Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
On Wed, Sep 30, 2020 at 8:42 AM Dave Crocker wrote: > On 9/30/2020 8:39 AM, Seth Blank wrote: > > * * > > > Since quibbling is always more fun than dealing with substance... > > Given the recent exchange about 'dispose', perhaps "handling" is a safer > vocabulary choice? > > d/ > Dave, please open a ticket about vocabulary within DMARC that you think requires modification to be clearer and/or safer (like "dispose", which has now been raised in two separate threads), and we'll tackle those language changes separately with respect to the entire body of documents instead of within the scope of singular issues. > > -- > Dave Crocker > Brandenburg InternetWorking > bbiw.net > -- *Seth Blank* | VP, Standards and New Technologies *e:* s...@valimail.com *p:* 415.273.8818 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system. ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
On 9/30/2020 8:39 AM, Seth Blank wrote: * * Since quibbling is always more fun than dealing with substance... Given the recent exchange about 'dispose', perhaps "handling" is a safer vocabulary choice? d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
On Wed, Sep 30, 2020 at 8:12 AM Seth Blank wrote: > On Wed, Sep 30, 2020 at 8:01 AM Kurt Andersen (b) > wrote: > >> On Tue, Sep 29, 2020 at 3:50 PM Dave Crocker wrote: >> >>> On 9/29/2020 3:08 PM, Seth Blank wrote: >>> > I don't know of any receiver that checks DMARC, but then doesn't check >>> > alignment >>> >>> It's not a matter of field statistics: >>> >>> Since checking alignment is an obvious part of the DMARC >>> procedure, if someone does not follow the specification, they are not >>> doing DMARC. >>> >> >> Does that mean that "none" is not an appropriate verdict? >> > > No, per https://tools.ietf.org/html/rfc7489#appendix-C "none" is the only > option for when a policy action is not undertaken: > > > > > > > > > > > The point of this thread, and where consensus appears to lie, is adding > another value to disambiguate the use cases. > Hit send too fast, that's only part of the relevant schema, the rest (which uses the above) is: * * > > >> --Kurt >> > > > -- > > *Seth Blank* | VP, Standards and New Technologies > *e:* s...@valimail.com > *p:* 415.273.8818 > > > This email and all data transmitted with it contains confidential and/or > proprietary information intended solely for the use of individual(s) > authorized to receive it. If you are not an intended and authorized > recipient you are hereby notified of any use, disclosure, copying or > distribution of the information included in this transmission is prohibited > and may be unlawful. Please immediately notify the sender by replying to > this email and then delete it from your system. > -- *Seth Blank* | VP, Standards and New Technologies *e:* s...@valimail.com *p:* 415.273.8818 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system. ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
On Wed, Sep 30, 2020 at 8:01 AM Kurt Andersen (b) wrote: > On Tue, Sep 29, 2020 at 3:50 PM Dave Crocker wrote: > >> On 9/29/2020 3:08 PM, Seth Blank wrote: >> > I don't know of any receiver that checks DMARC, but then doesn't check >> > alignment >> >> It's not a matter of field statistics: >> >> Since checking alignment is an obvious part of the DMARC >> procedure, if someone does not follow the specification, they are not >> doing DMARC. >> > > Does that mean that "none" is not an appropriate verdict? > No, per https://tools.ietf.org/html/rfc7489#appendix-C "none" is the only option for when a policy action is not undertaken: The point of this thread, and where consensus appears to lie, is adding another value to disambiguate the use cases. > --Kurt > -- *Seth Blank* | VP, Standards and New Technologies *e:* s...@valimail.com *p:* 415.273.8818 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system. ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
On Tue, Sep 29, 2020 at 3:50 PM Dave Crocker wrote: > On 9/29/2020 3:08 PM, Seth Blank wrote: > > I don't know of any receiver that checks DMARC, but then doesn't check > > alignment > > It's not a matter of field statistics: > > Since checking alignment is an obvious part of the DMARC > procedure, if someone does not follow the specification, they are not > doing DMARC. > Does that mean that "none" is not an appropriate verdict? --Kurt ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
