On 12/29/20 10:07 AM, Laura Atkins wrote:
On 29 Dec 2020, at 17:48, Michael Thomas <[email protected]
<mailto:[email protected]>> wrote:
On 12/29/20 9:18 AM, Todd Herr wrote:
The intent of the p= value is for the domain owner to communicate a
request for message handling by the entity evaluation the DMARC
results; a policy of p=none means "please treat this message the
same as you would have if you hadn't performed a DMARC check on it,
regardless of the result obtained from the check".
Right, but that is not what Google at least is doing in their
Auth-res. It's marking it as DMARC=fail. I think the issue is with
rfc 7601 because all I see in it are some DMARC codepoints for IANA
unless I missed something. But it could also be considered a fault of
DMARC if there isn't normative language on what constitutes
pass/neutral or missing/fail. Of course this can just be a Google
bug, but it looks more likely underspecification to me.
RFC 7489 specifically says that if the domains don’t align then the
mail fails DMARC.
5. Conduct Identifier Alignment checks. With authentication checks
and policy discovery performed, the Mail Receiver checks to see
if Authenticated Identifiers fall into alignment as described in
Section 3 <https://tools.ietf.org/html/rfc7489#section-3>. If one or
more of the Authenticated Identifiers align
with theRFC5322 <https://tools.ietf.org/html/rfc5322>.From domain, the
message is considered to pass
the DMARC mechanism check. All other conditions (authentication
failures, identifier mismatches) are considered to be DMARC
mechanism check failures.
The From address was the original address, and it has an original
signature which broke because of the list.
Here's one from Ned, auth-res shows DMARC=fail, but his _DMARC is:
"v=DMARC1" which should be equivalent to p=none.
here's the actual message:
Mike
Delivered-To: [email protected]
Received: by 2002:a54:25ca:0:0:0:0:0 with SMTP id x10csp10181329eco;
Tue, 29 Dec 2020 09:40:32 -0800 (PST)
X-Google-Smtp-Source:
ABdhPJyg+U7QcElEhZoI4aKc4WUQJDIWF5y8fdwdJmyjtympNYX9FAdff8Hm/Li9AYTGbddL/trG
X-Received: by 2002:a9d:336:: with SMTP id 51mr35190952otv.29.1609263632302;
Tue, 29 Dec 2020 09:40:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1609263632; cv=none;
d=google.com; s=arc-20160816;
b=dTJ54tXt0rCUsyrv1GwOeH4tt4b0svswn6u/HQWkAaV71Lq8FvoSMoDgE1O89PMWh/
SeSKMR4NfyZsLOTh6KIWQ4nnQXBiPeyQqdVBHFbR+rnRQTPbxSlR6nPHiAa7rdv1ALmL
dblBh3d+RQQGhaca/RMd4zT570hheniVq9CFxjCyhoa5aVFiHKgAK98ouRV5G+cmliAP
cKuo4J2logklJ2tRkL/WaJbw5eFXXE1fSYrlO5PCINiAIRgjofhv6OfYdZ4DjA+q+B3I
JORJjRfm+QS3HtuLNWl1Qood3uZzHNUUfWFXYAO8V7xMix7ueZa+MfzvYDz4pSUq5LYt
XtZQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=sender:errors-to:content-transfer-encoding:cc:list-subscribe
:list-help:list-post:list-archive:list-unsubscribe:list-id
:precedence:subject:archived-at:to:references:in-reply-to:date
:message-id:from:mime-version:dkim-signature:delivered-to
:dkim-signature:dkim-signature;
bh=K1GgIcpwgrhht0uXSnTdvMnH4VecXw2MUZjQBJOuUr0=;
b=nLsXAjfcPF4vqV+DPpFvzAkhJVfT8TiRkgDhEck7mOmobi376n+SINg/aife5vS0jB
1ceDHt4zmM9mJaRv/0r4ScjrYStxd1udPBR04PxwO7upqpBKgq3EP+CS0HS7kT3tF5AW
VnsuiEOOvgR1SJCFKOg6vFEoDZ0A3WC0XwuYw7a4uiuK34sCMQyTA8rG/Z59BsNUPoKg
68PWKxGvV7WVCNI5cBeT0Zq4K8zNCYUiwvdd/Drohw7q9mqh2EpWneY+HVD6toGwSVqQ
SwAyoWMlJY6VPaPt8BsarBo+KpyL2yGa2bd9REDdf5byYvf7QrPrL0KfwlYmSTPDXGnx
Ynrg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass [email protected] header.s=ietf1 header.b=aayvF8Pg;
