IETF Logo Mail Archive

[Bimi] BIMI/DMARC & PSL vs Tree-walk

"Brotman, Alex" <Alex_Brotman@comcast.com> Fri, 12 May 2023 15:54 UTC

Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F3A7C151B27 for <bimi@ietfa.amsl.com>; Fri, 12 May 2023 08:54:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com header.b="Hie5xO/m"; dkim=pass (1024-bit key) header.d=comcastcorp.onmicrosoft.com header.b="cHsTKxyT"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Af83L1F7SrD5 for <bimi@ietfa.amsl.com>; Fri, 12 May 2023 08:54:10 -0700 (PDT)
Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7D76C151B29 for <bimi@ietf.org>; Fri, 12 May 2023 08:54:10 -0700 (PDT)
Received: from pps.filterd (m0156891.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 34CFq8SN030004 for <bimi@ietf.org>; Fri, 12 May 2023 11:54:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=20190412; bh=MSFd65XqgKjuPEh1hJ3AozZsEXeDcGl66ePsPQCICZA=; b=Hie5xO/mawyO4P4kimeCpTdAk1kkrcjJSRgvvtuZ9/+t6WcfnrFVx/rmpu8WnZ/fBLFh +TAw5i5S6h1LOCMS2UKqr+fd4ph/YiwtX9MkrgPiLUROjXJEDwLyAKngudABLd/NQpWQ feFMQMrHOBx0/aIlYuBdyW98rlR49c7GriUBL4qsixx2c8Xgr0SFJ7crWxdPa/IXzjeK h1A/3JI1OPyUEDHf1Fk+z5kGCXiayDDxxvjtfShe+5gHQY3aTXo60yTU6qCtLXeUC9qV 1dYnNPayAIyigK1ZlaTc+O5XtdYNMVwBXq+xck2cM6D1+28d8GJ9j0n1CSrasILkDDjk Aw==
Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2040.outbound.protection.outlook.com [104.47.66.40]) by mx0a-00143702.pphosted.com (PPS) with ESMTPS id 3qf78djbj5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <bimi@ietf.org>; Fri, 12 May 2023 11:54:10 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Noc9wL/FFAilRwGaQ5azbsq1+vDULNGWSPrIUvA1wVagHg1TfW86UriKYIqR4mKm5P9iHlxppYENeUs423p4fTBdetejegj3rruyUQPOCtNwZM4ENRr/kYB3BLiiIpJoBybuL9GQzExFfxQGHiqGgnN1oapfVROyIhWNKddqqSRte+y2SZHw6OqBH5spjI7V8+yh0TiSYvDKxB2ZV5f/B4dmWpUZy9W76f4c1qmyxed8NJJU2HIrHBHYqlvAO8yB1xneAGl3KnlUBF0mhW2uojooKlFSZ+Dv612CrrU74qe2X9rTKXYh338yV2wJcEImOZ6nOaIYtjSWhO2GIdUjIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MSFd65XqgKjuPEh1hJ3AozZsEXeDcGl66ePsPQCICZA=; b=faHkm+ewNx7Geiv87S0GKJ01czqt+97+OJwij9opV7CJDQeknjB/2Up6SFxEd3R6+i6lXYHGyJdvyoZYe5co1K0ELIiP2ok5D8W59NFvaMegjQ+lRcjvrEeByhdpJmTHWaYya6ihu88Y/+ff12fq4NwJsqY1mBHr9LoibfEHmZD/MwhlmJZJAGayjKfgy2NzvcosTZ6y/xyYUj063288xlmTYI/DB4OlftKkGgVS9kJynfDb2AjrThJ37jHSp0KULUlF/tWLvkQ4v46bsmaR4S+XxI3Zo85g4i0Lidoeq05PzmzieiCtheWSOTp/7wo0c32UHkn4zKIQT40xBgwAnQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastcorp.onmicrosoft.com; s=selector1-comcastcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MSFd65XqgKjuPEh1hJ3AozZsEXeDcGl66ePsPQCICZA=; b=cHsTKxyTH7dyxI0f/P7cpZNI/mHpW3HcP7UzB13yY3kTZ8n2Yf37c4jMkjR8nWBuo+iENAwcC/LtOHzI0itzbN1xgBpSWVjYMw8buqN/GAmAkR7IH93VPNeSKmJDQai0kaSzDLgWWaHTbnqJwOY89zDfMc6626znil1ucNX+9RQ=
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by SN7PR11MB8112.namprd11.prod.outlook.com (2603:10b6:806:2ea::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.32; Fri, 12 May 2023 15:54:06 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::3e08:43c2:23b:e582]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::3e08:43c2:23b:e582%5]) with mapi id 15.20.6387.021; Fri, 12 May 2023 15:54:06 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: "BIMI (IETF) (bimi@ietf.org)" <bimi@ietf.org>
