---
OLD
```
```
NEW
```
```
-----
Olivier HUREAU
PhD Student
Laboratoire Informatique Grenoble - UGA - Drakkar
[ https://hureau.com/ | hureau.com ]
___
dmarc mailing
> I'm fairly sure they would say that behavior is extremely broken. It
is so broken that I doubt it's actuallly happening other than in
obscure corner cases involving ancient hardware with a thick layer of
dust.
Some universities' resolvers return NOERROR instead of NXDOMAIN (samba4 server
> If we need some real world examples of this, got a few here:
According to my measurements, 14M domain names out of 280M active domains have
a CNAME at _dmarc.
871,245 has a valid DMARC record. Part of them, 7609 are a 1M top popular
domain (tranco)
For those without DMARC records (I
>> dmarc-version = "v" equals %s"DMARC1
> I believe the "%s" should be dropped
'DMARC1' is case-sensitive in 7489.
Either we keep the "%s" or we go back to 7489 version : "%x44 %x4d %x41 %x52
%x43 %x31"
> I think it should be %x20-3A / %x3C-7E
Agreed.
I would also add comment about the
Would you prefer one comment/issue or in batch?
De: "Todd Herr"
À: "dmarc"
Envoyé: Jeudi 29 Février 2024 15:37:01
Objet: Re: [dmarc-ietf] Working Group Last Call on draft-ietf-dmarc-dmarcbis-30
On Wed, Feb 28, 2024 at 7:37 PM Barry Leiba < [ mailto:barryle...@computer.org
|
On 15/11/2023 14:22, Alessandro Vesely wrote:
We've had quite some discussion on that scheme, which resulted in
https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-aggregate-reporting/blob/main/dmarc-xml-0.2.xsd
included in the current draft.
Indeed, I was referring to this one.
However, I
/bin/dmarc/rua_ta_dmarc_relaxed_v01.xsd
] )
that demonstrates promise, having resulted in approximately 10 times fewer
reports with errors.
I am inclined towards the third option as it offers a holistic approach to
interoperability.
I am looking forward to your remarks and propositions.
Regards
dmarc
-=-=-=-=-=-
[Alternative: text/html]
-=-=-=-=-=-
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
--
--
Olivier HUREAU
PhD Student
Laboratoire Informatique Grenoble - UGA - Drakkar
OpenPGP_signature
I was personally planning to go to the IETF-118 specifically for the DMARC
meeting. In the end, many other activities caught my eye.
However, if any of you are going to the IETF, I'd be happy to share a few words
about DMARC and put a face to your e-mail addresses.
Regards, Olivier
De:
egards,
Olivier
De: "Matthäus Wander"
À: "dmarc"
Envoyé: Mercredi 1 Novembre 2023 19:13:02
Objet: Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.
Steven M Jones wrote on 2023-11-01 10:46:
> On 10/25/23 4:25 AM, Matthäus Wander wrote:
>> Ol
On 26/10/2023 07:25, Mark Alley wrote:
On Wed, Oct 25, 2023, 8:25 PM Jesse Thompson wrote:
Is it advisable to use "t=y pct=0" for backwards compatibility?
I'm curious about this as well.
I imagine implementation experience with this will vary widely because
there's unfortunately no
d earlier have shown that it is
not widely respected.
--
------
Olivier HUREAU
PhD Student
Laboratoire Informatique Grenoble - UGA - Drakkar
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
On 25/10/2023 08:10, Steven M Jones wrote:
It's not so much changing the handling as changing the reporting.
* The policy to apply is "none," because the p/sp/np value was faulty.
Done.
* Next step, if there's no "rua" target you can't report - which is
now equivalent to bailing out of DMARC
On 20/10/2023 21:35, Murray S. Kucherawy wrote:
A couple of things here:
(1) As written, the text says (to me) that the handling of a message
might change depending on this mapping of a broken value to "none",
but only if "rua" is present; absent "rua", the record is treated as
junk and
report, sp and np DispositionType is
enough, no need to change p
Olivier
De: "Dotzero"
À: "dmarc"
Envoyé: Vendredi 20 Octobre 2023 17:05:45
Objet: Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.
