Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help

Seth Blank <> Mon, 25 January 2021 17:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EA0ED3A16A4 for <>; Mon, 25 Jan 2021 09:41:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9-WKM_5ygyCw for <>; Mon, 25 Jan 2021 09:41:36 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::e32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AC8793A16FC for <>; Mon, 25 Jan 2021 09:41:23 -0800 (PST)
Received: by with SMTP id f22so7605519vsk.11 for <>; Mon, 25 Jan 2021 09:41:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=imYu5jeAqQ95Oc+/WxsaC/CIdkuYJ5tzHryye5rF8r8=; b=YhlNItUIUGaFncoqiSuaknWbHmSpUADzVhrt1K/hqi5HR+75vUJJpC4dUojHXZiBtn fW1F/cwdPlYguslUCjCSfslc/Kv9Druq4Ttio2hIevSy7eL5iwyPCFmq0HzS0nLo2rHb KE2YlNtxLR6LpFZ41IHHDhmb42MJrPgLdxCZ7xZlgNjiaHA3OFmMu8GRkwN46Aiv/+QN yauBeJ2jMvQ/5adGTPJ5zeRQByYDaKZ5YlLlcWLjO4zCAxv1P3xfC63myo6/bCOT+2ca BLK7kjWdV1lSPAvdzJVseQH5c+V8ruDnivoCc0LOY9CDaunq0w3MmIBE7hC+XIBj0Fd/ wohQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=imYu5jeAqQ95Oc+/WxsaC/CIdkuYJ5tzHryye5rF8r8=; b=MhsHTj+Eknck2kXRbL502Dako9/mLUjMasLmou3/7ykZl2pQxfs86A6Mm3dga+aSPk drXx/ojKR9V0knO6FYasDRNom3yX99w83QoM0o/MLLIrnzf1Rk8+CCfB/CUUjvaVbk2Q 7oDHTp4iHabEsO8SvDusu5+1rkpRqkWyB0kV8I0lcq1wsTKPYolt45g0dQJD67iti5bz 2UjEjCxFtmtDDhqYRd2WqQkThvlGrupJ6ond85XWJ1OOnlyAtdJUc+zfhzCSKv+7YaWR KbSpzBACmtkV5rkyoOoRBWPNPBb/LdCX4XeML9Z5b+kC87Rb9V7qt3FZ5CR2lbhxHLbA cFNA==
X-Gm-Message-State: AOAM533P0Bik2+XVqXmP9JR0KJgOA5kz/yb993sFo7xoOHHEcc+Y50Pl aoBGt8MY9QAWDfi9mWav3C7cESamdZXSNBzdjsVFIg==
X-Google-Smtp-Source: ABdhPJwRC6UE8Dm+0a98P++CaQTrgEvAELe+o4KBwnURznbTy96rwcLXQZQJgfEdjQrX/D+fPyBsJnFbBlXQX3TGnIk=
X-Received: by 2002:a05:6102:1c8:: with SMTP id s8mr1677708vsq.52.1611596482630; Mon, 25 Jan 2021 09:41:22 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: Seth Blank <>
Date: Mon, 25 Jan 2021 09:41:11 -0800
Message-ID: <>
To: "Murray S. Kucherawy" <>
Cc: Michael Thomas <>, Douglas Foster <>, IETF DMARC WG <>
Content-Type: multipart/alternative; boundary="000000000000de715205b9bd0b7d"
Archived-At: <>
Subject: Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 25 Jan 2021 17:41:43 -0000

Realized I think we're going in circles. Just posted text that is status
quo that I believe already addresses Michael's concern.

On Mon, Jan 25, 2021 at 9:38 AM Murray S. Kucherawy <>

> On Mon, Jan 25, 2021 at 9:32 AM Michael Thomas <> wrote:
>> Why is this controversial? Seriously. What is controversial about saying
>> that the a report should authenticate? The onus is on the people who say it
>> does not to lay out the case for why it's not a problem, not me. #98 has a
>> simple piece of text to remedy this. it's 2021. You don't use
>> unauthenticated data if you can possibly help it.
> I'm not taking a position at this point on the issue, but I think you
> should expect that this will come up in external reviews.  If consensus is
> to maintain the status quo, we might want to say so explicitly (and why)
> rather than saying nothing, as the latter might be interpreted as it having
> gotten no consideration at all.
> -MSK


*Seth Blank* | VP, Standards and New Technologies
*p:* 415.273.8818

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.