On Thu 05/Aug/2021 13:34:59 +0200 Todd Herr wrote:
On Thu, Aug 5, 2021 at 3:02 AM Alessandro Vesely <[email protected]> wrote:
On Wed 04/Aug/2021 19:40:31 +0200 Todd Herr wrote:
On Wed, Aug 4, 2021 at 5:32 AM Alessandro Vesely <[email protected]> wrote:
On Tue 03/Aug/2021 22:42:07 +0200 Todd Herr wrote:
[...]
I can then examine the differences in the reports, suss out
which intermediaries aren't rewriting the From: header, and
decide if I care enough about the volume I'm sending to those
intermediaries to have it affect my decision to move to a
stronger assessment policy.
Examining the difference in the reports sounds hard, especially if the
mail flows and remote operators' settings changed since p=none. As a
matter of fact, p=none lets a domain learn more about its mail flows,
since aggregate reports contain DKIM and SPF identifiers of mediators.
This is only true if the From: header is not munged. If it's munged to use
the domain of the intermediary, the originator will not see data about the
hop from the intermediary to the reporting destination in its aggregate
reports.
If the final receiver sent such data to the originator, then the
originator would see it.
Why or how could the final receiver send a report to the originator, though?
DMARC record lookup is based on the From: domain.
MLM transformations are not meant to conceal it.
If the From: domain is munged so that it's now one that belongs to the
intermediary, there's no way to know what the originating domain was,
because there's no standard for munging.
Perhaps at a future date, if draft-vesely-dmarc-mlm-transform or similar
becomes a widely adopted and implemented standard, then receivers might be
able to easily send reports to originators.
Since munging is not a standard, I don't think unmunging could be.
However, as we're granting citizenship to the former by describing
pct=0, we could as well admit that the latter is possible. Is it a
desirable feature to restore the original From:?
Some say ARC will help overcoming From: rewrites. How? Certainly not
because MLMs will stop rewriting all of a sudden. If all what is
wanted is to restore From:, it seems more likely that either the
originator or the MLM will set up the header so as to allow doing so.
Now, it has been said, and perhaps will make its way to the spec, that
p=quarantine; pct=0 will remove from reports the information about
indirect mail flows. Since we know that such information can be sent
nevertheless, to ask how to deal with such cases is a legitimate question.
Remember though that MLMs are only one special case of
intermediary; auto-forwards, such as alumni.foo.edu or even
[email protected] that just forwards everything to
[email protected] are other cases that can cause
authentication failures and to the best of my knowledge there is no
standard for header munging for those cases, and frankly those
hosts operating as intermediaries in those flows may be less
inclined to change their systems than some MLMs have been.
Forwarding without rewriting From: is a different problem. It usually
works, except for some cases that can be cured by strengthening
signing practices. Auto-conversions seem to have been eliminated
already. Further refinements to preserve DKIM signatures may be needed.
The IETF and you are perhaps outliers in regards to the amount of
effort expended to accommodate DMARC, and I applaud both of your
efforts, but I think we're a long way away from anything
approaching universal receivers reporting to every hop that handles
a given message.
Actually, reporting at every hop where just the recipient changes is
the normal practice.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
