Re: [Bimi] BIMI/DMARC & PSL vs Tree-walk
"Brotman, Alex" <Alex_Brotman@comcast.com> Tue, 16 May 2023 11:22 UTC
Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68022C15198D for <bimi@ietfa.amsl.com>; Tue, 16 May 2023 04:22:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.994
X-Spam-Level:
X-Spam-Status: No, score=-1.994 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com header.b="HJeK5QDl"; dkim=pass (1024-bit key) header.d=comcastcorp.onmicrosoft.com header.b="QZki900J"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qJxa_TOdbz0B for <bimi@ietfa.amsl.com>; Tue, 16 May 2023 04:22:20 -0700 (PDT)
Received: from mx0b-00143702.pphosted.com (mx0b-00143702.pphosted.com [148.163.141.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5187CC151556 for <bimi@ietf.org>; Tue, 16 May 2023 04:22:20 -0700 (PDT)
Received: from pps.filterd (m0156894.ppops.net [127.0.0.1]) by mx0b-00143702.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 34GBJvYt002781; Tue, 16 May 2023 07:22:19 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=20190412; bh=3UCqJX69dssRCMXO+nt7xhm74M9ujp7p0EcXW49O62w=; b=HJeK5QDlGKWAShkD8653t5FdWnTJcc97j/PrayLRV7ndJnbkxqFePYpKKp+U+1vSHyNE HusaktYeN5f8A4+2JwyeTrXPAOz5KZis62hH8GvqVBDtFHF4/Txzx69wMnxlgXDSMn8S fovDBuw2x77U4yuOrbKbghBfmg2EA/NtjmgD3vRpGOi95uA6zTEqwXFSQJ0g4nED7Z8c iVMwaYs9RpNdeEGf3NlIAA4vXzVFcD90KQQywJn/i5b0/WU8r2pQCgyihZdwNo2UGCfH LAeSDJ5zB0RChOiGe1eJpLStkaICiSdYBI79sH8dyUE00KfHvT+QdulUJRCOJ6JjMAaf UA==
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2168.outbound.protection.outlook.com [104.47.56.168]) by mx0b-00143702.pphosted.com (PPS) with ESMTPS id 3qjqttw5fj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 16 May 2023 07:22:19 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gQQc6Wqj1PMnisyNbdij4rlx8zUjrzQnajoaBzVLX+jhRfiJbL469KLEOTdY1w0ojSvsupUewSs6sd0AeFQbqRCHxkf4qF+9TZWyZgNsGwF9W9phT1Cww4CMwj0dWPHvxVv2pc2e/5W1FX8UGr17CwwL7ozR/12RPWoC0YVqUf0bO5/yYujdqyx2nzJaHcY1oekdsSO7Vd5f6vKM0b6KllFAccD45DTQXg7kOrdCb2YNxf9MbKQKSCrDNqquwRwL45FbVfeaeq452qUUe7b3CGjTikt7CWAlijbOy8Lz53LwdQayY4uw9RizGsmXzzfg1Dypv0XW+4UtvV5k39My4g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3UCqJX69dssRCMXO+nt7xhm74M9ujp7p0EcXW49O62w=; b=cCw9fSuDGEAq7Wdf9KVVDQyAJoaas4Gwu7+aS5Z4AyFsTybON4xavWSEmQrsLU7N2tOZJlsCyV+Q89M/9ZmHQRPWN/+D+ObSOoiStX0fHvjknCem6BOQ930OtSWyl+dfasksyBkZpAqyN128TiwCzpELn2gJeNJxrBHgZUFFGvFjerE/zpWMyTJhyuV/EY3l7Cb1HPJZBnGCQQHOhigT4ZhfkSwMOfLJn/askOK7EAiCtOgcBNGDaVNPHg2NfGEMGpamMI+1yTlIJRf2WJxhsSeaTOWOpi45Ru4XAoLMH6uLNPIB2GBFnIPpknVReJQZq8Y8radzNW5oc4HEGoGKmw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastcorp.onmicrosoft.com; s=selector1-comcastcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3UCqJX69dssRCMXO+nt7xhm74M9ujp7p0EcXW49O62w=; b=QZki900JmsyQaObiepVB6IkGr9MpJkcH/l+QIyybZL1G+/scGEX1RqP6kD0kknHdKypIOgmBJ6xjMO7VQYSmI6d7bePf0ukyaKx5PMMiF8i5XDY0wpwS88jkdeME6E9Mxkz6t2zWmIK5wa+G9UaM/B3lA/CdEfzwVos0cHFX95Y=
