Re: [dmarc-ietf] Ticket #111 - MX/A/AAAA test needs justification

"Murray S. Kucherawy" <superuser@gmail.com> Fri, 07 May 2021 21:31 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 351D73A33E1 for <dmarc@ietfa.amsl.com>; Fri, 7 May 2021 14:31:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FvnkrCYR4eFd for <dmarc@ietfa.amsl.com>; Fri, 7 May 2021 14:31:48 -0700 (PDT)
Received: from mail-vk1-xa30.google.com (mail-vk1-xa30.google.com [IPv6:2607:f8b0:4864:20::a30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 674DA3A33EF for <dmarc@ietf.org>; Fri, 7 May 2021 14:31:48 -0700 (PDT)
Received: by mail-vk1-xa30.google.com with SMTP id s131so2196010vka.11 for <dmarc@ietf.org>; Fri, 07 May 2021 14:31:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=cd6JIts3FxLLv0jeQow54V9mU1DpKTh232Eihp2qSiY=; b=Fg+aSKTq4Pb1JISPr1s5i6piV5vNCqZ+oQLc17qGtvBVuY+/ZcVViX0DlCaiW3pVOQ E/eJfLaRqnNdvyDg6ktwojOizY3hJ/AR3H+9F9qljyyufjo+MMziTiqZfjb+RRl5jAg2 pOG8L3KDw5wBCG3GkSt2HfbYQrD6pnw0nnydUzWbDkN4TOjRJ8fUqn9djXpj2y314n1G MGA2n6P9CrLg7Lg6GOIFkcIw4tbeu/s0MXe/16ny5T+NJM/SfPpmlj0Y2OUChwBXpBZM 4Waj6BZSz4iTVxARMh8/WoUAmxvZRGg3jaVNbWz0VFgEX6rNgcQFP+LrmLOTNyWN11Qe vSHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=cd6JIts3FxLLv0jeQow54V9mU1DpKTh232Eihp2qSiY=; b=c6OyE8gtoX8IATCFcVd7rYhUCcs0UtZotQqoVaUkQPNQr8GjBRjhwvnp6w/7otoA2x OD33/usLdLRE/nj4cy+g89M3T3Xsin1DinJVAwXxNZfYod9YXUwwBm3SKbDVKXAWNstv wdXlYct8xcUc5WRolwGKAOluhyP17WqeruIErJu1/IlxRE+xtAkGaM76j1ACKUOSoJNH CguzzxRpt8e/v3wESe3dsRQKQvm4a3/tCmybWEg4QK3+O7vtHVq2VMmPVGQ1GjRrZayt oHGw6w4eXR7CJThZR1V0Qadol/WJ7FK5uE4VjfOz0KHuBIteBM67xw26+xT1AFew1fp6 EmcQ==
X-Gm-Message-State: AOAM533ql8LJoFPMRe6+0YhCP6lEe8YQ50uVTO4h4dMctp2wxhau10N1 YfOICsvVBjR0RnR8IWxZEa/9GWPo+MwMli0Y4jg=
X-Google-Smtp-Source: ABdhPJzTW54a45+x6hzoZifI9SvNE7uizTSL8QnMvy6eoe3B3y0jzXmSaNS4fWloHYr8K5pQf/sbDIGqVn6T6cXKHPk=
X-Received: by 2002:a1f:bf83:: with SMTP id p125mr10257024vkf.14.1620423106854; Fri, 07 May 2021 14:31:46 -0700 (PDT)
MIME-Version: 1.0
References: <CAH48Zfw36HJ0C4owJXPowgVqwZ5eLxSwibQ6ANzryZDKO0B6dw@mail.gmail.com> <3f70ef7c-d506-d799-2cb0-d836f47bc3d3@wizmail.org> <CAH48Zfz67fFkyPMhvcQ6JHJLSwH9UAtENrDrzDC=1p-CHJ9oPg@mail.gmail.com>
In-Reply-To: <CAH48Zfz67fFkyPMhvcQ6JHJLSwH9UAtENrDrzDC=1p-CHJ9oPg@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Fri, 7 May 2021 14:31:35 -0700
Message-ID: <CAL0qLwaW9B7DusrBPZ-Ub7Z2omTi2mswyUainWwFGk14=tpsOg@mail.gmail.com>
To: Douglas Foster <dougfoster.emailstandards@gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ab82ef05c1c42715"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/2XXPdg6i63Itg0tw7hEy4lCsxec>
Subject: Re: [dmarc-ietf] Ticket #111 - MX/A/AAAA test needs justification
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2021 21:31:50 -0000

On Thu, May 6, 2021 at 4:19 PM Douglas Foster <
dougfoster.emailstandards@gmail.com> wrote:

> I was referring to this section of RFC 7208, which I have interpreted as a
> replacement for the older language of RFC 5321.
> Perhaps I overgeneralized, and it is acceptable/desirable to send NDRs if
> the system is confident that the return-path target is not forged.
> My perception has been that NDRs are widely ignored even when they are
> sent.  Is your experience different?
>

I interpret the cited RFC 7208 text to mean: "If you do SPF checking, then
don't generate an NDR to an address that has failed the SPF test."  It
doesn't supersede the more general guidance of RFC 5321, to which SPF is
basically an add-on.

-MSK