On Tue, Sep 29, 2020 at 3:50 PM Dave Crocker wrote: > On 9/29/2020 3:08 PM, Seth Blank wrote: > > I don't know of any receiver that checks DMARC, but then doesn't check > > alignment > > It's not a matter of field statistics: > > Since checking alignment is an obvious part of the DMARC > procedure, if someone does not follow the specification, they are not > doing DMARC. > That's a much better point than mine. +1 > > d/ > > -- > Dave Crocker > Brandenburg InternetWorking > bbiw.net > > -- *Seth Blank* | VP, Standards and New Technologies *e:* s...@valimail.com *p:* 415.273.8818 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system. ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
On 9/29/2020 3:08 PM, Seth Blank wrote: I don't know of any receiver that checks DMARC, but then doesn't check alignment It's not a matter of field statistics: Since checking alignment is an obvious part of the DMARC procedure, if someone does not follow the specification, they are not doing DMARC. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
On Tue, Sep 29, 2020 at 2:55 PM Kurt Andersen (b) wrote: > On Tue, Sep 29, 2020 at 3:15 AM Alessandro Vesely wrote: > >> >> +1. The rationale, AIUI, is that if the receiver successfully evaluated >> alignment, then "pass" is fine. If the receiver didn't evaluate anything >> after >> it saw p=none, then "none" is fine. and should agree. >> > > If a receiver does not check alignment, then "none" would be the right > report, regardless of DMARC policy in the DNS record. (One could argue for " > ¯\_(ツ)_/¯" instead of none, but I don't know how interoperable that would > be) > As an individual, I don't know of any receiver that checks DMARC, but then doesn't check alignment if the policy is none. Is that above actually a real world use case that is understood? Perhaps this isn't clear because of the use of "none" as a status in the first place... > > If DMARC is fully evaluated, including alignment, then "pass" would be > better. > > --Kurt > ___ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > -- *Seth Blank* | VP, Standards and New Technologies *e:* s...@valimail.com *p:* 415.273.8818 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system. ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
On Tue, Sep 29, 2020 at 3:15 AM Alessandro Vesely wrote: > > +1. The rationale, AIUI, is that if the receiver successfully evaluated > alignment, then "pass" is fine. If the receiver didn't evaluate anything > after > it saw p=none, then "none" is fine. and should agree. > If a receiver does not check alignment, then "none" would be the right report, regardless of DMARC policy in the DNS record. (One could argue for " ¯\_(ツ)_/¯" instead of none, but I don't know how interoperable that would be) If DMARC is fully evaluated, including alignment, then "pass" would be better. --Kurt ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
On Tue 29/Sep/2020 05:40:13 +0200 Seth Blank wrote: I'm hearing consensus that an aggregate report should retain a disposition of "none" when the dmarc policy is "none", but when the policy is quarantine or reject, "pass" should be used to disambiguate the use cases. Further, there's been one suggestion that even in the case of a policy of none, if the mail passes an aligned authentication check, the status should be "pass". Are there any objections to the overall consensus, or further commentary on the case of an aligned pass with a policy of none? +1s are also welcome. +1. The rationale, AIUI, is that if the receiver successfully evaluated alignment, then "pass" is fine. If the receiver didn't evaluate anything after it saw p=none, then "none" is fine. and should agree. Best Ale -- ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
I'm hearing consensus that an aggregate report should retain a disposition of "none" when the dmarc policy is "none", but when the policy is quarantine or reject, "pass" should be used to disambiguate the use cases. Further, there's been one suggestion that even in the case of a policy of none, if the mail passes an aligned authentication check, the status should be "pass". Are there any objections to the overall consensus, or further commentary on the case of an aligned pass with a policy of none? +1s are also welcome. In 24 hours I'll record consensus; if there's no clear consensus on the aligned pass case, then I'll open a separate ticket for it. On Fri, Sep 25, 2020 at 10:17 AM Kurt Andersen (b) wrote: > On Thu, Sep 