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by BY1PR11MB7982.namprd11.prod.outlook.com (2603:10b6:a03:530::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.33; Tue, 16 May 2023 11:22:14 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::3e08:43c2:23b:e582]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::3e08:43c2:23b:e582%5]) with mapi id 15.20.6387.030; Tue, 16 May 2023 11:22:13 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: Jothan Frakes <jothan@jothan.com>, John Levine <johnl@taugh.com>
CC: "BIMI (IETF) (bimi@ietf.org)" <bimi@ietf.org>, "ken@kenodriscoll.com" <ken@kenodriscoll.com>
Thread-Topic: [Bimi] BIMI/DMARC & PSL vs Tree-walk
Thread-Index: AdmE5oqXnb2ycZWlSGyUy4jrsSsHHwAv704AAAeRcwAAE2e/AAB1cO1w
Date: Tue, 16 May 2023 11:22:13 +0000
Message-ID: <MN2PR11MB435192D69166D9520D904250F7799@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <535f1c438cc05398875f30b857725722@mail.gmail.com> <20230513175842.1C5E4D7BA9E2@ary.qy> <CAGrS0FLHaszUj7Dn1JXnEgM_JFKae50ea6tYt-nU-7ZXqKe0wQ@mail.gmail.com>
In-Reply-To: <CAGrS0FLHaszUj7Dn1JXnEgM_JFKae50ea6tYt-nU-7ZXqKe0wQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_ActionId=c9627323-4b2b-458c-8d38-bde7d819d793; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_ContentBits=0; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_Enabled=true; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_Method=Standard; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_Name=Confidential (C); MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_SetDate=2023-05-16T11:17:02Z; MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_SiteId=906aefe9-76a7-4f65-b82d-5ec20775d5aa;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR11MB4351:EE_|BY1PR11MB7982:EE_
x-ms-office365-filtering-correlation-id: fe058643-b694-4fed-1d58-08db55ffcc61
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KFOVerjSeUlYlWna/Kgk9CNIeRYr0xS8npViwyH6gsklPmY8LZvhkODhP6wVQOMlfPwAuK+2r5668GbyRC0LKV1HN49JVbxRwRlF2UbKywOJJ8U5mq1NsgI2xWu/LwzKqc6SFB/S1NeuosyxOH7PwNLFBnsAnQnl6pOCX0li+YMYQ2iDutLWUdlLPwzcPhYq/P1xCh4J8EIKu4hLLfHLRd0AiUFYvH8YA43xeE30UxeEJRP+p9R3khrLRhRjLoyLo+WcpwjkOUc223kMJDXAPsVzrX2Qjcx45o/H5mHcidFFskeDtE7C3twclpBH3lTRASo9Jo5WX13shvtyxbzgRZD6K737sYKawQGFwCEuaSamthOzh8vIO1+O5CJRGR4hlUNLVh1kRnSqpx8LUAK2uq5NdXqLaXjFkS8l7em+oNoV/NPIkPUKHm34ywiCvUzBngWagliV0uRK6lwqlqObbzS4ZN4q4VGl5MsH3cTHI2aOuA8oBBohk6sZiaJk9za8p4yQgbe26zovSMhW6hiL4p6mbkp3l9f3jThn8kKukucrVObCGRQDphD8iZOnNBjNUuNqZAVAipq2nuypx8UN7XMGKMSz7/C0kMsitrD+B8A=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(136003)(376002)(396003)(366004)(346002)(39860400002)(451199021)(66946007)(66556008)(66476007)(64756008)(4326008)(66446008)(76116006)(478600001)(316002)(966005)(110136005)(54906003)(7696005)(33656002)(38070700005)(166002)(86362001)(9686003)(6506007)(53546011)(186003)(52536014)(41300700001)(5660300002)(2906002)(8676002)(8936002)(55016003)(71200400001)(122000001)(82960400001)(38100700002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: yLHT9RAU682IrGXzkKCNbxLGGq+oq9VXujo5In1CD7gtw0aWzxVMAszOXERQR5Ns7XIw0pIiuigJlmwUj61J2lyGANDLnzJsZVR/aZcne8wKmfXfwtaKt/34iG9DJIcoHCd4ZbAjRJ3abXPnZSHIArQRvferS0MMgHLOfnwikaocHzFT8YGpb0ORAyIj6fZ9bPsncg78exk0KDy66HHavRlr8OZFYretrZaB0oT3jk2kSvLBl3n85zcnEXF6yXd1pmwXIJibkmzlA7kUDduMd58SGq6n6vpXt4EzjUjbu/3ZZiDfMtFtNHO6wEP9zNCHxX6kE08ypP8oAdGhxDctcczP5B62Tp0U/Z06dhhGZq830weWRUNbSSwzs0sX5AKhpzMtZOT7badROqF1gGKRqfD2o1k7ETAoIjQK4jl1cKo8F8dEXcIzwAiHOa+T8dLtY0j3oHvF15RICnqKttJHHHjTlKwx3EHHEHG3A3boEkxGI0ZCXpjY8YYFReKnl8ISpUQZtZBilN0MmRSHBoCFxjGpGeVEg4/Knj/9tWshyo7dtGVGRLhnqxJmy/7+ItWRVperXTsP19nkiXZNqdsI9Qv/uHbgJW+NjiLA9swxq+cc/XDQnoarEzX8pvoSMoyqsknmaObn1z4PRrYPGjQyuL0NxB6370E7/WEX0eJoChZcgRnqQpS8tdoCWoyNc9q/k0xygUyBRpqE+nZphzIt/dyChmlRA/8B79j5n7ThAEdj14AsdHJC2y5vJH7HMH5FY70tIDgNxoAcFx5pG7G4JFaSpe2A2lXoZiDbT59g5vjnCXlDjMtt9I9Xs6UqoHNXYVCH+jYPKapO8diqmnisJOIJsCXtcFNNgfC/y5mfCmJ3ZFaptvl9E/aqcEC4gvj1EOKxQVPjtJv79OzpVYG40TmDVFKZIZMBe0aoRs3e28hKq2trBzEcMiQ+sRoQJ83qMRBaSV5eN+pwGho79d4iPYZamORU6e7Rk/8tp8coN++/0lIjKBs55ac+q/FBMnk0KcYQO7goJfR24CLB9pmTw7vWRZLTtigsJdIU1grUJOSESVgh/CZViPG+g0IE+ckYLBkbrP9jgwvyCugpGZphjQ2Yf/JJUDWkiBi6V8hXRyDAvGulp1WhxGUw2+wHnEOlRICNb4wAxLCRos8BK+KOe11nm1PMPdkj8OfUiX0DBZlCbGl6D1615E0Hy1SSj38yAWjDXMcSxmsn5oLf4OTZlHvpMOvLktkeOt6roXnV0DhxniY/V/bI6McvZwBjxnyCq9VrpbxE5qeSzBCTrvNY2Y7Uxu2EnFgHf3hFxVR3uu7Yv1Ci2FsroatTyfboROuQduimhcEFn5Ob0tku2XZXvCe+GDvZma3Wv7q06d7fC1Hyjul3w/kn9/nVB+8rkeC6+XNwz82M+TcUw/aWAM21W6fjCRKcsfAJbpasViCV0dQE/ijAdDO5R3iyf8OPt58UHwVMOThZLPETsRs1GzM3ZoAfHTg2hrGmSCERO0IWJAi0tFzIxLzw+vhdLJjdH3E0+0NO7ccrMTjUm6fEYPICbogB59RpuDxSPOYfnpn4oDIwFom0FR4xbkmJ/I6l4Lk0zla9QkBbBaWG5N9BdwDxO9/AXynuBRJQniMYm6ScOKlKBVbPpNQaHXBDKO2gQtyl5L3dH3oPReVaBjYe5+XlDQ==
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB435192D69166D9520D904250F7799MN2PR11MB4351namp_"
MIME-Version: 1.0
X-OriginatorOrg: comcast.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB4351.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fe058643-b694-4fed-1d58-08db55ffcc61
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2023 11:22:13.6836 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: C57nMMbqwvbRDwNmaxS8sULMnhzi/Ub9l3ryUdyHkewMFHtCMQkZWWSJMn1UBfupBzhZ4hPhpWAJddTX+R25QJhEtzLshDAJWnfBCAhOd+o=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR11MB7982
X-Proofpoint-ORIG-GUID: vkVD2Yv2NvEIcAYDPTQ-tptGEpvRB7MK
X-Proofpoint-GUID: vkVD2Yv2NvEIcAYDPTQ-tptGEpvRB7MK
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-05-16_04,2023-05-16_01,2023-02-09_01
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/eQr8bVaHZ0xV-VXnUsD6rkliOdA>
Subject: Re: [Bimi] BIMI/DMARC & PSL vs Tree-walk
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2023 11:22:24 -0000
