Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In message <564e68e5-c121-45f1-afef-3770b7377...@tana.it>, Alessandro Vesely writes >On Sun 12/Nov/2023 09:26:32 +0100 Richard Clayton wrote: >> In message <55dc7b67-e48a-4eb3-9cdc-4e4319cc7...@marmot-tech.com>, Neil >> AIUI, Yahoo only sends

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Sun 12/Nov/2023 09:26:32 +0100 Richard Clayton wrote: In message <55dc7b67-e48a-4eb3-9cdc-4e4319cc7...@marmot-tech.com>, Neil Anuskiewicz writes I have a feeling the die is cast for failure reports from MBPs. I’m curious to learn if they sent legit failures, which has scared off

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In message <55dc7b67-e48a-4eb3-9cdc-4e4319cc7...@marmot-tech.com>, Neil Anuskiewicz writes >I have a feeling the die is cast for failure reports from MBPs. I’m >curious to learn if they sent legit failures, which has scared off >the

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Nov 12, 2023, at 1:02 PM, Neil Anuskiewicz wrote: > > Eventually, I’d reckon, Yahoo will stop sending failure reports, rendering > them worthless as nobody you’ve heard of will send them. Even if that were to happen, the standardized format may continue in use / continue to be useful. And

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

> On Nov 11, 2023, at 7:11 PM, Steven M Jones wrote: > >  >> On 11/12/23 04:56, Dotzero wrote: >> >> Our original intent (I'm one of the folks behind DMARC) was that failure >> reports would be provided to senders just like aggregate reports. This was >> before GDPR and privacy concerns

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

> On Nov 11, 2023, at 11:56 AM, Dotzero > Our original intent (I'm one of the folks behind DMARC) was that failure > reports would be provided to senders just like aggregate reports. This was > before GDPR and privacy concerns did a number on the practice. The companies > that provide the

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On 11/12/23 04:56, Dotzero wrote: Our original intent (I'm one of the folks behind DMARC) was that failure reports would be provided to senders just like aggregate reports. This was before GDPR and privacy concerns did a number on the practice. The companies that provide the service of

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Nov 11, 2023, at 1:21 PM, Dotzero wrote:On Sat, Nov 11, 2023 at 3:45 PM Neil Anuskiewicz wrote:Michael, I’m realizing I started this discussion thinking we were talking about failure reports and a bit about aggregate reports when I think we might have pivoted to

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Sat, Nov 11, 2023 at 3:45 PM Neil Anuskiewicz wrote: > Michael, I’m realizing I started this discussion thinking we were talking > about failure reports and a bit about aggregate reports when I think we > might have pivoted to Feedback Loops and I was so focused on reports, I > failed to

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Nov 11, 2023, at 11:56 AM, Dotzero wrote:On Sat, Nov 11, 2023 at 1:47 PM Neil Anuskiewicz wrote: The fact that you aren't seeing failure reports doesn't mean they aren't being generated. My experience has been that they are being made available through 3rd parties where

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Sat, Nov 11, 2023 at 1:47 PM Neil Anuskiewicz wrote: > > The fact that you aren't seeing failure reports doesn't mean they aren't > being generated. My experience has been that they are being made available > through 3rd parties where there is a contractual relationship. > > > > Michael

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

The fact that you aren't seeing failure reports doesn't mean they aren't being generated. My experience has been that they are being made available through 3rd parties where there is a contractual relationship. > > Michael Hammer > ___ > dmarc

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Sat, Nov 11, 2023 at 9:17 AM Neil Anuskiewicz wrote: > > > On Oct 25, 2023, at 3:57 AM, Olivier Hureau < > olivier.hur...@univ-grenoble-alpes.fr> wrote: > >  > On 25/10/2023 08:10, Steven M Jones wrote: > > It's not so much changing the handling as changing the reporting. > > * The policy to

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Oct 25, 2023, at 3:57 AM, Olivier Hureau wrote: On 25/10/2023 08:10, Steven M Jones wrote: It's not so much changing the handling as changing the reporting. * The policy to apply is "none," because the p/sp/np value was

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

egards, Olivier De: "Matthäus Wander" À: "dmarc" Envoyé: Mercredi 1 Novembre 2023 19:13:02 Objet: Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception. Steven M Jones wrote on 2023-11-01 10:46: > On 10/25/23 4:25 AM, Matthäus Wander wrote: >> Ol

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

Steven M Jones wrote on 2023-11-01 10:46: On 10/25/23 4:25 AM, Matthäus Wander wrote: Olivier Hureau wrote on 2023-10-25 12:56: What about using the error report of RFC 7489 for this purpose instead of aggregate report? ( https://datatracker.ietf.org/doc/html/rfc7489#section-7.2.2 ) [...]

