Re: [dmarc-ietf] Bridging the gap
Alessandro Vesely <vesely@tana.it> Sat, 18 June 2022 11:25 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8BC6C15BE7E for <dmarc@ietfa.amsl.com>; Sat, 18 Jun 2022 04:25:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.002
X-Spam-Level:
X-Spam-Status: No, score=-4.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=tana.it header.b=lXWEZR5+; dkim=pass (1152-bit key) header.d=tana.it header.b=Cyjy5xOZ
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0on8wUiGKPB for <dmarc@ietfa.amsl.com>; Sat, 18 Jun 2022 04:25:38 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F7DCC15AAE7 for <dmarc@ietf.org>; Sat, 18 Jun 2022 04:25:35 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=tana.it; s=epsilon; t=1655551529; bh=iBq+ypoB79DnTQSudbYk33iN/SbHPS36eXIuz3TqM8s=; h=Date:Subject:To:References:From:In-Reply-To; b=lXWEZR5+TDUEYY0/3dAd/nvR6NDl4BoZud2StaweEZbNxLw1eXWC2woyGywLSVYcM qeL/mx3/sO/8Fys/lZWAA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1655551529; bh=iBq+ypoB79DnTQSudbYk33iN/SbHPS36eXIuz3TqM8s=; h=Date:To:References:From:In-Reply-To; b=Cyjy5xOZh7jtBrD95GQ8TUPwXwmm2pO4YA06XR47vehU+oHqzAoavzqNDhkHV76Q2 giDRrDEgac3IvkKO7JUGvOQEo+De9RDiwxwHOXasVsC3mNaVvKxuH/KkD4NsHFA5xY iid5AXeOmSAEPo7FBdh8GNoZxFuiNbktv7vlNDmJbGd8GP6+NmT7iRVSmit0V
Author: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0CE.0000000062ADB628.000001F3; Sat, 18 Jun 2022 13:25:28 +0200
Message-ID: <1a6f4fc8-6567-917f-8365-6fcee7b28348@tana.it>
Date: Sat, 18 Jun 2022 13:25:28 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0
Content-Language: en-US
To: dmarc@ietf.org
References: <20220615174742.BBCE443B1333@ary.local> <edde1042-3ac8-6538-816a-411800c709ff@tana.it> <2556752.voWYGx1xz9@zini-1880>
Authentication-Results: tana.it; auth=pass (details omitted)
From: Alessandro Vesely <vesely@tana.it>
In-Reply-To: <2556752.voWYGx1xz9@zini-1880>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/0qa2ROMpZigrXl5Gbm2VxYAk4tw>
Subject: Re: [dmarc-ietf] Bridging the gap
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jun 2022 11:25:46 -0000
On Sat 18/Jun/2022 02:40:49 +0200 Scott Kitterman wrote: > On Thursday, June 16, 2022 11:57:08 AM EDT Alessandro Vesely wrote: >> On Wed 15/Jun/2022 19:47:42 +0200 John Levine wrote: >>> It appears that Alessandro Vesely <vesely@tana.it> said: >>>> I think we found the few critical domains which need a flag. >>>> >>> We may have found some domains that need a psd flag, but it's silly to >>> assert we have found all or even most of them. >>> >>> The PSL has 9300 entries and there are surely far more places in the DNS >>> than that where you want sibling domains to be separate. >> >> Is there someone who is going to contact, on behalf of the WG, the domains >> that were found in order to have their owners publish psd= flags before the >> RFC is published? > > It is a project I intend to work on once the psd= tag has been assigned. > Until the working group has settled on it more definitively than "it's in the > current draft" I think it would be premature to bother them. Agreed, we can wait until RFC queue. I think many of the required tasks can be discussed here. Namely: * Listing relevant domains, * finding contacts for listed domains, * composing the text of an email to send them. Actually sending those messages would sound more credible if done From: Someone@IETF.org. Does such a role exist? > From your list further down the thread, why do you think having a psd=y tag on > gov.uk, police.uk, and mil will have? While it would be more descriptively > correct, I don't think there's any operational difference if it's there or not > since sub-domains of those PSDs are controlled by one organization. I don't know how much control do parent domains exercise downwards. It probably varies widely in each case. Anyway, the tree walk needs those flags in order to work properly. > If us.com had a DMARC record, that would be worth a discussion, but they > don't. Why does uk.com differ? They do have a DMARC record. > It's not even the ~500 domains on the PSL that have DMARC records published > that we need to concern ourselves with, it's a small subset of them. I counted 238 of them, discarding the ones with '*'s. Many can be grouped, for example blogspots and all Google stuff. The PSL refers contacts in comments. I don't know how to better select the domains which need to set the flag. Presumably, the mail will say something such that each domain owner can understand which domains are involved. Best Ale --
- [dmarc-ietf] Bridging the gap Douglas Foster
- Re: [dmarc-ietf] Bridging the gap Alessandro Vesely
- Re: [dmarc-ietf] Bridging the gap John Levine
- Re: [dmarc-ietf] Bridging the gap Alessandro Vesely
- Re: [dmarc-ietf] Bridging the gap John R Levine
- Re: [dmarc-ietf] Bridging the gap Alessandro Vesely
- Re: [dmarc-ietf] Bridging the gap Scott Kitterman
- Re: [dmarc-ietf] Bridging the gap John R Levine
- Re: [dmarc-ietf] Bridging the gap Alessandro Vesely
- Re: [dmarc-ietf] Bridging the gap Scott Kitterman
- Re: [dmarc-ietf] Bridging the gap Murray S. Kucherawy
- Re: [dmarc-ietf] Bridging the gap Barry Leiba
- Re: [dmarc-ietf] Bridging the gap Dotzero
- Re: [dmarc-ietf] Bridging the gap Scott Kitterman
- Re: [dmarc-ietf] Bridging the gap John Levine