dkim=pass [email protected] header.s=ietf1 header.b="PwU4/yuQ";
dkim=neutral (body hash did not verify) [email protected]
header.s=201712 header.b=PRr8Q7Zv;
spf=pass (google.com: domain of [email protected] designates
4.31.198.44 as permitted sender) [email protected];
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mrochek.com
Return-Path: <[email protected]>
Received: from mail.ietf.org (mail.ietf.org. [4.31.198.44])
by mx.google.com with ESMTPS id k26si2675892oig.140.2020.12.29.09.40.32
for <[email protected]>
(version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
Tue, 29 Dec 2020 09:40:32 -0800 (PST)
Received-SPF: pass (google.com: domain of [email protected] designates
4.31.198.44 as permitted sender) client-ip=4.31.198.44;
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=ietf1 header.b=aayvF8Pg;
dkim=pass [email protected] header.s=ietf1 header.b="PwU4/yuQ";
dkim=neutral (body hash did not verify) [email protected]
header.s=201712 header.b=PRr8Q7Zv;
spf=pass (google.com: domain of [email protected] designates
4.31.198.44 as permitted sender) [email protected];
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mrochek.com
Received: from ietfa.amsl.com (localhost [IPv6:::1])
by ietfa.amsl.com (Postfix) with ESMTP id 6D3C43A0637
for <[email protected]>; Tue, 29 Dec 2020 09:40:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1;
t=1609263631; bh=EGQWffHXRQ6gspv6YxtmRG6Fn28UIhBFVLnT2fAWP+A=;
h=From:Date:In-reply-to:References:To:Subject:List-Id:
List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
Cc;
b=aayvF8PgSyzrXOZYbNxAumLnlLbDQalrt4v/c80QwqvBZwDP3pKlwFBsokgbGdqyj
NAzqqsrLPPXsYkTNPzmpsQmBkHhz9i+qWILS4DjGJEhDwtrz0X6PKXTLDVHgfUxgRt
az2SiD/+IPA7iMqhsjjuerYU9UNIlD/Iq4dNtW3M=
X-Mailbox-Line: From [email protected] Tue Dec 29 09:40:26 2020
Received: from ietfa.amsl.com (localhost [IPv6:::1])
by ietfa.amsl.com (Postfix) with ESMTP id 770A03A00D8;
Tue, 29 Dec 2020 09:40:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1;
t=1609263624; bh=EGQWffHXRQ6gspv6YxtmRG6Fn28UIhBFVLnT2fAWP+A=;
h=From:Date:In-reply-to:References:To:Subject:List-Id:
List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
Cc;
b=PwU4/yuQPAZwBP5tbjxZEG1gunIJDSOkf7BOD5fFeiB9+0Kr9B5jxtcsdj8tncl0E
PA0Fes+JZac4PX4NFJhQnXyP81gDZckIysH8SV6r3wUy9zxheqUWa0+OpsOaZTcU14
yPn4VMb1pn4H7YHpQfKDEgn6eKmQUfXq6jwZ9wSE=
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 4C5223A00D3
for <[email protected]>; Tue, 29 Dec 2020 09:40:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=mrochek.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id n1U1x7AxmrJ7 for <[email protected]>;
Tue, 29 Dec 2020 09:40:21 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [98.153.82.211])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 45C543A00D2
for <[email protected]>; Tue, 29 Dec 2020 09:40:21 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com
(PMDF V6.1-1 #35243) id <[email protected]> for
[email protected]; Tue, 29 Dec 2020 09:35:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mrochek.com; s=201712;
t=1609263318; bh=ewHxwhE1IkhylbN6K9Ju/+CBAakzJSsXNExHQ9KhZnU=;
h=From:Cc:Date:Subject:In-reply-to:References:To:From;
b=PRr8Q7ZvkBTBM2pDFoj11yUAiARLH0Rdv/x6rtkAkorFjOltlWqOIa5XHklqPQ0zC
IqZveNoYHzmwN9COu1NWEjWUI7TDAW5YoOpJwWtMmfqHvTOIOSfrOkH6Fh5KFR27Ly
cKgMVOS40Foj24fHUoCMNqGHOaZttR+5IbF+Kqkg=
MIME-version: 1.0
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243)
id <[email protected]>