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

It appears that Steven M Jones said: >> As error reports have never gotten any traction, it would be a big >> effort to make this work. Reusing the existing ecosystem of aggregate >> reports is a lower hanging fruit. > >Failure reports were actually sent for many years, and not just by small

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On 10/25/23 4:25 AM, Matthäus Wander wrote: Olivier Hureau wrote on 2023-10-25 12:56: What about using the error report of RFC 7489 for this purpose instead of aggregate report? ( https://datatracker.ietf.org/doc/html/rfc7489#section-7.2.2 ) I have never seen any error report but I think

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Wed 25/Oct/2023 15:19:36 +0200 Matt V wrote: What if we were to look at re-writing this in a way that says something like this: In the case of optional DMARC flags (ex: sp, adkim, aspf, pct) that are malformed, the processing system SHOULD ignore them as invalid inputs, and MUST

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Tue, Oct 24, 2023 at 11:11 PM Steven M Jones wrote: > On 10/20/23 12:35 PM, Murray S. Kucherawy wrote: > > (1) As written, the text says (to me) that the handling of a message might > change depending on this mapping of a broken value to "none", but only if > "rua" is present; absent "rua",

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

What if we were to look at re-writing this in a way that says something like this: In the case of optional DMARC flags (ex: sp, adkim, aspf, pct) that are malformed, the processing system SHOULD ignore them as invalid inputs, and MUST utilize the valid flags that are mandatory (ex: v, p) and

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On 25/10/2023 13:25, Matthäus Wander wrote: As error reports have never gotten any traction, it would be a big effort to make this work. Reusing the existing ecosystem of aggregate reports is a lower hanging fruit. Tools and processes are established and even the aggregate report format

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

Olivier Hureau wrote on 2023-10-25 12:56: What about using the error report of RFC 7489 for this purpose instead of aggregate report? ( https://datatracker.ietf.org/doc/html/rfc7489#section-7.2.2 ) I have never seen any error report but I think that error reports were a great ideas because

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On 25/10/2023 08:10, Steven M Jones wrote: It's not so much changing the handling as changing the reporting. * The policy to apply is "none," because the p/sp/np value was faulty. Done. * Next step, if there's no "rua" target you can't report - which is now equivalent to bailing out of DMARC

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Wed 25/Oct/2023 08:10:33 +0200 Steven M Jones wrote: PROPOSED versus draft 28 section 4.7: If a retrieved policy record does not contain a valid "p" tag, or contains an "sp" or "np" tag that is not valid, then: * The Mail Receiver MUST act as if a record containing

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On 10/20/23 12:35 PM, Murray S. Kucherawy wrote: (1) As written, the text says (to me) that the handling of a message might change depending on this mapping of a broken value to "none", but only if "rua" is present; absent "rua", the record is treated as junk and DMARC doesn't apply. It's

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

häus Wander ; dmarc@ietf.org Subject: Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception. On Mon, Oct 23, 2023 at 12:04 PM Brotman, Alex mailto:40comcast@dmarc.ietf.org>> wrote: I should note that generally, while there's an "error" field available, there's no

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Mon, Oct 23, 2023 at 12:04 PM Brotman, Alex wrote: > I should note that generally, while there's an "error" field available, > there's no guidance about what should go in there. (not in 7489 either that > I could find in a brief search) > Has there ever been any push for structured content

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

-Original Message- > From: dmarc On Behalf Of Matthäus Wander > Sent: Monday, October 23, 2023 2:51 PM > To: dmarc@ietf.org > Subject: Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception. > > Murray S. Kucherawy wrote on 2023-10-20 21:35: > > (2) Map

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

Murray S. Kucherawy wrote on 2023-10-20 21:35: (2) Mapping a misspelled "reject" or "quarantine" to "none" even only in the report will be confusing; the domain owner will be told there's a "none" out there when there isn't.  A non-thorough domain owner might conclude that the receiver is

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Fri 20/Oct/2023 21:35:48 +0200 Murray S. Kucherawy wrote: (2) Mapping a misspelled "reject" or "quarantine" to "none" even only in the report will be confusing; the domain owner will be told there's a "none" out there when there isn't.  A non-thorough domain owner might conclude that the

