Re: [dmarc-ietf] Ticket #11 (and #112) - Proposed language

"Murray S. Kucherawy" <> Fri, 18 June 2021 07:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8E2A03A3FBF for <>; Fri, 18 Jun 2021 00:01:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id HaVdoi0IN9jf for <>; Fri, 18 Jun 2021 00:01:53 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::e32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B0BEF3A3FBE for <>; Fri, 18 Jun 2021 00:01:53 -0700 (PDT)
Received: by with SMTP id 68so4417101vsu.6 for <>; Fri, 18 Jun 2021 00:01:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rRzsxjjsVTBUGuTXvs4AFvXn48A+kLcLGCzXGyVHDlw=; b=BJqJToKVnQadM/3CEO27zPf5fMxDyB0hqsEA92ovcJI/Y6AtSzmFUx1sa+ZD2XU4nJ qw+U+N/WtAVqGQGqyusQk1sK1Jy63NbbFFinpQB6S43Gzzm1mxhTH19agIF9uusSCbJ1 llw3ukTn/tLUeiw3pTmiuRxh8hPRdSP1fAbQ9uzoT/0RrGuHRw1RzWS9Epe6yrN8TtEq jHgtFO1qmb5jlETBA+xzcdj+LAJcLL9UvHxpS2j+hqZRnKNI/WmnSQqP5YLHGC4eaVr3 SQb358dg7Hsb6ASfm3oRn1fmSl7cz6Q/1xByBjvpWlhHZIu9B7O9lLaZuwgXmyI7dHRZ Bcsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rRzsxjjsVTBUGuTXvs4AFvXn48A+kLcLGCzXGyVHDlw=; b=XRgDfAa1wH53EHsr9K5fUo9boDpOYQ8jEniEI8839+xMJp0idUsHp/l/0+6sZFQXbc NACUCc17n9NOoeqNOV45m9CJQxCLE1YD3gNbAfbJ2qH0E6u5BLfjhvhYy/Tdcqa/9jCq V90nKV1aoHyAOxh7ZxVQFKdVyvTMTxQ4Ee6eY9zxJyPfqMc2euKsqACLUoX8aiH+laCy wQlWoC9IUgiWi05GglEAOVIcd2Iv28L+CUNzpGVbbhpC/PJhC9d183EP2QNYUu97qR3c HeSz0DfOf3USxaEw2DJYHAr9SuD/wFOV6BF+TjltI1lCeLVkVp2CtXNDfCjMZYhlDZbk 31fg==
X-Gm-Message-State: AOAM530flkiF+x9kzXnKR4G8mLcDIWQOjyKghoRtpG+C7uUuJkYcXmgU T4bm7TftQjUIsybApGRwTrUVovaNoO3aOCoVhgo=
X-Google-Smtp-Source: ABdhPJwZw2DQBrtzp9/t+6fm5tTG+AjSDgVZbtfgsYQmk0Itsej1V4b+xIVXKaerYfoFF8csmRTdjLhFJiFrvfoHYyc=
X-Received: by 2002:a67:ef82:: with SMTP id r2mr5274345vsp.0.1623999710663; Fri, 18 Jun 2021 00:01:50 -0700 (PDT)
MIME-Version: 1.0
References: <20210616160110.09D6011E70FD@ary.qy> <> <> <> <>
In-Reply-To: <>
From: "Murray S. Kucherawy" <>
Date: Fri, 18 Jun 2021 00:01:39 -0700
Message-ID: <>
To: Douglas Foster <>
Content-Type: multipart/alternative; boundary="000000000000de992405c504e564"
Archived-At: <>
Subject: Re: [dmarc-ietf] Ticket #11 (and #112) - Proposed language
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 18 Jun 2021 07:01:56 -0000

On Thu, Jun 17, 2021 at 9:18 AM Douglas Foster <> wrote:

> This is frustrating.   NP is a new design and the design issues should
> have been discussed before we got to this point.   I don't know why so many
> people are eager to not define the new technology.

Please don't conflate "I still don't understand what you're talking about"
with "I am eager not to define NP" or "I am unwilling to acknowledge
(something)".  They're not the same thing, and only the former is true.

Your message continues to assert something abstract.  I'll repeat my
previous request:

Could you craft a sample message (including DKIM details), sample envelope,
and sample DNS context (including A, AAAA, MX, and SPF details) that
highlights the problem you're talking about?  Maybe then it'll snap into

NP is an effort to partition the RFC 7489 SP=NONE result set, so that a
> subset of all SP results can be blocked on some additional criteria.
> This additional criterion could be based on non-existent as indicated by
> NXDOMAIN, or it could be based on "not used for email" based on a criterion
> to be defined.   Either approach needs to have a mechanism for
> non-compliant names to be made compliant.   I believe that this should
> involve a DNS entry, but the compliance measure should be specific to the
> NP test.   Requiring that every FROM address be linked to an IP address
> does not meet that requirement.

If I squint at this, maybe I can see what you're trying to argue: "" can't publish an "np" policy if they use a subdomain of "" that has no representation of any kind in the DNS.  Is that
correct?  If so, do you find this to be a defect, or simply a limitation to
be documented?  If you think it's a defect, why is that so?