Re: [dmarc-ietf] DMARC'ed reports, was Forensic report loops are a problem
Alessandro Vesely <vesely@tana.it> Tue, 02 February 2021 17:20 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DDE43A0C86 for <dmarc@ietfa.amsl.com>; Tue, 2 Feb 2021 09:20:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.121
X-Spam-Level:
X-Spam-Status: No, score=-2.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XBLBNUBtfN2I for <dmarc@ietfa.amsl.com>; Tue, 2 Feb 2021 09:20:02 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B4B43A0C80 for <dmarc@ietf.org>; Tue, 2 Feb 2021 09:20:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1612286400; bh=KCtRp0f57GmSTaXR64YgDEQwpUWdDheMt/uWnJGwNCQ=; l=1612; h=To:Cc:References:From:Date:In-Reply-To; b=AA6tX4NXyXQkMITLhMVcvTUqCFypL032mKwf/PlzkNrhl4rYx3FPe4epO7mTVa0qM RpIHPn9n4e2t/SBX+OaaDRP5Qo/7vW3deJt6psCf5bTFXAFfS6x4h8iF/OV+mLoqKh DAxb8B+Ku/3KPuV8k0KaJ/IJbV68y1pqfxaRLwrqrcljY0H9/lc1B5PxmtgPh
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Original-Cc: dmarc@ietf.org
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC042.00000000601989C0.00004195; Tue, 02 Feb 2021 18:20:00 +0100
To: Dave Crocker <dcrocker@gmail.com>, John R Levine <johnl@taugh.com>
Cc: dmarc@ietf.org
References: <20210201232105.1931D6D20971@ary.qy> <41163cd5-be81-6fd7-07dd-7a474874429e@gmail.com> <92b361a1-d9a5-9389-46b-3725d885c02@taugh.com> <b83c7574-3aa9-bd39-1a9b-3be6fa4f47ec@gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <1021a8e4-ca5f-5fb3-2661-b4668b4bafd5@tana.it>
Date: Tue, 02 Feb 2021 18:19:59 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <b83c7574-3aa9-bd39-1a9b-3be6fa4f47ec@gmail.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/xT1hUgqGFc_TaeSPy2GssbunT-I>
Subject: Re: [dmarc-ietf] DMARC'ed reports, was Forensic report loops are a problem
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2021 17:20:04 -0000
On Tue 02/Feb/2021 02:42:25 +0100 Dave Crocker wrote: > On 2/1/2021 5:38 PM, John R Levine wrote: > >> If we want to document existing practice, I guess we would say that reports >> should be authenticated and aligned if practical, but it's OK to send them if >> not. > exactly. I changed it again, for failure reports, like so: 3.3. Transport Email streams carrying DMARC failure reports SHOULD conform to the DMARC mechanism, thereby resulting in an aligned "pass". This requirement is a MUST in case the sending host has a DMARC record featuring a ruf= tag. Indeed, special care must be taken of authentication in that case, as failure to authenticate failure reports may result in mail loops. Reporters SHOULD rate limit the number of failure reports sent to any recipient to avoid overloading recipient systems. Again, in case the reports being sent are in turn at risk of being reported for DMARC authentication failure, reporters MUST make sure that possible mail loop are stopped. Some comments upthread allude to the reporter's policy. To be clear, the DMARC mechanism which results in an aligned pass is meant to say that the report is SPF or DKIM authenticated , the authenticated identifier is aligned with From:, and a DMARC record has been discovered. The value of p= is irrelevant. Indeed, from a security perspective, a faked failure report is not much different from an abusive message. To wit, a bad actor could send one or the other, directly to the victim or, respectively, to a server that will report to the victim. Best Ale --
- [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Steven M Jones
- Re: [dmarc-ietf] Forensic report loops Juri Haberland
- Re: [dmarc-ietf] Forensic report loops Дилян Палаузов
- Re: [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops John Levine
- Re: [dmarc-ietf] Forensic report loops Kurt Andersen (b)
- Re: [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Douglas Foster
- Re: [dmarc-ietf] Forensic report loops Дилян Палаузов
- Re: [dmarc-ietf] Forensic report loops are not a … John Levine
- Re: [dmarc-ietf] Forensic report loops are not a … Douglas Foster
- Re: [dmarc-ietf] Forensic report loops are not a … Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are not a … John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Juri Haberland
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Steven M Jones
- Re: [dmarc-ietf] Forensic report loops are a prob… Steven M Jones
- Re: [dmarc-ietf] Forensic report loops are a prob… Douglas Foster
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] report floods, not Forensic repo… John R Levine
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John Levine
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Douglas Foster
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Alessandro Vesely
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John Levine
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Alessandro Vesely
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Dotzero
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Dotzero
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… John R Levine
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Douglas Foster
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Seth Blank
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Alessandro Vesely
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Alessandro Vesely
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Alessandro Vesely
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John R Levine