Re: [dmarc-ietf] Endless Loops with DKIM reports
Dave Crocker <dhc@dcrocker.net> Thu, 06 June 2019 07:03 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3593C120191 for <dmarc@ietfa.amsl.com>; Thu, 6 Jun 2019 00:03:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iUrrT15QSctv for <dmarc@ietfa.amsl.com>; Thu, 6 Jun 2019 00:03:27 -0700 (PDT)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AFDA120115 for <dmarc@ietf.org>; Thu, 6 Jun 2019 00:03:27 -0700 (PDT)
Received: from [172.16.22.211] (80-64-77-66.static.acetelecom.hu [80.64.77.66]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1.1) with ESMTP id x5675XNM026211 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 6 Jun 2019 00:05:35 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=default; t=1559804735; bh=6af3KgbDQI8XROE3CYDDFhblwUxAJTs1oyeCVSpo4KQ=; h=Subject:To:References:From:Reply-To:Date:In-Reply-To:From; b=Vdfe1fKVU2nu1poyn2h3PKmoh4glIJzIrkNkbU5M5dRRYBjwCLaccEd2I6HHqcatJ +NbVr72hRecDSJDwfQJj9RyMDFgk4hB+ALbXJAnnVI0WSj0pEGA8RE1u+xfbCX6RR9 lJlZhpzVO0owwJYte4dYpbqdHNe/lvs/v2a6zbls=
To: John Levine <johnl@taugh.com>, dmarc@ietf.org
References: <20190605200619.2ED512014FE9B7@ary.local>
From: Dave Crocker <dhc@dcrocker.net>
Reply-To: dcrocker@bbiw.net
Message-ID: <787538c5-9032-8f4d-e3f2-7e3eeb357503@dcrocker.net>
Date: Thu, 06 Jun 2019 09:03:26 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0
MIME-Version: 1.0
In-Reply-To: <20190605200619.2ED512014FE9B7@ary.local>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/umeG-RZw3omJghhGpsfmvbE_Qq8>
Subject: Re: [dmarc-ietf] Endless Loops with DKIM reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jun 2019 07:03:30 -0000
On 6/5/2019 10:06 PM, John Levine wrote: > In article <29174612-a051-8066-9dde-2afaf181ca0e@dcrocker.net> you write: >> The high-level point I'm trying to make is that control messages -- such >> as DMARC reports -- need to be handled in a fashion that works >> automatically and at scale. Since looping is a well-known problem for >> such messages, they need to be generated and handled in a way that >> prevents the problem. > > Right. you can give all the advice you want about sending stuff in > ways that's intended to prevent responses, but since some people will > always ignore your good advice, and any single party only controls one > leg of the loop, the only unlateral way to limit the damage is rate > limiti Taking your note's plain language, you appear to be of the rather peculiar view that specifying standards doesn't matter, since people won't follow them. Looping is a classic problem. It has classic solutions. Getting the details of one specified for this case is, of course, different from getting people to adopt it, but the start is with specifying it. Having additional, ad hoc mechanisms for dealing with non-compliance is quite a separate matter. > It's fine to tell people to use null bounce addresses and from: > addresses that don't ask for dmarc reports, but you need to rate limit > anyway. I looked at the rest of this thread, to see where this point had already been made, since your note seems to have a tone implying it's an established point, but I couldn't find it. So again, ad hoc mechanisms might also be useful, but they are separate. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
- [dmarc-ietf] Endless Loops with DKIM reports Дилян Палаузов
- Re: [dmarc-ietf] Endless Loops with DKIM reports Dave Crocker
- Re: [dmarc-ietf] Endless Loops with DKIM reports Vladimir Dubrovin
- Re: [dmarc-ietf] Endless Loops with DKIM reports Dave Crocker
- Re: [dmarc-ietf] Endless Loops with DKIM reports Vladimir Dubrovin
- Re: [dmarc-ietf] Endless Loops with DKIM reports Dave Crocker
- Re: [dmarc-ietf] Endless Loops with DKIM reports Дилян Палаузов
- Re: [dmarc-ietf] Endless Loops with DKIM reports Vladimir Dubrovin
- Re: [dmarc-ietf] Endless Loops with DKIM reports Hector Santos
- Re: [dmarc-ietf] Endless Loops with DKIM reports John Levine
- Re: [dmarc-ietf] Endless Loops with DKIM reports Dave Crocker
- Re: [dmarc-ietf] Endless Loops with DKIM reports John R Levine
- Re: [dmarc-ietf] Endless Loops with DKIM reports Dave Crocker
- Re: [dmarc-ietf] Endless Loops with DKIM reports John R Levine
- Re: [dmarc-ietf] Endless Loops with DKIM reports Douglas E. Foster
- Re: [dmarc-ietf] Endless Loops with DKIM reports John R Levine