Re: [dmarc-ietf] DMARC'ed reports, was Forensic report loops are a problem

Dave Crocker <> Tue, 02 February 2021 02:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 308363A169A for <>; Mon, 1 Feb 2021 18:42:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id R5V33mSU5YR4 for <>; Mon, 1 Feb 2021 18:42:29 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C7BD83A165C for <>; Mon, 1 Feb 2021 18:42:29 -0800 (PST)
Received: by with SMTP id v1so18461166ott.10 for <>; Mon, 01 Feb 2021 18:42:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=kUm0Zgse4cGUC70LmCTy+A/iJ6u80QTpDlYPaHLOVoo=; b=qcS1CXLOfFNT2Jzo+XE1hqPKMEKWpKOLZGiZiD9Tv2oFzIQJemiwkc8iphnDN8HRfQ v6tj0I40spwD8sBfQV6I11QiKpkSuoxS4nbu57b7kXe7uk3L9BQwv6Vhy10uKhZC80CD GnjQjuQ90y5vsOksyv5+pR8Z3ifX1vewVb97fQB+ONrFCvmeWS8LR4WyNp3ILiGcvfJr sxthLSWHQxBUI47LrtDBy3I0UF4q3fLV3u8R9Ct2SlEu8clfg9fSKL+HiJym740297Vp DT+iDDZupoWJ3ctDQJCA9LNuVrs1LBxwpVJKWLe0rm4yZ4u8vWcD1hcqcFWPbIhZTLBU d+xA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=kUm0Zgse4cGUC70LmCTy+A/iJ6u80QTpDlYPaHLOVoo=; b=KArvFxW9KapXRrOk88VCab0KvXEnkcXSpVddBHUbdWDiqrNKhGyKcK8y8MbBFsso6S Xmk6zEE+u+edhbKUAoPSM7LUoYpS99a94ABhYdLU2RZ5SUMoBAqRbIZSKzTcHvpPt3+x 2xu+Cyf0HxSJ1WlwEEaftnxaoKifHiGLNLGhmBUoWi6UUCDTh/grrJg5aDTYL3j6WDfL sbdB+Am20v9mJs12llLrM+R2K/e+EwnfAZGpagZvo/rzWWUrjJG6FRU8zPE6K1htKVI+ iBb5bf+ChyQ1dS0VokOBuOZcP+p6jJTRqpE1BrwR+xDqb66vi70qhBK6lQOMNOe8Z/oV YdLg==
X-Gm-Message-State: AOAM533RAB2h6hd+HbHQyoEcwbFy/TLP0h1Jd2ccX7/MDYl/IvFP+qH2 Q+yDE//ZaF2SFaypuoh1S2mtPQvFK4IbMQ==
X-Google-Smtp-Source: ABdhPJyuLm/RgU3qf0QHZHvXX14IJ1qaRmynj5ktjXOPsuhQHFvGgyfE43kGlUn0ssv1cvRQXp+S3w==
X-Received: by 2002:a05:6830:92:: with SMTP id a18mr13837208oto.23.1612233748889; Mon, 01 Feb 2021 18:42:28 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id e20sm4350415otr.14.2021. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 01 Feb 2021 18:42:28 -0800 (PST)
To: Michael Thomas <>,
References: <20210201232105.1931D6D20971@ary.qy> <> <> <> <> <> <> <> <>
From: Dave Crocker <>
Message-ID: <>
Date: Mon, 1 Feb 2021 18:42:25 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [dmarc-ietf] DMARC'ed reports, was Forensic report loops are a problem
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Feb 2021 02:42:31 -0000

On 2/1/2021 6:33 PM, Michael Thomas wrote:
> On 2/1/21 6:24 PM, Dave Crocker wrote:
>> DMARC has been deployed for 6 or 7 years. Where is this onerous abuse 
>> on reporting that you feel is inevitable?
> Email was around for 20 years until spam became a problem. 

Perhaps you missed the difference in scale between all of the last 5-7 
years versus pretty much all of that 20 years?

In other words, just to keep this simple:  They not in the least 
comparable.  Also, cf, my previous reference to incentives.

> We know how this plays out: bad guys do the least amount of work 
> possible until they have to react. When it becomes a barrier as 
> p=reject does, they take action to protect their turf. Plugging an 
> obvious security hole with a well known and trivial set of 
> authentication mechanisms to prevent forgery should be the default 
> posture. Anybody who is against that needs to explain in depth why it 
> should not be the case. Especially since it's part of DMARC now.
> Mike, security related specs thumbing their nose at security is a very 
> peculiar stance.
Mechanical application of a high-level script, without attending to the 
details that make the script actually work in a specific case, tends to 
lead to counter-productive decisions.  cf my earlier reference to 
barriers to entry and lack of damaging effect.

And flamboyant, aggressively hostile language like 'thumbing their nose' 
is not merely wrong, it is another attempt at gaslighting.  cf my 
earlier reference to hostile work environment.



Dave Crocker

Volunteer, Silicon Valley Chapter
American Red Cross