Re: [dmarc-ietf] Lookup Limitations For Public Suffix Domains

Alessandro Vesely <vesely@tana.it> Thu, 06 December 2018 18:45 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07DD5130F15 for <dmarc@ietfa.amsl.com>; Thu, 6 Dec 2018 10:45:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YYRYBzLQiu-A for <dmarc@ietfa.amsl.com>; Thu, 6 Dec 2018 10:45:12 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 577241200D7 for <dmarc@ietf.org>; Thu, 6 Dec 2018 10:45:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=gamma; t=1544121910; bh=pBpVYYsdTtInzXNVnDWVrP5itILpL99cZ/7Um8Jb26Q=; l=2330; h=To:References:From:Date:In-Reply-To; b=BltaiazfdmlTl4oDfWHRceHUX7CJvrhQ5o1IN/Uu83GGaN8yErFUzXbMcC33Xhd9z 3j/9UWVOJM0sCxfPS6dl1kRI5m2caqHQC9dzRLO8wz0eAzkCg+ZtXnrSrZORGdYFb7 lacsoFmcDFQY29R8FhkDmMz99MxHfJzYRH2wj9PkPn1CDMOlUdOt96ydEkpvS
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA; Thu, 06 Dec 2018 19:45:10 +0100 id 00000000005DC013.000000005C096E36.000004C8
To: dmarc@ietf.org
References: <20181201003301.1DFFA200915FC3@ary.qy> <6368515.cyHHj4lf58@kitterma-e6430> <CADyWQ+ECVcmGMaxNgwL6a+j8dR4LcTNJMMS7G8ufOiataZULuQ@mail.gmail.com> <6D01ADF1-A11F-4FB1-9978-A50FEA5E2B0E@kitterman.com> <3e304d8f-ffd1-296c-c327-32f8e6b3ee6e@tana.it> <1E1748C7-2208-412F-9511-2468F9476376@kitterman.com>
From: Alessandro Vesely <vesely@tana.it>
Openpgp: id=0A5B4BB141A53F7F55FC8CBCB6ACF44490D17C00
Autocrypt: addr=vesely@tana.it; prefer-encrypt=mutual; keydata= mQGiBERgr1sRBACwT8eXxGVWwVO+TvHEcvIe2nNlefi05FabcYoPkiVouDtbErExjoCK7FdM BRz+KjZcC8flOJmFR6rn48jcvgIZoCo0V5JuhgYFI2pWO17e6vECutHK09mnt5kLG/RwbiTZ cP8gjZtstH//Ff5x7hfQ9gSl7E/8flSV1Z0VOrJOBwCg7UPuSxYYPeHisH2L81LzR2gHUxME AKotfy9AoW5L1O9OSoIrBHzfevpA/fiuWWyV+6M887vfPCV6amZi2D5qaib89nce2H8g+9xP dppfccNlgekp0Qh3j7HKUy5WLCfz7b8Gpl5VYu2C7qhltiKBcK79gQnUDjB5zBHXgS0qLhJK YWEooQdIfFeNMYWPIp82J6i+QvsRBACG0eycR4HCRHQvw3vEnwSbRKs5YQlZjJJRSy9lA6U/ uF0bHXw9hrZervYZ25KSI5iFFNczwPkE3gKiTKabErSeBGqDS3q1QgZ1wKhQIGEgWuPRih0J KRdgFBVCWnfZ2UZY1ZpQ01raurYY/nYX4dquh8vA/PuFr/Y3dnbeHdvC0bQiQWxlc3NhbmRy byBWZXNlbHkgPHZlc2VseUB0YW5hLml0PohZBBMRAgAZBQJEYK9cBAsHAwIDFQIDAxYCAQIe AQIXgAAKCRC2rPREkNF8ABRIAJ9hqzo3j2eP4DCkkQa/BViMvvyQLQCeJnHZBThL90if5HmP trzr/BTXoIG5AQ0ERGCvbxAEAI0puriz27jNGsUhWuOyv7M6jChanXFIhMHKXR/3Bfi1YMj5 I2ki4V24k+PIAUXs7K8Yro5KTRcyZyJFaeFjsNwruPlgGCu7ZYvmsGDOgH6vjFv8aDgvujCn 3OQdBSygtylihlQUHFyQkRCjBp0EM2DE96+ulSitqzuZCaDl6e1HAAMFA/wIWsRwIE5kh4zE LlxNfa+fSirrQcniW95XSBAcUymS9GLlqcp2GqoJSYXTmspaVa27rMqrthtytvAEdY2D9KYt GtjajcQhYJQ612sVLwrVnqITeyg+L7b2s4m73gVx+X824dDEsoJldirH9LaZNRulTnUD1wcW Ey5G7kj0LykDLIhGBBgRAgAGBQJEYK9vAAoJELas9ESQ0XwAqgIAnjK+fFoGeBqyh6nuGqho obid1JbfAKCC5mETnzHYaw/Xk4rCcthv7AC5JLkBDQRYw+3UAQgA7M19L6F7IawBKQaxIx/f akrp1++lrbo54xFc4y2aHbGfhNkVGdMyKCZVkbZbAacW9j8As4g1xpqkOGeZ9/mDzATyEVew HKJtxkgZSUwkoVjcPIC/564NLJrAihZ2tPQdlsakIOPRy7NCVlNt3ziZojKLyPTHzh22jcdv Bv6PbPuVw3MbrfJbV1Hd7AQz8aPGSgs+Tit8EeGpXhZotd27ieSzM8FnHNu+skf5GrXSe8kZ keQdG3587E2n2BvSdGlSjtsQKmuUgAvrPVkIb9iPAzM23T0mj3k6t3iU57TcwIqdolTOUaB8 WjU2nTs+Jm+4d2UmP0fYLAoBHyxzV2PU/wARAQABiQFoBBgRAgAJBQJYw+3UAhsCASkJELas 9ESQ0XwAwF0gBBkBAgAGBQJYw+3UAAoJEA4nko8kG00g474H/204JJD4Ohqvs9Vdv8SLkesr ShXqqYsEhPcsjNwMIY23HXuIxpZbn2/BPOjpHAYprJPmS+tYwlc4C18WEeuDRllabAV8a02y xsCOzq7GUBjx7ee13xZkcKBZHBhyW/U3WH47LIuHQfGKaAPoLN0OGoJV4Y0jug3Pz9ZeIPf9 O70trFvZqMCoaQRH5dPrzrtHYPlv76AR9ctk5WuVg2mjsIgLoV2CVzIDyoVBrb8TPzl9S8Nl KAhuczvxvUoZnvfqzv/BhnSqxGXeGfE+FNQKp6Rt+Cztca2O4LGvRmAcIxV4obF9Qd2N1xb3 nKX9PvlAK7sl6LVqwqHzuA8/686oNqRotwCfcbWzsJDmzEA0kHBHTh7OwRis/XEAn1NChbfo u3F+/Ipg/XHiA/WV4bub
Message-ID: <aaa11371-3d47-b0b3-5904-cf518b5207c5@tana.it>
Date: Thu, 6 Dec 2018 19:45:10 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0
MIME-Version: 1.0
In-Reply-To: <1E1748C7-2208-412F-9511-2468F9476376@kitterman.com>
Content-Type: text/plain; charset=us-ascii
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/6Xc0bp9KCtxkK4BfFgUu0IoXocw>
Subject: Re: [dmarc-ietf] Lookup Limitations For Public Suffix Domains
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 18:45:30 -0000

