IETF Logo Mail Archive

Re: [marf] draft-ietf-marf-dkim-reporting feedback

"Murray S. Kucherawy" <msk@cloudmark.com> Tue, 24 January 2012 00:45 UTC

Return-Path: <msk@cloudmark.com>
X-Original-To: marf@ietfa.amsl.com
Delivered-To: marf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8630321F8608 for <marf@ietfa.amsl.com>; Mon, 23 Jan 2012 16:45:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.593
X-Spam-Level:
X-Spam-Status: No, score=-102.593 tagged_above=-999 required=5 tests=[AWL=0.007, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gPnt9Jezticq for <marf@ietfa.amsl.com>; Mon, 23 Jan 2012 16:45:31 -0800 (PST)
Received: from ht1-outbound.cloudmark.com (ht1-outbound.cloudmark.com [72.5.239.25]) by ietfa.amsl.com (Postfix) with ESMTP id D908321F8605 for <marf@ietf.org>; Mon, 23 Jan 2012 16:45:31 -0800 (PST)
Received: from spite.corp.cloudmark.com (172.22.10.72) by exch-htcas901.corp.cloudmark.com (172.22.10.73) with Microsoft SMTP Server (TLS) id 14.1.355.2; Mon, 23 Jan 2012 16:45:31 -0800
Received: from EXCH-C2.corp.cloudmark.com ([172.22.1.74]) by spite.corp.cloudmark.com ([172.22.10.72]) with mapi; Mon, 23 Jan 2012 16:45:31 -0800
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: Message Abuse Report Format working group <marf@ietf.org>
Date: Mon, 23 Jan 2012 16:45:30 -0800
Thread-Topic: [marf] draft-ietf-marf-dkim-reporting feedback
Thread-Index: Acx/pen7WTucZqtBSWeaRHTBXT38hhailQEQ
Message-ID: <F5833273385BB34F99288B3648C4F06F19C9A7D95E@EXCH-C2.corp.cloudmark.com>
References: <8BF70BBB-4AC7-4E8F-A22B-3B2DEBDB1893@wordtothewise.com>
In-Reply-To: <8BF70BBB-4AC7-4E8F-A22B-3B2DEBDB1893@wordtothewise.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [marf] draft-ietf-marf-dkim-reporting feedback
X-BeenThere: marf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Message Abuse Report Format working group discussion list <marf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/marf>, <mailto:marf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/marf>
List-Post: <mailto:marf@ietf.org>
List-Help: <mailto:marf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/marf>, <mailto:marf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jan 2012 00:45:32 -0000

> -----Original Message-----
> From: marf-bounces@ietf.org [mailto:marf-bounces@ietf.org] On Behalf Of Steve Atkins
> Sent: Friday, September 30, 2011 12:20 PM
> To: Message Abuse Report Format working group
> Subject: [marf] draft-ietf-marf-dkim-reporting feedback
> 
> 1. Who would want it and their existing alternatives.
> 
> This seems to be a feature that will primarily be of interest to bulk
> emailers. Those senders are interested in many facets of email
> delivery, and have existing networks of probe addresses at many ISPs
> which they use to monitor email delivery. Those probe networks can
> already give them most of the same information that this would provide,
> without any requirement for support by the receiving ISP.

My motivation is actually not bulk senders in particular.  It's implementers that are trying to get their implementations to interoperate, and trying to figure out why they don't.  To be specific, this sort of thing was particularly valuable when DKIM was young and one operator had installed some software but couldn't figure out why signatures were failing.  Where the verifier doesn't have the knowledge or tools to track down the problem, the signer has a way to request the forensic information needed via this mechanism.

> 2. Where in the delivery path does it detect errors, and whether
> organizations causing errors are likely to deploy this sort of code
> 
> It seems to be intended to detect DKIM-invalidating modifications "at
> the receiver", as it's fairly easy for a sender to identify problems
> that are near to them. Receivers who have a "non-DKIM-clean" delivery
> path seem like the least likely receivers to add additional DKIM/ADSP-
> specific baggage to their delivery path - so I'm not sure that
> something like this would be likely to be deployed at the receiving
> ISPs where the feedback would likely need to be generated. Unless it's
> intended for MUA deployment, maybe?

It's agnostic to the path.  What it's able to give is "This message was changed since delivery.  Here's what we saw on receipt."  And where a DKIM "z=" tag is used, it's possible to show what part of the header changed without having to keep all sent headers around for a while.

> 3. Implementation nits
> 
> 3a. Inconsistent flags for in-band reporting
> 
> There are some nits too. You can ask for a magic cookie in the
> rejection string using rs= - which is good, as that can be handled well
> by existing delivery log monitoring tracking. But rs= is not valid
> unless there's an r= field that's asking for reports to be sent to a
> specific address. r= is being overloaded as both a boolean ("do some
> sort of reporting") and as a parameter to one particular sort of
> reporting (via sending an email). Unless that's there for backwards
> compatibility I'd be tempted to split the two.

What's the specific objection to such overloading?

> 3b. Does this define an email address for reports, or just a local
> part?
> 
> r= "MUST be a dkim-quoted-printable string containing an e-mail
> address", yet it "MUST be interpreted as a local part only". The
> examples tell me that it's just a local part, and doesn't have an "@"
> sign in it, but the spec should probably be clarified.

Fixed.

> 4. Sampling may be useful, but probably not if it can only be applied
> identically to all receivers
> 
> I don't see ri= as being particularly useful given the way I expect
> this would be used, as that value is shared across all receivers. I'm
> either going to want a report about every failure, or I'm going to want
> summary reports. If Gmail are having very rare DKIM failures on my mail
> - one in a million, say - I'm going to want to see every one. If
> Earthlink are breaking everything I send, I'm going to want summary
> reports. I can't get both, so I'm going to end up leaving it set to "0"
> and summarizing at my end. If it were in the format of "no more than X
> reports every Y seconds" it might make more immediate sense than simply
> reporting every n-th message, maybe. That would also avoid the problems
> in 8.3 and would allow the sender more control over the issues in 8.5.

I've changed it to that syntax.  (You and John concur on this point.)

> 5. In-band advertising vs out-of-band vs overloading DKIM
> 
> For many use cases this functionality could be handled by in-band
> advertising (e.g. a "DKIM-Errors-To: foo@bar.com" header).

I've changed it to be a tag in the signature, rather than registering a whole new header field.

> It could also be handled via a separate DNS lookup, rather than
> overloading the existing DKIM key record.

Extra DNS traffic is exactly what I'm trying to avoid here.  John suggested putting it in the signature, which is even better; the previous design always went to the DNS even for messages that don't need it (because signature didn't match the hash), but now the rules for going to DNS are tighter.

> 6. Would something broader be more useful?
> 
> This is very specific to DKIM or ADSP failures. If it is useful for the
> sender to be notified of one sort of authentication failure, they'll
> probably be interested in notification of other failures (SPF?).

The work has been extended to support SPF through the spf-reporting draft and corresponding changes to the authfailure-report draft.

-MSK

v2.23.0 | Report a Bug | By Email