CAL0qLwYjYY4OvShqACWPz0vdJcAubdU1csFFVSkqzsReZSZxuw@mail.gmail.com> <MN2PR11MB43514940B87730CC9D476AACF75B9@MN2PR11MB4351.namprd11.prod.outlook.com> <CAL0qLwb=1CZN6s2QzWJGFeO3=iPWZ-eS=7hvi4B6jhuh+hLJ0w@mail.gmail.com>
In-Reply-To: <CAL0qLwb=1CZN6s2QzWJGFeO3=iPWZ-eS=7hvi4B6jhuh+hLJ0w@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Mon, 03 Oct 2022 12:10:32 -0400
Message-ID: <CALaySJJ2za=j0-syG_HFAtvPQjAvLuXi_7s21cteDfnGM8anCA@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: "Brotman, Alex" <Alex_Brotman@comcast.com>, Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org>, Douglas Foster <dougfoster.emailstandards@gmail.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/uPY6l1sjCH-D5NhPT-ZTPvprVDc>
Subject: Re: [dmarc-ietf] Aggregate Reporting - "Not Evaluated" result
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2022 16:10:51 -0000
Personally, I think the right approach to this is a section about the importance of reporting to keep domain owners informed and aware and to promote wider adoption of authentication and policy protocols. That section would say that reporting SHOULD be done for those reasons and would explain the benefits. That would make it clear that the SHOULD is not for interoperability, but for the reasons laid out in that section. And then we use no further BCP 14 key words about reporting, allowing that section to carry the message. Barry On Mon, Oct 3, 2022 at 12:01 PM Murray S. Kucherawy <superuser@gmail.com> wrote: > > On Mon, Oct 3, 2022 at 10:26 AM Brotman, Alex <Alex_Brotman@comcast.com> wrote: >> >> So we would likely need a section in the core document with a SHOULD for evaluation (if it’s not already there), and then a section in the aggregate reporting for a MUST for reporting on evaluated information (if they choose to send reports at all), correct? > > > I'm having a hard time coming up with a crisp answer to this. > > From a security perspective, failing to do either of these doesn't create any sort of security exposure, so neither is justified. > > From an operations perspective, you could argue that doing both is necessary for robustness and operator sanity (i.e., the complete picture is recorded which enables debugging), so both are justified. > > From the actual protocol standpoint, the filtering part of DMARC operates just fine if you make the shortcut Doug is proposing, so the first SHOULD is probably apt but the MUST is moot because it doesn't change interoperability. > > I guess it depends on what we think the priority is. > > -MSK > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc
- [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggrega… internet-drafts
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Brotman, Alex
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Dotzero
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Todd Herr
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Murray S. Kucherawy
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Brotman, Alex
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Murray S. Kucherawy
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Barry Leiba
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Laura Atkins
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Murray S. Kucherawy
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Neil Anuskiewicz
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Scott Kitterman
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Dotzero
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Scott Kitterman
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Neil Anuskiewicz
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Neil Anuskiewicz
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Brotman, Alex
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Dotzero
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Dotzero
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Dotzero
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Murray S. Kucherawy
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Dotzero
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Brotman, Alex
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Alessandro Vesely
- Re: [dmarc-ietf] Aggregate Reporting - "Not Evalu… Douglas Foster