Opened 2 years ago

Closed 16 months ago

#67 closed enhancement (wontfix)

Better feedback loop to sending service upon DMARC failure

Reported by: seth@… Owned by: todd.herr@…
Priority: major Milestone: Deliverable #3 (changes to DMARC base spec + DMARC Usage Guide
Component: dmarc-bis Version:
Severity: - Keywords: clarify
Cc:

Description

Small services rarely ever know when mail sent is being blocked by DMARC - it should be easier for them to understand.

The impact here is generally more obvious when a domain is at reject than when it as at quarantine, because in the latter case mail is accepted. Some services provide status codes in both cases, but in general small services don't notice no matter what. Is there something that can be done here?

Change History (5)

comment:1 Changed 2 years ago by seth@…

  • Component changed from rfc7601bis to dmarc-bis
  • Owner draft-ietf-dmarc-rfc7601bis@… deleted
  • Status changed from new to assigned

comment:2 Changed 17 months ago by todd.herr@…

Section 6.7 argues against this ticket at present:

Mail Receivers are only obligated to report reject or quarantine
policy actions in aggregate feedback reports that are due to DMARC
policy.  They are not required to report reject or quarantine actions
that are the result of local policy.  If local policy information is
exposed, abusers can gain insight into the effectiveness and delivery
rates of spam campaigns.

comment:3 Changed 16 months ago by todd.herr@…

  • Owner set to todd.herr@…
  • Status changed from assigned to accepted

comment:4 Changed 16 months ago by todd.herr@…

  • Status changed from accepted to assigned

comment:5 Changed 16 months ago by todd.herr@…

  • Resolution set to wontfix
  • Status changed from assigned to closed

{#rejecting-messages} already contains the following text:

Similarly, the text portion of the SMTP reply may be important to
consider.  For example, when rejecting a message, revealing the
reason for the rejection might give an attacker enough information to
bypass those efforts on a later attempt, though it might also assist
a legitimate client to determine the source of some local issue that
caused the rejection.

In the latter case, when doing an SMTP rejection, providing a clear
hint can be useful in resolving issues.  A receiver might indicate in
plain text the reason for the rejection by using the word "DMARC"
somewhere in the reply text.  Many systems are able to scan the SMTP
reply text to determine the nature of the rejection.  Thus, providing
a machine-detectable reason for rejection allows the problems causing
rejections to be properly addressed by automated systems.  For
example:

    550 5.7.1 Email rejected per DMARC policy for example.com

If a Mail Receiver elects to defer delivery due to inability to
retrieve or apply DMARC policy, this is best done with a 4xy SMTP
reply code.

Small services that want some clue as to their mail's delivery or deliverability and how it's affected by their DMARC policies can avail themselves of bounce logs and third party services just as large services do.

Note: See TracTickets for help on using tickets.