24, 2020 at 1:39 AM Murray S. Kucherawy > wrote: > >> On Sun, Jun 7, 2020 at 2:23 PM Seth Blank > 40valimail@dmarc.ietf.org> wrote: >> >>> https://trac.ietf.org/trac/dmarc/ticket/51 >>> >>> In a DMARC aggregate report, a record with a disposition of "none" is >>> ambiguous, as a disposition of "none" at p=none means a different thing >>> (that no action was taken on the message) than a disposition of "none" if >>> the DMARC policy is reject or quarantine (the message passed an aligned >>> authentication check of either SPF or DKIM, and was therefore not subject >>> to policy). >>> >>> It is desirable to have logically distinct disposition responses, and if >>> so, what should be reported in the latter case? As a straw man, "pass" >>> instead of "none"? >>> >> >> Given the choices, I like "pass". >> > > +1 to pass - but I'd go further than Ale and use pass whenever the DMARC > evaluation passes regardless of the policy setting in the DMARC record. > > --Kurt > -- *Seth Blank* | VP, Standards and New Technologies *e:* s...@valimail.com *p:* 415.273.8818 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system. ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
On Thu, Sep 24, 2020 at 1:39 AM Murray S. Kucherawy wrote: > On Sun, Jun 7, 2020 at 2:23 PM Seth Blank 40valimail@dmarc.ietf.org> wrote: > >> https://trac.ietf.org/trac/dmarc/ticket/51 >> >> In a DMARC aggregate report, a record with a disposition of "none" is >> ambiguous, as a disposition of "none" at p=none means a different thing >> (that no action was taken on the message) than a disposition of "none" if >> the DMARC policy is reject or quarantine (the message passed an aligned >> authentication check of either SPF or DKIM, and was therefore not subject >> to policy). >> >> It is desirable to have logically distinct disposition responses, and if >> so, what should be reported in the latter case? As a straw man, "pass" >> instead of "none"? >> > > Given the choices, I like "pass". > +1 to pass - but I'd go further than Ale and use pass whenever the DMARC evaluation passes regardless of the policy setting in the DMARC record. --Kurt ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
In article you write: >> It is desirable to have logically distinct disposition responses, and if >> so, what should be reported in the latter case? As a straw man, "pass" >> instead of "none"? > >Given the choices, I like "pass". Agreed. That's what my code did until I realized it was supposed to be none. ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
On Sun, Jun 7, 2020 at 2:23 PM Seth Blank wrote: > https://trac.ietf.org/trac/dmarc/ticket/51 > > In a DMARC aggregate report, a record with a disposition of "none" is > ambiguous, as a disposition of "none" at p=none means a different thing > (that no action was taken on the message) than a disposition of "none" if > the DMARC policy is reject or quarantine (the message passed an aligned > authentication check of either SPF or DKIM, and was therefore not subject > to policy). > > It is desirable to have logically distinct disposition responses, and if > so, what should be reported in the latter case? As a straw man, "pass" > instead of "none"? > Given the choices, I like "pass". -MSK ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
Are there any other comments on ticket 51? The report contains a disposition field where the result "none" has two different semantic meanings. Should this be clarified? Seth, as Chair On Mon, Jun 8, 2020 at 1:24 AM Alessandro Vesely wrote: > On Sun 07/Jun/2020 23:23:16 +0200 Seth Blank wrote: > > https://trac.ietf.org/trac/dmarc/ticket/51 > > > > In a DMARC aggregate report, a record with a disposition of "none" is > > ambiguous, as a disposition of "none" at p=none means a different thing > (that > > no action was taken on the message) than a disposition of "none" if the > DMARC > > policy is reject or quarantine (the message passed an aligned > authentication > > check of either SPF or DKIM, and was therefore not subject to policy). > > > > It is desirable to have logically distinct disposition responses, and if > so, > > what should be reported in the latter case? As a straw man, "pass" > instead of > > "none"? > > > The current spec, RFC 7489, does not dwell too much upon message > disposition, > but it is clear enough. > > IIRC, some ambiguity was intentional, letting "none" mean that delivery > was not > altered, which is not the same as telling