IETF Logo Mail Archive

Re: [dmarc-ietf] Organizational domains, threat or menace, was On splitting documents and DBOUND

John Levine <johnl@taugh.com> Thu, 12 November 2020 16:30 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD28D3A0FB1 for <dmarc@ietfa.amsl.com>; Thu, 12 Nov 2020 08:30:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.85
X-Spam-Level:
X-Spam-Status: No, score=-1.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=cKvWqj+f; dkim=pass (2048-bit key) header.d=taugh.com header.b=PvO5vlh+
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IEyI7M9TOWB1 for <dmarc@ietfa.amsl.com>; Thu, 12 Nov 2020 08:30:58 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54B883A1391 for <dmarc@ietf.org>; Thu, 12 Nov 2020 08:30:57 -0800 (PST)
Received: (qmail 73035 invoked from network); 12 Nov 2020 16:30:56 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=11d49.5fad6340.k2011; bh=4lFfCH2qoA3Y8Z6Gvk1E5SB+TPSJCWmIcT30VSUDSzM=; b=cKvWqj+fGDfVjd0O0Sb5AYry31fsuEMBOCXwQy5EU3EXofqrQIRguU6GUlTJaM82aZDZ7DbBB1ssnOY4pjKwxNM5BzD0eYLPlCl8DpRvzS8RPxrKX7XddCPLC68AYsb4OoMc3P86HwZS1OL3wK5sldLYp7QLNTQOWP5HxeX2dPX+YKk4pRZwjwcbk88EwhoOCtfEm1dmt6V+mXzytvkFlb5L8DETJonJfQfIVR8xiOo3yIPKRCQ5SWTzsS6Yw3rso6oOjcCr1APiwRhdUapsVPp6j9+ApYbt86jwWr7i4RqH3+F897jTRYL94d8wH4dNOi9kUeZWMie2FVpDOeoyhg==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=11d49.5fad6340.k2011; bh=4lFfCH2qoA3Y8Z6Gvk1E5SB+TPSJCWmIcT30VSUDSzM=; b=PvO5vlh+2Y4XjtfO01vsdMshR86sr2YQDxTUR80zo092YWdJ9f0+41598cyyS9HevjKm96ZNu8o8rUxUzad/45rYTMOBXJuTOnopq6X5fblxQPrSRf6WJHbIrKhbvOSq4tXhoh2Ph2f6lLyK7nbu/iGlyr2OgiwacR3Zchu0Bx1SPBQN03C51vPO43keAji5wVcV7TOnLTpLFyqqe92//HrB2r2TaSjAW29uMbUn8dsQQOzrhbrtzBtBBT4BfYpbox/0WCgPbGDmc0tzPv7RrQQujKfwtjrPukBBvKcDrjedJLd2vLVOiYSpZNMkrwiKeolI61dU87Al0Me7DiLSsA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 12 Nov 2020 16:30:55 -0000
Received: by ary.qy (Postfix, from userid 501) id E3FA22634C27; Thu, 12 Nov 2020 11:30:54 -0500 (EST)
Date: Thu, 12 Nov 2020 11:30:54 -0500
Message-Id: <20201112163054.E3FA22634C27@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: brennan@columbia.edu
In-Reply-To: <CAMSGcLCOUG_a13kwgU==HdpHG+ZpMO5caO2tXKqk3TH=N7-8XA@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/-PQm8_AuDNsyl7g-CZWTMNXTrYM>
Subject: Re: [dmarc-ietf] Organizational domains, threat or menace, was On splitting documents and DBOUND
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2020 16:31:00 -0000

In article <CAMSGcLCOUG_a13kwgU==HdpHG+ZpMO5caO2tXKqk3TH=N7-8XA@mail.gmail.com> you write:
>As another case, would people be surprised that email for the medical
>center cumc.columbia.edu is a separate system managed by a separate IT
>group from columbia.edu, and that any authentication for one should not be
>applied to the other?  I don't think this is unique in large decentralized
>universities. The real email world is a complicated place.

Good point, and those aren't boundaries that the PSL et al will show.
On the other hand, if you don't want your nominal parent organization
stealing your reports, you can fix that by publishing your own dmarc
record regardless of how we find the org domain.

I asked in DNSOP about tree walks and my take on the response is that
they are OK, perhaps with some advice about how to limit the effect of
long malicious domain names. The CAA record has required a tree walk
since 2013 and the sky hasn't fallen in.

I guess if we're planning to consider a tree walk, it could make sense
to put the org domain stuff in a separate rather short draft.

By the way:

>>     engineering.sun.com
>>     oracle.com

_dmarc.sun.com. CNAME _dmarc.oracle.com.

Since nothing else is going to be at the _dmarc label, CNAMEs work fine for
cross-tree references.

v2.23.0 | Report a Bug | By Email