Opened 2 years ago

Closed 14 months ago

#53 closed defect (fixed-consensus)

Remove reporting message size chunking

Reported by: seth@… Owned by: todd.herr@…
Priority: major Milestone: Deliverable #3 (changes to DMARC base spec + DMARC Usage Guide
Component: dmarc-bis Version:
Severity: - Keywords: nit tag-update
Cc:

Description

A dmarc-uri allows for message chunking (see https://tools.ietf.org/html/rfc7489#section-6.4) based on a maximum size specified in the rua/ruf URI.

No one uses this chunking mechanism, and further many dmarc validation systems have not implemented it, meaning no reports get sent at all to any domain that does specify a size limit. This has been a known bug in a major implementation for 5+ years, and no domain owner has noticed yet, because no one uses the feature. The size limit should be removed.

Change History (15)

comment:1 Changed 2 years ago by seth@…

  • Component changed from rfc7601bis to dmarc-bis
  • Owner draft-ietf-dmarc-rfc7601bis@… deleted
  • Status changed from new to assigned

comment:2 Changed 16 months ago by todd.herr@…

  • Owner set to todd.herr@…

comment:3 Changed 16 months ago by todd.herr@…

  • Status changed from assigned to started

comment:4 Changed 16 months ago by todd.herr@…

Valimail data on April 13, 2021:

76830 DMARC policy records inspected
    0 specifying message chunking

comment:5 Changed 16 months ago by todd.herr@…

Pushed to github and merged with main branch.

comment:6 Changed 16 months ago by todd.herr@…

  • Status changed from started to infoneeded

comment:7 Changed 16 months ago by todd.herr@…

  • Status changed from infoneeded to assigned

Related to #50 and #71

comment:8 Changed 16 months ago by todd.herr@…

  • Status changed from assigned to infoneeded

comment:9 Changed 15 months ago by mail@…

From 152k DMARC records in tranco toplist:

3612 use ! in rua tag.
   3053 of them are all pointing to mailto:dmarc@mailinblue.com!10m.

comment:10 Changed 15 months ago by mail@…

Note that dmarcbis-01 still contains the syntax in the ABNF (6.4 Formal Definition).

comment:11 Changed 15 months ago by vesely@…

  • Status changed from infoneeded to assigned

Out of 119,920 domains, I found 26 different size limits:

MariaDB [mail]> select count(*) as c, dmarc_rua from domain where dmarc_rua rlike '!' group by dmarc_rua order by c desc;

c dmarc_rua
105 dmarc@mailinblue.com!10m
2 verisign@rua.agari.com,mailreports@verisign.com!10m
1 postmaster@cpcostruzioni.it!10m
1 dmarc-rua@t-2.net!1m
1 authfail@arissystem.com!8m
1 administrator@sunnyday.sk!1m
1 mx-dmarc@cpanel.net!10m
1 dmarc-rua@csirt.tfl.gov.uk!30m,dmarc-rua@dmarc.service.gov.uk
1 admin@dreamtilt.com.au!10m
1 dmarc@zumbi.com.ar!10m
1 dmarc@zaspy.com!10m
1 postmaster@pompo.co!2m
1 antispam@ac-orleans-tours.fr!5m
1 dmarc@mailinblue.com!10m,dmarc_rua@emaildefense.proofpoint.com
1 info@charismaedu.hk!10m
1 postmaster@rodier.me!10240
1 DMARC-Admin@csiro.au!10m
1 dmarc-rua@siol.net!1m
1 dmarcagregate@firstbank.com!20m
1 aggrep@zorpia.com!10m
1 sam@gnubies.com!10m
1 admin@hellohotels.ro!30m
1 dmarc-rua@alerts.stux.fr!10m
1 dmarc@alliancecom.net!10m
1 abuse-dkim-rua@scissor.com!10m
1 dmarc_agg@cfigroup.com!10m

26 rows in set (0.083 sec) —edited.

Besides, from the spec it is not clear at all from the spec whether a report should be sent in chunks (like Brandon said google does) rather than omitting to send if the size limit is exceeded.

comment:12 Changed 15 months ago by todd.herr@…

  • Status changed from assigned to infoneeded

comment:13 Changed 15 months ago by smj@…

  • Status changed from infoneeded to assigned

Looking at the ~2.9MM valid DMARC records from the dataset Farsight provided to DMARC.org through 1Q2021 with some quick and dirty regular expressions...

There were:

  • 49,660 records with size limits in RUA tags (probably more if I tune the RE)
  • 4,205 unique RUA tag/value pairs from those records
  • 58 unique sizes, ranging from 5 KBytes to 30GBytes

So that's a lot of current records that are trying to specify a size, but begs the question of whether any report generators implement the feature.

comment:14 Changed 14 months ago by todd.herr@…

Consensus from both the 27 May 2021 Interim (https://datatracker.ietf.org/doc/minutes-interim-2021-dmarc-01-202105270900/) and from discussion on the working group mailing list (https://mailarchive.ietf.org/arch/msg/dmarc/QgEEM1E8tMPXQ_oIer38RPxlCDU/) is to remove the ability to request message size chunking.

comment:15 Changed 14 months ago by todd.herr@…

  • Resolution set to fixed-consensus
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.