the sender whether the > corresponding > messages did it to respective mailboxes or not. The report producer may be > reluctant to disclose that detail, and/or further filtering decisions can > be > made downstream —even by the MUA— without informing DMARC agents. > > All in all, the current enumeration DispositionType looks fine to me, > although > the comment in Appendix C should clarify that it is used both for > published and > for evaluated policies. > > Personally, I do write dmarc=pass in the Authentication-Results header > fields > only when the "pass" comes after a strict policy. This is a per-message > datum > which may be worth highlighting in the UI. However, I don't think > aggregate > reports would be clearer by distinguishing such cases. They are not > usually > read by human eyes, and software can easily deduce that value by comparing > with > policy_published. > > The margin of error is limited to the case of single reports generated for > periods during which the published DMARC policy changed. Yet, such events > seem > to be less likely than the possibility of reports erroneously reporting > "pass" > even when the policy published was steadily "none". > > > Best > Ale > -- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ___ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > -- *Seth Blank* | VP, Standards and New Technologies *e:* s...@valimail.com *p:* 415.273.8818 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system. ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
On Sun 07/Jun/2020 23:23:16 +0200 Seth Blank wrote: > https://trac.ietf.org/trac/dmarc/ticket/51 > > In a DMARC aggregate report, a record with a disposition of "none" is > ambiguous, as a disposition of "none" at p=none means a different thing (that > no action was taken on the message) than a disposition of "none" if the DMARC > policy is reject or quarantine (the message passed an aligned authentication > check of either SPF or DKIM, and was therefore not subject to policy). > > It is desirable to have logically distinct disposition responses, and if so, > what should be reported in the latter case? As a straw man, "pass" instead of > "none"? The current spec, RFC 7489, does not dwell too much upon message disposition, but it is clear enough. IIRC, some ambiguity was intentional, letting "none" mean that delivery was not altered, which is not the same as telling the sender whether the corresponding messages did it to respective mailboxes or not. The report producer may be reluctant to disclose that detail, and/or further filtering decisions can be made downstream —even by the MUA— without informing DMARC agents. All in all, the current enumeration DispositionType looks fine to me, although the comment in Appendix C should clarify that it is used both for published and for evaluated policies. Personally, I do write dmarc=pass in the Authentication-Results header fields only when the "pass" comes after a strict policy. This is a per-message datum which may be worth highlighting in the UI. However, I don't think aggregate reports would be clearer by distinguishing such cases. They are not usually read by human eyes, and software can easily deduce that value by comparing with policy_published. The margin of error is limited to the case of single reports generated for periods during which the published DMARC policy changed. Yet, such events seem to be less likely than the possibility of reports erroneously reporting "pass" even when the policy published was steadily "none". Best Ale -- ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
[dmarc-ietf] DMARC bis: ticket 51: disposition reporting in aggregate reports
https://trac.ietf.org/trac/dmarc/ticket/51 In a DMARC aggregate report, a record with a disposition of "none" is ambiguous, as a disposition of "none" at p=none means a different thing (that no action was taken on the message) than a disposition of "none" if the DMARC policy is reject or quarantine (the message passed an aligned authentication check of either SPF or DKIM, and was therefore not subject to policy). It is desirable to have logically distinct disposition responses, and if so, what should be reported in the latter case? As a straw man, "pass" instead of "none"? -- *Seth Blank* | VP, Standards and New Technologies *e:* s...@valimail.com *p:* 415.273.8818 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system. ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
