[dmarc-ietf] PSL vs. Tree Walk and Failure Reports, was Re: DMARC agenda for IETF 116 -- and do we need one?
On 3/10/23 3:08 AM, Alessandro Vesely wrote: although I'm back as an editor of the failure reporting I-D, that file is almost final and I can't think of anything to be discussed live about it. I haven't registered for 116. Off the top of my head, and in light of the aggregate reports getting a field for the method of determining the Organizational Domain -- should there be an optional field or provision for including this in a failure report? Since it seems likely there are receivers who may reach different dispositions based on this change, I think we might want to consider a way to convey this for those who choose to send failure reports. --S. ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] PSL vs. Tree Walk and Failure Reports, was Re: DMARC agenda for IETF 116 -- and do we need one?
On Friday, March 10, 2023 6:12:45 PM EST Steven M Jones wrote: > On 3/10/23 3:08 AM, Alessandro Vesely wrote: > > although I'm back as an editor of the failure reporting I-D, that file > > is almost final and I can't think of anything to be discussed live > > about it. I haven't registered for 116. > > Off the top of my head, and in light of the aggregate reports getting a > field for the method of determining the Organizational Domain -- should > there be an optional field or provision for including this in a failure > report? > > Since it seems likely there are receivers who may reach different > dispositions based on this change, I think we might want to consider a > way to convey this for those who choose to send failure reports. I don't think it's needed. My understanding is that failure reports aren't typically used as an aid to troubleshooting DMARC failures. The aggregate reports are sufficient for that. The failure reports have other information that's useful for other forensic purposes for which no one will care about the version of DMARC that led to the failure. Scott K ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] PSL vs. Tree Walk and Failure Reports, was Re: DMARC agenda for IETF 116 -- and do we need one?
It appears that Scott Kitterman said: >I don't think it's needed. My understanding is that failure reports aren't >typically used as an aid to troubleshooting DMARC failures. The aggregate >reports are sufficient for that. The failure reports have other information >that's useful for other forensic purposes for which no one will care about the >version of DMARC that led to the failure. It also occurs to me that anyone who sends failure reports also sends aggregate reports, so if you care, you have a way to find out. R's, John ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] PSL vs. Tree Walk and Failure Reports, was Re: DMARC agenda for IETF 116 -- and do we need one?
On 3/12/23 07:50, John Levine wrote: It also occurs to me that anyone who sends failure reports also sends aggregate reports, so if you care, you have a way to find out. This made me wonder if everybody requesting failure reports also requests aggregate reports, so I took a look at the data DomainTools shares with DMARC.org. DMARC records that have RUF w/o RUA: 72,400+ - 50k+ are two-component, e.g. example.org; 11k+ three-component - 28k are .com, 4.5 are .co, 4k are .nl, and 4.5k are .org or .net, etc This is from all observed, valid DMARC records still available from DNS at the end of CY2022. While this is a small percentage of all valid DMARC records observed at that point in time (about 0.1%), it is a much larger number than I would have expected before I checked. --S. ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] PSL vs. Tree Walk and Failure Reports, was Re: DMARC agenda for IETF 116 -- and do we need one?
On March 14, 2023 7:41:47 PM UTC, Steven M Jones wrote: >On 3/12/23 07:50, John Levine wrote: >> >> It also occurs to me that anyone who sends failure reports also sends >> aggregate reports, so if you care, you have a way to find out. > > >This made me wonder if everybody requesting failure reports also requests >aggregate reports, so I took a look at the data DomainTools shares with >DMARC.org. > >DMARC records that have RUF w/o RUA: 72,400+ > - 50k+ are two-component, e.g. example.org; 11k+ three-component > - 28k are .com, 4.5 are .co, 4k are .nl, and 4.5k are .org or .net, etc > >This is from all observed, valid DMARC records still available from DNS at the >end of CY2022. > >While this is a small percentage of all valid DMARC records observed at that >point in time (about 0.1%), it is a much larger number than I would have >expected before I checked. My expectation is that if you were able to contact the people who made that decision, they'd say they did it because they want information on DMARC failures, which is not what DMARC failure reports give you. They provide details on messages which fail DMARC, not particularly about the DMARC failure. The naming is a bit misleading, but I don't propose we change it. Scott K ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] PSL vs. Tree Walk and Failure Reports, was Re: DMARC agenda for IETF 116 -- and do we need one?
On 3/14/23 13:18, Scott Kitterman wrote: My expectation is that if you were able to contact the people who made that decision, they'd say they did it because they want information on DMARC failures, which is not what DMARC failure reports give you. They provide details on messages which fail DMARC, not particularly about the DMARC failure. The naming is a bit misleading, but I don't propose we change it. Granted that you aren't proposing a change, I'm very curious as to what name you feel would be more accurate... --S. ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] PSL vs. Tree Walk and Failure Reports, was Re: DMARC agenda for IETF 116 -- and do we need one?