On Fri, Oct 20, 2023 at 10:39 AM OLIVIER HURE
resent)
Regards,
Olivier
De: "Dotzero"
À: "dmarc"
Envoyé: Vendredi 20 Octobre 2023 16:05:57
Objet: Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.
On Fri, Oct 20, 2023 at 9:51 AM OLIVIER HUREAU < [
mailto:olivier.hur...@univ-grenoble-alpe
; tag is not valid.
Should be :
'v=DMARC1; p=reject; sp=quarantin; rua=mailto:r...@example.com' (an 'e' is
missing at 'quarantine') MUST
be interpreted as 'v=DMARC1; p=none;' because the "sp" tag is not valid.
Regards,
Olivier
De: "Alessandro Vesely"
À: "OLIVIER
ation for RFC 7489 is slightly the same, with the keyword SHOULD
instead of MUST: [ https://datatracker.ietf.org/doc/html/rfc7489#section-6.6.3
| https://datatracker.ietf.org/doc/html/rfc7489#section-6.6.3 ]
Best regards,
Olivier Hureau
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
=none').
I do not know if this kind of data is relevant for this mailing list. If not,
please let me know.
Regards,
Olivier Hureau
De: "Alessandro Vesely"
À: "dmarc"
Envoyé: Mardi 25 Juillet 2023 13:39:17
Objet: Re: [dmarc-ietf] What happens when the DMARC
> Correct, the ABNF doesn't allow this construction, so it's a syntax error.
DMARCbis ABNF is not as restrictive as RFC 7489 :
dmarc-record = dmarc-version *(dmarc-sep dmarc-tag) [dmarc-sep] *WSP
> If you want more than just the ABNF to defend that position, have a look at
> the DKIM RFC,
I am wondering how a parser should behave when the record contains two
identical tags.
i.e: 'v=DMARC1; p=none; rua=mailto:t...@example.org;
rua=mailto:t...@example.com;'
While RFC 7489 and DMARC-bis state that any unknown tags must be ignored, I
have not found any specifications about
Hi,
> c) There is a pattern of similar looking reports, which omit the
> element in the altogether and always report
> fail in the policy result. I suspect a product, which makes
> it a bit too easy to enable DMARC validation without also enabling DKIM
> verification, but I wasn't able to
> Instead, I see language that drives people to fixate on the 1% of traffic
> that has a DMARC policy with p=reject.
> Indeed: I caution everyone about making assumptions based on what we
think we know, and extending those assumptions to the entire Internet.
There are things we can study (by,
00.html#con_1132105
] ) and EnvelopeFrom such as :
overpass_dmarc_if_spf_mailfrom_pass:
if (EnvelopeFrom == "bounceaddtess@listdomain" AND spf-status("mailfrom") ==
"Pass"){
insert-header("X-MAILFROM-SPF-PASS","TRUE")
}
I am not a Cisco expert but, to
DMARC went wrong as soon as the big organizations started to break away
from the IETF and RFC7489 in particular.
You only have to look at the inconsistencies between what is suggested and
stated in the RFC and what happens in reality to understand why it went wrong.
Best,
Olivier Hureau
De: &q
reporting
org ) : only 4 organization strictly follow the formal definition for
the name of the subject, the attachment or the rapport itself.
Best regards,
Olivier Hureau
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
>For those, who do not work at the IETF, the spec comes before the
>implementation. If the spec defines a grammar that looks as
>authoritative as the one in section 5.4, then an implementation might just
>solve a decision problem whether a string matches
>the grammar or not. This is a yes or
Hello,
Todd pointed out that the with the "v=DMARC1" txt records for external
verification explain why 'dmarc-request' is optional but we can still
modified the rules in this way.
I also found out that on the with current rules : tags can be in
uppercase (the only strings that are
t;s:d" ) )' does not allow the user to have both DMARC failure report
and DKIM/SPF failure report at the same time as '0:d', '1:d' is not allowed.
Best regards,
Olivier HUREAU
---
PhD Student
Laboratoire Informatique Grenoble - UGA - Drakkar
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
29 matches
Mail list logo