Re: [Bimi] BIMI/DMARC & PSL vs Tree-walk

Todd Herr <todd.herr@valimail.com> Tue, 16 May 2023 12:55 UTC

Return-Path: <todd.herr@valimail.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52DF5C151B13 for <bimi@ietfa.amsl.com>; Tue, 16 May 2023 05:55:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X8dQmvZgeJ57 for <bimi@ietfa.amsl.com>; Tue, 16 May 2023 05:55:35 -0700 (PDT)
Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2C5BC151B16 for <bimi@ietf.org>; Tue, 16 May 2023 05:55:35 -0700 (PDT)
Received: by mail-pg1-x529.google.com with SMTP id 41be03b00d2f7-5343c3daff0so464597a12.0 for <bimi@ietf.org>; Tue, 16 May 2023 05:55:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; t=1684241734; x=1686833734; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=xgK3BdlxWz82iO2sKLvGPPNGLmfkotnABj682qJTOMI=; b=dIhUlrMQo27VgzFDPfMWwGFUqKDWQn7LjIoHXy4vJijJ82I3vwQAkChY48E5I5V+pT OAf6hgZ6k1B9kw06baDUohx+5nNSJ4rqQy3hvOX1SslpS/Pp+LXYkBJu3zO2a1gqxT62 6ExXuzhBzMzlhY0d5LVsLRNV+fH+o/PeHN4lUyw/kt7ruKb+pS+e7b0ZfKEQ3JcDlGZE xmsxUA3tEq3hA861Cx7hz9pKn4/oY7VRK/Iq6z9TQKgjAnwXYW5CSXeL8z5ob8iEJ0Bv 9X9fNn7jCcomKjEufiHb7zfyX2qZOzmZZKAsjTVKONhpFQT2UBFIHhL9YJ61O1FlpfnN 4Ziw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684241734; x=1686833734; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=xgK3BdlxWz82iO2sKLvGPPNGLmfkotnABj682qJTOMI=; b=XLwCFUAlp9qmTPxvjKcA14u7EdKeXeT5UbTpUrJlPqCziKCo6RwjjvTeMUERcHifZu rdwi24Xx5cxhocmYgA0rqUeTITBPx13+TwBScsKdgzmcYjZn6IURkzRJHA1MM/1en8Zs yjM/84ZAs9E7tCDEOkPuZ0qyy0He/EXbp+YN1bEOZvIkUqt5ZhZcbPruqcbnYYdTs/dR ycmSnn8+Y1Deb7YeLtTANitUAV/QuW+mV85tOgvIJFlhMnU2S/fbhvIC5mfVmWesg3HM oBeayWaii4JWc8fjUA3xC3jme0RJoZtsRsCEefXVxst+gnLlgqU+vHZC09ds9m3zLIRx T6Kg==
X-Gm-Message-State: AC+VfDyK8KbA/MgFZN9Cy8EupoHJmtPyilyv5931TobSujijjifaUVXN BAdjmlEzRiCHddMbwqNy0FvzfI/FrL5sCMUR2P11AU8rXiZjuypv
X-Google-Smtp-Source: ACHHUZ5VwHOrZuMq43uw/MeKLY0/yPsTPbRgS1LCUnnRd4EF8Z/IU0NbiWV95o0e7H9iVPwCIXJngFe7uzkc0XeA5Is=
X-Received: by 2002:a17:902:e5ca:b0:1ac:4fb3:1693 with SMTP id u10-20020a170902e5ca00b001ac4fb31693mr44694899plf.52.1684241734134; Tue, 16 May 2023 05:55:34 -0700 (PDT)
MIME-Version: 1.0
References: <535f1c438cc05398875f30b857725722@mail.gmail.com> <20230513175842.1C5E4D7BA9E2@ary.qy> <CAGrS0FLHaszUj7Dn1JXnEgM_JFKae50ea6tYt-nU-7ZXqKe0wQ@mail.gmail.com> <MN2PR11MB435192D69166D9520D904250F7799@MN2PR11MB4351.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB435192D69166D9520D904250F7799@MN2PR11MB4351.namprd11.prod.outlook.com>
From: Todd Herr <todd.herr@valimail.com>
Date: Tue, 16 May 2023 08:55:18 -0400
Message-ID: <CAHej_8mup_QpvW7+Bgp5a7t_xhqQOaORyHR_uK9h1n_DgS9AAg@mail.gmail.com>
To: "BIMI (IETF) (bimi@ietf.org)" <bimi@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000047928405fbcf1604"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/hsU2SZpjhVj8TwigNg84bDMZGgc>
Subject: Re: [Bimi] BIMI/DMARC & PSL vs Tree-walk
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2023 12:55:40 -0000

On Tue, May 16, 2023 at 7:22 AM Brotman, Alex <Alex_Brotman=
40comcast.com@dmarc.ietf.org> wrote:

> BIMI cares very much that the apex domain is covered by proper DMARC
> policies.  I was talking with Todd about this a bit yesterday, and I hope I
> don’t munge this too badly.  There exists a section[1] in the DMARCbis that
> discusses finding the “Org Domain”.  It seems like BIMI needs to add a
> similar section, without the caveats relating to discovery exemptions.
> Effectively, DMARC cares about alignment, whereas BIMI has a requirement
> for p=q/r in specific places.  BIMI needs language in the Receiver Actions
> section of the core document that discusses this topic/action.
>
>
>
> 1:
> https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html#organizational-domain-discovery
>
>
>

I think you've captured our conversation correctly.

For those unfamiliar with the text of DMARCbis, there are currently
exceptions carved out for not doing the tree walk when:

   1. The RFC5322.From domain, the RFC5321.From domain, and the DKIM
   signing domain are all identical (if they're identical, then that domain is
   the org domain)
   2. No prevailing DMARC policy is discovered for the RFC5322.From domain
   (DMARC mechanism doesn't apply to the message, so no reason to look for the
   org domain)
   3. The prevailing DMARC policy for the RFC5322.From domain says strict
   alignment (Can do a simple string compare with the SPF and DKIM domains,
   rather than tree walk to find the org domain)

-- 

*Todd Herr * | Technical Director, Standards and Ecosystem
*e:* todd.herr@valimail.com
*m:* 703.220.4153

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.