Re: [dmarc-ietf] Ticket #42 - Expand DMARC reporting URI functionality

John Levine <johnl@taugh.com> Tue, 08 December 2020 23:56 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32CC73A0C73 for <dmarc@ietfa.amsl.com>; Tue, 8 Dec 2020 15:56:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.851
X-Spam-Level:
X-Spam-Status: No, score=-1.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=j+CUNw8m; dkim=pass (2048-bit key) header.d=taugh.com header.b=Of15cOzd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UTz3TXvQalIO for <dmarc@ietfa.amsl.com>; Tue, 8 Dec 2020 15:56:29 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C45B33A0C70 for <dmarc@ietf.org>; Tue, 8 Dec 2020 15:56:28 -0800 (PST)
Received: (qmail 92396 invoked from network); 8 Dec 2020 23:56:24 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=168ea.5fd012a8.k2012; bh=NMSbsEqwEu+AUdg4r514zmXd+GIH8DrfZPr1mOwXY1E=; b=j+CUNw8mHhYjMhf84TQF7kQo948IjW6/TM0x5wpttlZ1DQk1B4bIRzqu9NjRI3EJ6j2+2ky8GCUpBVYfuQnXyNJzTCv955wFWwfzoD4wLyGPNgjRomRN9UiHTZMQu/mqH8BcOCLOT8mpP9GpbZyWq1gYgCR0XHC/6eAFAPXrqaXhiPXvDMpFY6zFtBLEtOhGmSMTyBgbK7Cas11WgSZ79ZkfMwERqU0rlxDUgylJ2BKT0YBMXshZGG23qV3/caIy2tQmfyAGllbZatyV9Lw7ycJMsfuaQtA8ZFCmx6y4x/6tQOWM5biCcMHzgSBQmDM4SgXB8K4fqUXK9kMAzijH1g==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=168ea.5fd012a8.k2012; bh=NMSbsEqwEu+AUdg4r514zmXd+GIH8DrfZPr1mOwXY1E=; b=Of15cOzdkXnk5j6NdBd/ctI6G2i1zt6G7pPaTBNUjPafn4EAScQ4YApsF6FTxFlWogLVxDRD3dmwqcXWzr8bigaic0L1i2b/XtJM/UpyyN1AmdeX5zF24Z2DhCgY3dce88dgZP8q9QLlD23TDRymjQtHiD5GquaRmzIwc0N8i6kzWX6xPFDH/P+cIxXz32bWDH7TgEmR3N8zOAEJ3JGP+1IPD26xnHM18JWEkPkRnLAOtmsTw/fMaCcLn9ufTJ2QKzJB6PK3m91sDaKNGGhVyZbqXs2p0kyrk+okbfqHVa4hvgGGW3/00Sj93rhKw8QUwo74W9r9ih67/dHI344qNg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 08 Dec 2020 23:56:23 -0000
Received: by ary.qy (Postfix, from userid 501) id 77A662938D42; Tue, 8 Dec 2020 18:56:22 -0500 (EST)
Date: 8 Dec 2020 18:56:22 -0500
Message-Id: <20201208235623.77A662938D42@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: johnl@taugh.com
In-Reply-To: <cde83285-5cf1-41f0-6df2-b89637cfc7cb@taugh.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/zfys-WKWvqzroto9_fuKK094rlU>
Subject: Re: [dmarc-ietf] Ticket #42 - Expand DMARC reporting URI functionality
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2020 23:56:31 -0000

In article <cde83285-5cf1-41f0-6df2-b89637cfc7cb@taugh.com> you write:
>>> I didn't get any of those (the POSTs below are not to the right URI)
>>> but it's impressive how fast Russian bots started to probe it, within
>>> hours.
>>
>> I thought it's about interoperability. Simply having a webserver running
>> doesn't come close to interoperability, and certainly not at scale.
>
>I guess I wasn't clear enough.  I know there's no http reporting in DMARC, 
>but there was in an early version of the spec.  I was wondering if anyone 
>had implemented that.  Apparently not.

I must admit one thing that did surprise me was that something is looking at
DMARC DNS records and probing the https URIs they contain, since that is the
only place there are referecnes to my newly created https reporting URI.

R'sm
John