On Thu 06/Dec/2018 18:48:00 +0100 Scott Kitterman wrote:
> On December 6, 2018 5:39:56 PM UTC, Alessandro Vesely <vesely@tana.it> wrote:
>> On Sat 01/Dec/2018 02:27:54 +0100 Scott Kitterman wrote:
>>> 
>>> Perhaps we need to step back and see if there is consensus that the privacy
>>> considerations in the draft are substantially correct and if risk mitigation
>>> is needed as described.
>>
>>
>> How about expanding on this:
>>
>> On Sat 01/Dec/2018 00:37:24 +0100 Scott Kitterman wrote:
>>> 
>>> I don't think wide open TLDs like .com ought to be stimulating feedback on
>>> any lower level elements of the DNS tree.
>>
>> IMHO, statistics derived thereof would be an interesting read.
> 
> I'm not sure I understand?  How much would be okay?


Eh?  How much of what?


I meant, let's consider average.com which doesn't have a DMARC record.  I
receive a message from Joe@average.com, so I lookup _dmarc.average.com and get
NXDOMAIN, then let's say I lookup _dmarc.com and find a record there.  In the
end of day I'll mail an aggregate record saying I received 1 message from
192.0.2.1 using From: domain average.com, valid spf average.com, no dkim.

That way, Verisign will get to know how many messages, from which mailouts,
featuring what auth methods average.com send each day.  Ditto for any other
domains which don't bother publishing their own DMARC records.

For ESPs, those numbers reveal something about their business volumes.  Ditto
for e-commerce businesses or similar, which send e-mail transactions.  How much
of a risk is that, compared to, say, their ISPs' data, or their accountants'?


On Sat 05/May/2018 15:55:37 +0200 John Levine via dmarc-discuss wrote:
> My feedback goes into a database where I do occasional summary
> queries.  I don't recall any particular problems doing the analysis
> and it is kind of fun to extract numbers like how many NANOG
> subscribers get their mail at Gmail.


By the time From:-rewriting takes hold, even such amusing diversions won't be
possible.  I think John was among the first to store reports in a DB.  The
above quote is about the only finding I happened to hear from him on this subject.


I may be dumb, but I have difficulty in getting useful data from aggregate
records.  And still don't see the risk.


Best
Ale
--