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Fri 20/Oct/2023 21:09:29 +0200 Neil Anuskiewicz wrote: On Oct 20, 2023, at 8:43 AM, Alessandro Vesely wrote: On Fri 20/Oct/2023 15:50:29 +0200 OLIVIER HUREAU wrote: Hi, Assuming that the comma is an Oxford comma, I do interpret the sentence with the following boolean: ( 'retrieved policy

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On 20/10/2023 21:35, Murray S. Kucherawy wrote: A couple of things here: (1) As written, the text says (to me) that the handling of a message might change depending on this mapping of a broken value to "none", but only if "rua" is present; absent "rua", the record is treated as junk and

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

enough, no need to change p > > Olivier > > -- > *De: *"Dotzero" > *À: *"dmarc" > *Envoyé: *Vendredi 20 Octobre 2023 17:05:45 > *Objet: *Re: [dmarc-ietf] DMARC policy discovery and invalid tag > exception. > > > > On Fri,

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Fri, Oct 20, 2023 at 12:05 AM OLIVIER HUREAU < olivier.hur...@univ-grenoble-alpes.fr> wrote: > I don't understand the choice made when writing the point 6. of the policy > discovery mechanism (Dmarcbis : > https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-28.html#section-4.7 > ) > >

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

> On Oct 20, 2023, at 8:43 AM, Alessandro Vesely wrote: > > On Fri 20/Oct/2023 15:50:29 +0200 OLIVIER HUREAU wrote: >> Hi, >> Assuming that the comma is an Oxford comma, I do interpret the sentence with >> the following boolean: >> ( 'retrieved policy record does not contain a valid "p" tag'

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Fri 20/Oct/2023 15:50:29 +0200 OLIVIER HUREAU wrote: Hi, Assuming that the comma is an Oxford comma, I do interpret the sentence with the following boolean: ( 'retrieved policy record does not contain a valid "p" tag'  || contains an "sp" or "np" tag that is not valid ) && ( a "rua" tag

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Fri, Oct 20, 2023 at 11:14 AM OLIVIER HUREAU < olivier.hur...@univ-grenoble-alpes.fr> wrote: > Hi, > > > The correct solution is that the person responsible for creating the > problem record should fix the problem record they created. > > How does downgrading p=reject to p=none help the person

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

report, sp and np DispositionType is enough, no need to change p Olivier De: "Dotzero" À: "dmarc" Envoyé: Vendredi 20 Octobre 2023 17:05:45 Objet: Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception. On Fri, Oct 20, 2023 at 10:39 AM OLIVIER HURE

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Fri, Oct 20, 2023 at 10:39 AM OLIVIER HUREAU < olivier.hur...@univ-grenoble-alpes.fr> wrote: > Hi, > > > Why would we even consider going down this path? > I am considering this pass in order to fix any miscomprehension in the RFC. > > > Why do you only consider "fixing" quarantine with a

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

resent) Regards, Olivier De: "Dotzero" À: "dmarc" Envoyé: Vendredi 20 Octobre 2023 16:05:57 Objet: Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception. On Fri, Oct 20, 2023 at 9:51 AM OLIVIER HUREAU < [ mailto:olivier.hur...@univ-grenoble-alpe

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

On Fri, Oct 20, 2023 at 9:51 AM OLIVIER HUREAU < olivier.hur...@univ-grenoble-alpes.fr> wrote: > Hi, > > Assuming that the comma is an Oxford comma, I do interpret the sentence > with the following boolean: > > ( 'retrieved policy record does not contain a valid "p" tag' || contains > an "sp" or

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

HUREAU" , "dmarc" Cc: "Jan Bayer" Envoyé: Vendredi 20 Octobre 2023 09:45:10 Objet: Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception. Hi, On Fri 20/Oct/2023 09:04:38 +0200 OLIVIER HUREAU wrote: > > I don't understand the choice made when wri

Re: [dmarc-ietf] DMARC policy discovery and invalid tag exception.

Hi, On Fri 20/Oct/2023 09:04:38 +0200 OLIVIER HUREAU wrote: I don't understand the choice made when writing the point 6. of the policy discovery mechanism (Dmarcbis : https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-28.html#section-4.7 ) ```If a retrieved policy record does not

[dmarc-ietf] DMARC policy discovery and invalid tag exception.

Dear DMARC WG members, I don't understand the choice made when writing the point 6. of the policy discovery mechanism (Dmarcbis : [ https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-28.html#section-4.7 | https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-28.html#section-4.7 ]