Re: [dmarc-ietf] tree walk and Org and PSD, Second WGLC for draft-ietf-dmarc-psd

Alessandro Vesely <vesely@tana.it> Tue, 24 November 2020 16:50 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 790F03A11FB for <dmarc@ietfa.amsl.com>; Tue, 24 Nov 2020 08:50:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.221
X-Spam-Level:
X-Spam-Status: No, score=-0.221 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uYKgscXLJUO6 for <dmarc@ietfa.amsl.com>; Tue, 24 Nov 2020 08:50:58 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70ECE3A11F7 for <dmarc@ietf.org>; Tue, 24 Nov 2020 08:50:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1606236655; bh=X2Aq1tO4k9TvAvzlIb3dGT2PIQfKCKJjDI8yKBro+uE=; l=513; h=To:References:From:Date:In-Reply-To; b=C0Oag6cN5FLzdKl2hcqDgN8AW3QnCYNG/5UkMfedp4Pcn62SuD1N6PPM+n/WY9Bag LpYm80/eTE+yFevv7F7Bf1cM4AoB3Y2Lhe7WkkIg+7KWxQbk1Tdm+AaruT78oVF57I tFAxFbQskKlvzYFvbd0Gy8Q+C0qW8ClPtwTIIlwSQCv6ebIdBv/7F7MqrxSpS
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0C6.000000005FBD39EF.0000018F; Tue, 24 Nov 2020 17:50:55 +0100
To: dmarc@ietf.org
References: <553D43C8D961C14BB27C614AC48FC0312811FC37@UMECHPA7D.easf.csd.disa.mil> <20201123210543.694B127C778E@ary.qy> <MN2PR11MB4351DF962549AAF1E46F4128F7FB0@MN2PR11MB4351.namprd11.prod.outlook.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <a471cfd8-e651-a275-9db7-f88728ff90aa@tana.it>
Date: Tue, 24 Nov 2020 17:50:55 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <MN2PR11MB4351DF962549AAF1E46F4128F7FB0@MN2PR11MB4351.namprd11.prod.outlook.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/5XnqQM4bws-T3iQLUO-J0-QBA2A>
Subject: Re: [dmarc-ietf] tree walk and Org and PSD, Second WGLC for draft-ietf-dmarc-psd
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2020 16:51:00 -0000

On Tue 24/Nov/2020 13:52:43 +0100 Brotman, Alex wrote:
> I had one spam message that had 13 parts.  It included both "_mta-sts" and "mta-sts" in there, as well as "mail" nine times.  The last two parts were the org domain.


If the message happened to authenticate, negative reputation is better added to 
that org domain rather than to .com or to some random mta-sts.mail.something.

IOW, if we need the OD anyway for alignment, there's no point in discovery 
DMARC records by tree walk.


Best
Ale
--