On 11/27/2012 02:08 AM, Roland Turner wrote: > On 27/11/2012 03:17, Raman Gupta wrote: > >> Thanks Olga and Roland... using tcpdump is feasible for me, but I >> wonder how larger senders deal with this kind of issue. > > Presumably that is a problem for those senders to solve for themselves...
Of course. That doesn't lessen my professional curiosity about the various solutions people are implementing. >> I would think >> from a privacy perspective its better for a domain's administrators to >> examine just emails that failed validation, rather than capturing all >> output and checking every single email sent. > > Right, but this requires more engineering cleverness than is warranted > in your case. Your post has a note of condescension in it which is not appreciated. This may or may not be true -- you know little about me, or my clients, or the projects I am working on. >> Besides, people should be using an end-to-end encryption solution like >> S/MIME or OpenPGP if they don't want admins to be able to see their >> emails, so forensic reports would not reveal anything more than is >> visible anyway, such as headers. > > That may be reasonable advice for end users (or it may not be > <http://research.microsoft.com/apps/pubs/?id=80436>), but if you're > making an argument about whether Mail Receivers should send "forensic" > reports reports then it's not relevant. > > Something that is relevant is a legal determination about whether or > not the putative sender and/or addressed recipient (and potentially > even the actual sender) have reasonable expectations of privacy of the > Mail Receiver. In some jurisdictions, it is believed that the sending > of an unredacted DMARC forensic report to someone who was neither the > addressed recipient nor the _*actual*_ sender might breach the privacy > rights of the addressed recipient (e.g. a mass phisher uses PII that > he's stolen to make his PayPal phish more convincing - meaning that > each message contains non-public PII about the addressed recipient - > he sends it to everyone whose details he's stolen, whether or not > they're PayPal customers, the Mail Receiver notices authentication > failures and sends DMARC forensic reports to PayPal and has thereby > breached the addressed recipient's privacy rights). > > The law may not be reasonable, but the penalties are real; avoiding > them is of critical importance for many Mail Receivers. Good points here. One thing mail receivers could possibly implement in the future is to give the *addressed recipient* the option to send the forensic report to the spoofed sender for verification of the spoof and/or criminal action against the phisher. The receiver may also expose the ability for the recipient to redact the parts of the email they wish to before sending the report. This would sidestep the issue of the addressed recipient's privacy rights. Are there other implementations in the works leveraging DMARC forensic reports that anyone is willing to share publicly? I'm not asking in the context of my original post -- this is just professional curiosity now. Regards, Raman Principal VIVO Systems > - Roland > > > >> >> Regards, >> Raman >> >> >> On Mon 26 Nov 2012 10:50:14 AM EST, Olga Gavrylyako wrote: >>> Hi Raman, >>> In Google for different privacy issues we made a decision not to send >>> forensic reports. >>> >>> Olga >>> >>> On Thu, Nov 22, 2012 at 5:00 PM, Raman Gupta <[email protected]> wrote: >>>> Anyone from Google on this list that we can prod to start sending >>>> forensic reports? :) >>>> >>>> On Thu 22 Nov 2012 07:55:01 PM EST, Franck Martin wrote: >>>>> Only forensic reports would help you. I see you have a ruf, but not >>>>> everyone sends forensic reports. >>>>> >>>>> On 11/22/12 4:46 PM, "Raman Gupta" <[email protected]> wrote: >>>>> >>>>>> At least the contact form is not relevant here, as it sends via >>>>>> postfix. However, there may very well be some other program or script >>>>>> sending emails directly that I am not aware of. Which brings me back >>>>>> to the original question: I don't see any meta-data in the report that >>>>>> would help me to determine what that is. >>>>>> >>>>>> Regards, >>>>>> Raman >>>>>> >>>>>> On 11/22/2012 07:06 PM, Franck Martin wrote: >>>>>>> You are sure you are not running on that server a script that would send >>>>>>> emails directly, without passing via postfix? >>>>>>> >>>>>>> I see the website has a contact form, sometimes web servers tries to be >>>>>>> too smart: http://vivosys.com/contact >>>>>>> >>>>>>> On 11/22/12 2:44 PM, "Raman Gupta" <[email protected]> wrote: >>>>>>> >>>>>>>> First of all, DMARC is very cool. Thanks to all involved in conceiving >>>>>>>> it and setting it up. >>>>>>>> >>>>>>>> I've set up DKIM with DMARC feedback for several domains I manage. >>>>>>>> >>>>>>>> I thought everything was working fine, but I have started receiving >>>>>>>> DMARC feedback reports showing that some emails are failing the DKIM >>>>>>>> check. Here is an actual report: >>>>>>>> >>>> >>>> _______________________________________________ >>>> dmarc-discuss mailing list >>>> [email protected] >>>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >>>> >>>> NOTE: Participating in this list means you agree to the DMARC Note Well >>>> terms (http://www.dmarc.org/note_well.html) >> _______________________________________________ >> dmarc-discuss mailing list >> [email protected] >> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >> >> NOTE: Participating in this list means you agree to the DMARC Note Well >> terms (http://www.dmarc.org/note_well.html) >> > > -- > Roland Turner | Director, Labs > TrustSphere Pte Ltd | 3 Phillip Street #13-03, Singapore 048693 > Mobile: +65 96700022 | Skype: roland.turner > [email protected] | http://www.trustsphere.com/ > > > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html) > _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