On March 14, 2023 10:41:12 PM UTC, Steven M Jones wrote: >On 3/14/23 13:18, Scott Kitterman wrote: >> My expectation is that if you were able to contact the people who made that >> decision, they'd say they did it because they want information on DMARC >> failures, which is not what DMARC failure reports give you. They provide >> details on messages which fail DMARC, not particularly about the DMARC >> failure. >> >> The naming is a bit misleading, but I don't propose we change it. > > >Granted that you aren't proposing a change, I'm very curious as to what name >you feel would be more accurate... > I haven't really thought about it, but I've always thought that it was odd that if I want to learn about why messages are failing DMARC, the message called a DMARC failure report is not the one I want. I understand that there are historical reasons for this. Maybe DMARC domain results report for the aggregate report and DMARC additional message data report for the failure report. Scott K ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] PSL vs. Tree Walk and Failure Reports, was Re: DMARC agenda for IETF 116 -- and do we need one?
On Tue 14/Mar/2023 23:50:13 +0100 Scott Kitterman wrote: On March 14, 2023 10:41:12 PM UTC, Steven M Jones wrote: On 3/14/23 13:18, Scott Kitterman wrote: My expectation is that if you were able to contact the people who made that decision, they'd say they did it because they want information on DMARC failures, which is not what DMARC failure reports give you. They provide details on messages which fail DMARC, not particularly about the DMARC failure. The naming is a bit misleading, but I don't propose we change it. Granted that you aren't proposing a change, I'm very curious as to what name you feel would be more accurate... I haven't really thought about it, but I've always thought that it was odd that if I want to learn about why messages are failing DMARC, the message called a DMARC failure report is not the one I want. I understand that there are historical reasons for this. Maybe DMARC domain results report for the aggregate report and DMARC additional message data report for the failure report. DMARC failure reports are the last of a series which includes DKIM failure reports (RFC 6651) and SPF failure reports (RFC 6652). For DKIM, you add an r= tag to the signature, and define ra= in a purposely defined record at _report_domainkey.example.com. For SPF, you add an ra= tag to the SPF record directly. It is interesting to note that in case of DMARC failure, it would be useful to have a DKIM or SPF failure report too, corresponding to what went wrong. How many of those who request ruf= do also request it? And how many of those who send DMARC failure reports send the others as well? My feeling is that interest for DMARC failure reports came on the coattails of DMARC adoption, while the other two are almost ignored. While I acknowledge Steven's numbers on RUF w/o RUA, I wonder if we shouldn't have discouraged adding ruf= tags at least as much as we're discouraging the sending of that kind of reports. Best Ale -- ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] PSL vs. Tree Walk and Failure Reports, was Re: DMARC agenda for IETF 116 -- and do we need one?
On March 15, 2023 10:50:58 AM UTC, Alessandro Vesely wrote: >On Tue 14/Mar/2023 23:50:13 +0100 Scott Kitterman wrote: >> On March 14, 2023 10:41:12 PM UTC, Steven M Jones wrote: >>> On 3/14/23 13:18, Scott Kitterman wrote: My expectation is that if you were able to contact the people who made that decision, they'd say they did it because they want information on DMARC failures, which is not what DMARC failure reports give you. They provide details on messages which fail DMARC, not particularly about the DMARC failure. The naming is a bit misleading, but I don't propose we change it. >>> >>> Granted that you aren't proposing a change, I'm very curious as to what >>> name you feel would be more accurate... >> >> I haven't really thought about it, but I've always thought that it was odd >> that if I want to learn about why messages are failing DMARC, the message >> called a DMARC failure report is not the one I want. I understand that >> there are historical reasons for this. >> >> Maybe DMARC domain results report for the aggregate report and DMARC >> additional message data report for the failure report. > > >DMARC failure reports are the last of a series which includes DKIM failure >reports (RFC 6651) and SPF failure reports (RFC 6652). For DKIM, you add an >r= tag to the signature, and define ra= in a purposely defined record at >_report_domainkey.example.com. For SPF, you add an ra= tag to the SPF record >directly. > >It is interesting to note that in case of DMARC failure, it would be useful to >have a DKIM or SPF failure report too, corresponding to what went wrong. How >many of those who request ruf= do also request it? And how many of those who >send DMARC failure reports send the others as well? My feeling is that >interest for DMARC failure reports came on the coattails of DMARC adoption, >while the other two are almost ignored. > >While I acknowledge Steven's numbers on RUF w/o RUA, I wonder if we shouldn't >have discouraged adding ruf= tags at least as much as we're discouraging the >sending of that kind of reports. > Perhaps. Or at least explicitly said that ruf without rua almost certainly isn't what you want. Also, yes: that's the history I was referring to. Scott K ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
