[dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help
"John R. Levine" <johnl@iecc.com> Mon, 25 January 2021 02:29 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32D1C3A0CAF for <dmarc@ietfa.amsl.com>; Sun, 24 Jan 2021 18:29:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Level:
X-Spam-Status: No, score=-0.2 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7UO16fS1SQ_u for <dmarc@ietfa.amsl.com>; Sun, 24 Jan 2021 18:29:39 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D32843A0CAC for <dmarc@ietf.org>; Sun, 24 Jan 2021 18:29:38 -0800 (PST)
Received: (qmail 61956 invoked from network); 25 Jan 2021 02:29:37 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:mime-version:content-type; s=f201.600e2d11.k2101; bh=mud01kN81NTSeZ8MYnttC36L+4uLt6oDaZXKQgBvwRQ=; b=rvoaw7aeGzWxEokbBeP9L4F34ffUC9BK/C0zxJrA8tdQFbhYDLWB8IjHN+GVo/OYVEetsUpS95W/CWkfLdCDK050JlrZUA2L6c2810BZeQCWNiKqRuBEL0sRdMx+oDIzRxDjyjg4OKwAT32PyO/uyXw2KlsmAwuVf7onK8zhKnBqxPfCvNsFC+3HTIctB2DPgS8QK1XDdo2VscRN+NSKPoAWqjuDCby2Fxr1rVr6JogC+0AhPxxKVt9q64aQRAONqm4dM8SAG5bkLu57LHm/E6YtSGQLfAoS8Neo0uB5hqNsXvh89o57XOKVZuzFxTdo6smR/I4U2cav9Wm2CKRrWQ==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 25 Jan 2021 02:29:36 -0000
Received: by ary.qy (Postfix, from userid 501) id 14AB26C0B79E; Sun, 24 Jan 2021 21:29:35 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id C93C96C0B780 for <dmarc@ietf.org>; Sun, 24 Jan 2021 21:29:35 -0500 (EST)
Date: Sun, 24 Jan 2021 21:29:35 -0500
Message-ID: <34317129-8225-fb38-4ad3-e1b9ffed21fb@iecc.com>
From: "John R. Levine" <johnl@iecc.com>
To: dmarc@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/vW3NSwAqfg218Nho3JGqxOdW58A>
Subject: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2021 02:29:41 -0000
I realized why the arguments about whether to require authentication on reports are pointless. If you actually look at reports, for the most part the address sending the report is not the recipient domain or anything like it. For example, recent failure reports I got from solarwinds.com (yes, them) are about mail to cisp.co.za which was forwarded to spamexperts.com. Reports from seznam.cz are about mail to email.cz. Reports from manthorp.com are about mail to streamingco.net. Aggregate reports don't even include the recipient domains, and tell me about sending IPs some of which are mine but most of which are not as mail bounces around through mailing lists and forwarders, or spammers just send spam with my domain on the From line. As we all know, bad guys are at least as good at authentication as good guys, probably better. So if someone for some reason wanted to send me fake reports of either kind, they could send them with perfect DMARC alignment and they'd still be fake. If they report spam with one of my domains on the From line, there's no way at all to tell whether those reports are real. I can use heuristics to recognize mail my system actually sent that went through mailing lists I know about, but DKIM signing the reports wouldn't help. So I suggest that we close tickets 98 and 99. They don't identify a real problem, and if they did. they wouldn't fix it. Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
- [dmarc-ietf] Tickets 98 and 99 -- fake reports ar… John R. Levine
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Todd Herr
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Todd Herr
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Douglas Foster
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Seth Blank
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Seth Blank
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Seth Blank
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Murray S. Kucherawy
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Seth Blank
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Seth Blank
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Seth Blank
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Todd Herr
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… John Levine
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… John Levine
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Douglas Foster
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Douglas Foster
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… John Levine
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Todd Herr
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Alessandro Vesely
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Alessandro Vesely
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… John R Levine
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Alessandro Vesely
- [dmarc-ietf] reporting security requirements Michael Thomas
- Re: [dmarc-ietf] reporting security requirements Seth Blank
- Re: [dmarc-ietf] reporting security requirements Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Todd Herr
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Steven M Jones
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Michael Thomas
- Re: [dmarc-ietf] Tickets 98 and 99 -- fake report… Seth Blank