(original mail from [email protected]) for [email protected]; Tue,
29 Dec 2020 09:35:15 -0800 (PST)
From: [email protected]
Message-id: <[email protected]>
Date: Tue, 29 Dec 2020 09:22:18 -0800 (PST)
In-reply-to: "Your message dated Tue, 29 Dec 2020 10:59:30 +0100"
<[email protected]>
References: <[email protected]>
<caj4xoydxwtgadpdl1ejuygnpsy038vj-fw_x1f2rep1jl0r...@mail.gmail.com>
<[email protected]>
<[email protected]>
<CAL0qLwYDeV9CmFg9qCCGPse00JV30WRiSC4orC-EitK=hia...@mail.gmail.com>
<[email protected]>
<CAL0qLwZXu3FxH7QGBS7PGbeDwfDTGmC=rbpeqidvv4edjnh...@mail.gmail.com>
<CAJ4XoYeK2cJb+easc=mqci4ap1932lmbddfxm1dfzkrdo2a...@mail.gmail.com>
<[email protected]>
<CADyWQ+GJ62jt=dL9Gzuw_O7USNbS=86bqazu8rdv9scb5op...@mail.gmail.com>
<[email protected]>
<[email protected]>
<cahej_8kpt2oofojdsj1x+av90hea29yabjvp+ehrpjnxxwp...@mail.gmail.com>
<caj4xoydfhzeras4jc5k04i+paukwctbbnwr0zw_cywdoae6...@mail.gmail.com>
<CAHej_8kw6JV-wQKOs1yd_z0RsZe=wuew2+zsjrmy35j-vcc...@mail.gmail.com>
<[email protected]>
<CAHej_8n=ofqbn_6v2vyj9vkfefczo1+jwnppy9vrck4jc_g...@mail.gmail.com>
<[email protected]>
To: Alessandro Vesely <[email protected]>
Archived-At:
<https://mailarchive.ietf.org/arch/msg/dmarc/IhKyBFyr-uHo92Uem1rBLZ1p730>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy
implications of failure reports
X-BeenThere: [email protected]
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting,
and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>,
<mailto:[email protected]?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:[email protected]>
List-Help: <mailto:[email protected]?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>,
<mailto:[email protected]?subject=subscribe>
Cc: Todd Herr <[email protected]>, IETF DMARC WG <[email protected]>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: [email protected]
Sender: "dmarc" <[email protected]>
On Mon 28/Dec/2020 22:20:55 +0100 Todd Herr wrote:
>
> DMARC validation failures can be caused either due to legitimate mail
> (i.e., mail originated by or on behalf of the publisher of the DMARC
> policy, a.k.a., the domain owner) failing authentication checks due to a
> shortcoming in the authentication practices of the domain owner or some
> other hiccup that occurs in transit, OR by illegitimate mail (i.e., mail
> not originated by or on behalf of the domain owner, so mail intended to
> fraudulently impersonate the domain), specifically the kind of mail that
> DMARC is purported to be designed to stop.
That kind of analysis seems to be missing from the draft. After some years of
experience, we should be able to provide some, I'd hope. If not, we'd better
bluntly drop the draft.
I think a list of possible failure causes would be nice to have, because
a lot of people seem to think that DMARC is a completely reliable mechanism.
I'm not entirely convinced this document is the place for it, but OTOH
I'm not convinced it isn't.
It also strikes me as more of an exercise in enumeration of possibilities than
an actual analysis.
Let's see. We have:
o Illegitimate mail
o Message changed in transit, invalidating DKIM signature
o Incorrect DKIM signing
o Incorrect SPF setup
o Unintentional domain misalignment
o Improper assertion of DMARC policy
We get regularly get problem reports whose root cause turns out to be one of
these things.
I've probably missed a bunch, and this may not be the best way to compose the
list.
Ned
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