BIMI cares very much that the apex domain is covered by proper DMARC policies. I was talking with Todd about this a bit yesterday, and I hope I don’t munge this too badly. There exists a section[1] in the DMARCbis that discusses finding the “Org Domain”. It seems like BIMI needs to add a similar section, without the caveats relating to discovery exemptions. Effectively, DMARC cares about alignment, whereas BIMI has a requirement for p=q/r in specific places. BIMI needs language in the Receiver Actions section of the core document that discusses this topic/action. 1: https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html#organizational-domain-discovery -- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast From: bimi <bimi-bounces@ietf.org> On Behalf Of Jothan Frakes Sent: Saturday, May 13, 2023 11:14 PM To: John Levine <johnl@taugh.com> Cc: BIMI (IETF) (bimi@ietf.org) <bimi@ietf.org>; ken@kenodriscoll.com Subject: Re: [Bimi] BIMI/DMARC & PSL vs Tree-walk I agree with John about BIMI being more tied to DMARC than PSL, and it seems wisest at this point to focus BIMI on such self-managed resources as opposed to using the PSL for it. The whole concept of BIMI is fascinating, as an aside. On Sat, May 13, 2023, 10:58 AM John Levine <johnl@taugh.com<mailto:johnl@taugh.com>> wrote: It appears that Ken O\'Driscoll <ken@kenodriscoll.com<mailto:ken@kenodriscoll.com>> said: >The DMARC WG moved away from using the PSL for very valid reasons that >probably don't need to be rehashed here. Those reasons are equally valid >for BIMI. I think that BIMI should follow suit and use whatever mechanism >DMARC uses to determine the organisational domain. It seems hopelessly confusing to do anything else. >Also, why do you think the current spec (dmarcbis-27) would give a >different answer for the organisational domain than a PSL query? We spent an absurd amount of time arguing about the tree walk, due to a few people who obsessed about the handful of domains in the PSL. In the vast majority of cases, the tree walk and the PSL give the same result. We found a few cases where they didn't -- a domain that sends mail but doesn't have a DMARC record, an org domain with a DMARC record, and another domain between those two with a DMARC record with a different policy. When we looked at them it was not at all clear which result the domains expected. How about telling people that if they want to use BIMI, it would be a really good idea to publish DMARC records for the domains they use to send mail? Then the problem goes away. R's, John -- bimi mailing list bimi@ietf.org<mailto:bimi@ietf.org> https://www.ietf.org/mailman/listinfo/bimi<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/bimi__;!!CQl3mcHX2A!FrqfOqaBEehptzKbFY2mUgioXAuKsgfqdZR9VvbZnvQOGPSzMo6ZvN-Ji9zwI-krjKJcnkxzmdUvxyRx5PcNYew$>
- [Bimi] BIMI/DMARC & PSL vs Tree-walk Brotman, Alex
- Re: [Bimi] BIMI/DMARC & PSL vs Tree-walk Jothan Frakes
- Re: [Bimi] BIMI/DMARC & PSL vs Tree-walk Brotman, Alex
- Re: [Bimi] BIMI/DMARC & PSL vs Tree-walk Ken O'Driscoll
- Re: [Bimi] BIMI/DMARC & PSL vs Tree-walk Dave Crocker
- Re: [Bimi] BIMI/DMARC & PSL vs Tree-walk John Levine
- Re: [Bimi] BIMI/DMARC & PSL vs Tree-walk Jothan Frakes
- Re: [Bimi] BIMI/DMARC & PSL vs Tree-walk Brotman, Alex
- Re: [Bimi] BIMI/DMARC & PSL vs Tree-walk Todd Herr
- Re: [Bimi] BIMI/DMARC & PSL vs Tree-walk Tim Hollebeek
- Re: [Bimi] BIMI/DMARC & PSL vs Tree-walk Jothan Frakes