Thread-Topic: BIMI/DMARC & PSL vs Tree-walk
Thread-Index: AdmE5oqXnb2ycZWlSGyUy4jrsSsHHw==
Date: Fri, 12 May 2023 15:54:06 +0000
Message-ID: <MN2PR11MB4351AF35F579FBC34B97D7A6F7759@MN2PR11MB4351.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_ActionId=d6a2b130-6583-4df3-8ee7-464fef0849be; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_ContentBits=0; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_Enabled=true; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_Method=Standard; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_Name=Confidential (C); MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_SetDate=2023-05-12T15:29:07Z; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_SiteId=906aefe9-76a7-4f65-b82d-5ec20775d5aa;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR11MB4351:EE_|SN7PR11MB8112:EE_
x-ms-office365-filtering-correlation-id: 15d2b8ca-44a9-42f5-577e-08db53011dd6
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: g9MZyPxEvJgHhul1S1xPfH1We96UmJBEUkS6d4pgcZ99rkYOi67dC7Yorp37NCvSID7p00rS2qL/K9jYoI0I9ghfgeEfNCgLGD/WHSTR6wP2+rPQWXmEAdL4dzzBwnaYOjF2w8GC5J8R81kWQ8ebARdI1HL2vQ1Gsf3FHZB9u2GrHFk50j50TgRLZHD91DxgktP/GGIxypk6cjHB+w1pnLyi3+resCPsTDDJMlspRIwOR0h4LqGaRKjPhOTlpVOWnNGFkxer4nZnlVIjGgv+nnAaqOeDPmXhAwm4QxdwN0OVWJX58z84cBzbQaYn3TypcB9FhXwRlWZ282J2T1gza8yu3Dk1gDY71ZepizC2nd5xzWbQNHWq6ZKjfgu+s3tlg8zNJv0ubhQBcr6U992uwBNcYcDbM9gCeJ/Tn1qKiortAIwZn5LDaa9X3AIwpxx3OGCAQoSi+mcyqMkHZ8Feyx2upQrXxirb4CKs2xfiPae9/zcgtgkxQSgiGnFPecB8tDLhpCbXLZLd1anAKWRfKRjgAfX3beKOZG28aN3dGacWdWg2upJEinO97XXost6T6CNCWMzrwM8HLEX0WNOFnmfZTF1A8aHvXwB0UGrM6/6uOp1Xs5BD/9c7C7q+sP/t
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(376002)(396003)(136003)(366004)(39860400002)(346002)(84050400002)(451199021)(66899021)(478600001)(6916009)(64756008)(66556008)(7696005)(5660300002)(76116006)(66476007)(66946007)(316002)(66446008)(33656002)(83380400001)(9686003)(86362001)(55016003)(8936002)(82960400001)(2906002)(41300700001)(6506007)(38100700002)(186003)(38070700005)(8676002)(122000001)(52536014)(71200400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Vbb9vk4n/LcksfbrqNPrC9dWN28YoNGJTqSBsgxz5lzBFEVlnpCYoYdvNFtWveXHPQAEuoFPLiVRB9umeZo0gzkJZ6/jEh1iLd9E3NtqXQB+MbIWd8bBfHcZ50ixiNzN0PkJkys++N7JhRZzYBl8zAk5C+czl3RpFEcVpcRFH94Uzp8I7/w6z3KD994lSCeWN5FoxKxWzIG6/NzXe+yuOuZZDc1rAnAXe/xGuxVkeP64oujB/6jookvef3yBe2Z/N5uNUa4p++ZtGaWWZArRO6ZKkdxCQ/zwZ1vs0Fc9C5l4IX40SiYyIlRRGw9XhHJNBfSgehDxVUo15QNOolK0qQGl0EWw98TldC7RMKw+g5LaZijBUQMoAYqsM45jdVPimXe6Ldb7eYEJOW2gBMqGmOqdT0d5X7NiPGew2tJtRv4pssuehW+zZU6KlG3Z9u6OzohRQJ+WPOSPb/HY15estjIirq/tybZSPY+992pAoeeKjw3hZCu7Nd9+EJnUqFjggr/bt4Z4x7HTI67R2I0FaTn5EqHqICcunQTtZxSF2V3U/3FiCalmBT8WvJk/1hbxAE+AI25BdTddN5qfCLfGTktdQLwUamOSWdTknQDeBqmkL/GcWN+5JjNtyZPpSUnFqU79kku5hiUinRbOmMesrqGUARpDRGsIxLYBzHeHmpTKON2DjU33acQZEMIi/S0N1dwNrKqXv0UVbPImk9ntyzy3JsMMOjhDXZuOm3X+J1BkP9MmwasIWpuK9dlwTCqCUs5j2W8gVnvv/jjFd7Qle93Rd2pSllvwTB5dzYu6WpjEiigJ4NS1WJKLRcikna0q22sjjsfupQFXnf7UOWTaLGHgwwyQl26FRuB1cgyMX/7G43+kv+OkNzXintPPXy333q0E4yD/C2MJlX+cwiBCiRUa/afULKc2vK4Fk69GAvOFFqdyaAuHK47QTidkgMK4mKxc3qba2+AWaLxtf3rE8OPKhtlBrOOy7cHz4Td3Wv4rj57eRypXZUXABLfKPKvWcbznGQa/80miRcx2ZAPUIUIX1HeaDhm18jlGzR09Ps39RKjivd5Kv6H6dPHPFIdCJC+K4tZOeI4Hm1pKiZ1qAcHXufNk9trYVkeYVUz7RpShMB+1M0GisLmb28u1a4ZQWvLB5KIbiLtRrr1EJ6h5xDguK+HLUGMSunNuoABKdWSFmrc14Z9yhxpoc3ECPZOor6MgCxU8cPBC4U1FXQ6y3j4bxxGF48q2iS5SP4Oq22Y+YhA54okw7tDcMTya0UsTprHSYKG6sHFb9mLEPN731ORfje9iHsRt28UhAYnuLBzWawVgq3MHrvrhXu2YdePucIhLI/sP9WfmOydOTjHAYIzM3ZBB7vA0+oh2v1hi7xP2jvKfUM6X9CWlXs3ypOGsm80rXm2yVl/SOhLnHq51Vz883BVaPPGmMwY4nznRbK169xc2HcKxGPyd6UsfkGT65gdM1KgDSgU13CgKCzHKeyoIlVRFU6KYz6I14b6nGDV2xBZ5EQro/OzrgYpjCSEltuF4NQ0xY95yNIuQT+jmNV46o67mMXqCdmtoHgJg4TQluWcfH8BoPP07H2JXgZCKL9s8A7pKQ950/RHNCPpoFaHcCQPDbfFbDI3vqGAOxc0Vr7ZcW7dKtuaEMVCP5HhchJHIvUP3EdpWetCD1p1pZQ==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: comcast.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB4351.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 15d2b8ca-44a9-42f5-577e-08db53011dd6
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 May 2023 15:54:06.3549 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3pDkOZStQ1m1pY5txV4rgUmU2e6xjUuFjtVluw7xdSPjBKUdXjAht8/bi+IEJRJz59qUDuVA/VeCMZwNE8rTdtv3ISWXlIdKKC+Qdk0MVfU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR11MB8112
X-Proofpoint-ORIG-GUID: k57HfLbC6GqjR9KP_stBrNtpKgJy1E1f
X-Proofpoint-GUID: k57HfLbC6GqjR9KP_stBrNtpKgJy1E1f
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-05-12_09,2023-05-05_01,2023-02-09_01
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/Nus2O6gxShliK2YXpjtbDQs-BGY>
Subject: [Bimi] BIMI/DMARC & PSL vs Tree-walk
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 May 2023 15:54:15 -0000

Hey folks,

With DMARCbis, the current draft illustrates a method by which the DMARC policy is discovered via a tree-walk instead of utilizing the PSL.  I'm not trying to hash out the decision for DMARCbis to do that, there's a different list for that.  I do have a couple of questions how this relates to BIMI.

Assumptions:
1) Message is coming from 5322.From domain "marketing.emails.example.org".  No DMARC or BIMI policy declared here
2) There exists a DMARC policy at example.org for p="reject" and a BIMI policy at example.org
3) There exists a DMARC policy at emails.example.org, p="none", no BIMI policy declared here
4) All authentication aligns/passes
5) 7489 would have found the DMARC policy at "example.org", DMARCbis will find policy at "emails.example.org" 

Questions:
1) Does it matter that the DMARC policy and BIMI policy live in different locations?
2) Do we care if the DMARC policy is different?  The apex domain is still p=reject.  However, by inheritance, the exact 5322.From domain is no longer protected by DMARC (with a policy of "none").  This wouldn't have happened with the PSL method.
3) If 1/2 are problematic, does BIMI need to consider a tree-walk method?  That seems like it may be less ideal as it may not protect the apex domain.
4) Or is this just not a problem at all?

Thanks

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

v2.23.0 | Report a Bug | By Email