On Thu, Aug 5, 2021 at 3:02 AM Alessandro Vesely <[email protected]> wrote:
> On Wed 04/Aug/2021 19:40:31 +0200 Todd Herr wrote: > > > On Wed, Aug 4, 2021 at 5:32 AM Alessandro Vesely <[email protected]> wrote: > >> On Tue 03/Aug/2021 22:42:07 +0200 Todd Herr wrote: > >>> > >>> [...] > >>> I can then examine the differences in the reports, suss out > >>> which intermediaries aren't rewriting the From: header, and > >>> decide if I care enough about the volume I'm sending to those > >>> intermediaries to have it affect my decision to move to a > >>> stronger assessment policy.>> > >> Examining the difference in the reports sounds hard, especially if the > >> mail flows and remote operators' settings changed since p=none. As a > >> matter of fact, p=none lets a domain learn more about its mail flows, > >> since aggregate reports contain DKIM and SPF identifiers of mediators. > > > > This is only true if the From: header is not munged. If it's munged to > use > > the domain of the intermediary, the originator will not see data about > the > > hop from the intermediary to the reporting destination in its aggregate > > reports. > > > If the final receiver sent such data to the originator, then the > originator would see it. > Why or how could the final receiver send a report to the originator, though? DMARC record lookup is based on the From: domain. If the From: domain is munged so that it's now one that belongs to the intermediary, there's no way to know what the originating domain was, because there's no standard for munging. Perhaps at a future date, if draft-vesely-dmarc-mlm-transform or similar becomes a widely adopted and implemented standard, then receivers might be able to easily send reports to originators. Remember though that MLMs are only one special case of intermediary; auto-forwards, such as alumni.foo.edu or even [email protected] that just forwards everything to [email protected] are other cases that can cause authentication failures and to the best of my knowledge there is no standard for header munging for those cases, and frankly those hosts operating as intermediaries in those flows may be less inclined to change their systems than some MLMs have been. The IETF and you are perhaps outliers in regards to the amount of effort expended to accommodate DMARC, and I applaud both of your efforts, but I think we're a long way away from anything approaching universal receivers reporting to every hop that handles a given message. -- *Todd Herr* | Technical Director, Standards and Ecosystem *e:* [email protected] *m:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
