Re: [dmarc-ietf] Nonexistent Domain Policy was: Re: Working Group Last Call: draft-ietf-dmarc-psd

Tim Wicinski <tjw.ietf@gmail.com> Sat, 20 July 2019 03:16 UTC

Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 758E512004E for <dmarc@ietfa.amsl.com>; Fri, 19 Jul 2019 20:16:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eRIVQYNtpDzN for <dmarc@ietfa.amsl.com>; Fri, 19 Jul 2019 20:16:38 -0700 (PDT)
Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73210120044 for <dmarc@ietf.org>; Fri, 19 Jul 2019 20:16:38 -0700 (PDT)
Received: by mail-oi1-x234.google.com with SMTP id m202so25745639oig.6 for <dmarc@ietf.org>; Fri, 19 Jul 2019 20:16:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Kp/e5XHcGVMNalyTIjKp7JWFX2c8k+n/CCB2xIZweI8=; b=BbEZdGJ9zM/uHYKuzwn0Pmp3sfjRQNQ5lxkH2NlXyKyVnxzLIeoE3v7mKf8AQVl9BX DwQ2QPPpbfv1n5s7Wd4XJ0n2zGK7bh26p6P162N76f/2JpZK2l+6k1uaW1N4LiQM455n eLONVmD4E+UBv1ORjZh2/8YP1HzPPq8Xnd6JKvzwYUZ0S/vC+1vTbp1WeuETQb4un7ZY PJwHvTY7jJEB1sY9jZ8Fiak3bK8Blbbyj44A864EyMWh0YedBPsk/81aUEugitspXW1i cqnrMkM7EomthL/Xch/oaEXfj6sShhGIKpip+cFHrF67Ht+ntE9BmYh6R9ZPYs4xjlZa UtIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Kp/e5XHcGVMNalyTIjKp7JWFX2c8k+n/CCB2xIZweI8=; b=FP9GjrYxUzonrXtljH3PqCNGvZXvbb+87nXwArWTp8l0qDz/c7wN0czXQXORRg7TMJ GLqLgUAnPqnX5mQ1YWCMonykcQW2LD4Fy3dkZzmbL++nfU5s1BjbZHaz8KhwyFc4inB6 co8C71J+j7MeZB7sbgPTyDXShC09UFSBYcdRvzO8/fhX/dVkU8vnRxfNYXRJFKg6IwtZ gbjjF8uWF4BLRpuKUbzwREStQIxB2YqtuEgRYdZRmR38KNwN5NVcc6zqe8auF/dt4QHr sIiP9s9tQGer4Uv8LpInJ05GD/b5iDuOFVR2C6lYJIQo+eAssjsc1TahLEQJKCYE51qB AMxg==
X-Gm-Message-State: APjAAAUp2CDAvhWnDXkjd0CQvWSWZg+xZ6wjPbjiYe3ck7lFmTR124X1 o0m7HrDAqpIqE8ROJNrm2hD5q5ssLGyRY8n6DHKC4w==
X-Google-Smtp-Source: APXvYqw+Imkj5bwngoz9lMuN5wvidfejx92rByvcjcDzGrMZeUhXsY9qBItG8Rkht6i0e1+0+cJqyI/yhzAQbuFrB9w=
X-Received: by 2002:aca:b406:: with SMTP id d6mr27848933oif.173.1563592597751; Fri, 19 Jul 2019 20:16:37 -0700 (PDT)
MIME-Version: 1.0
References: <CAL0qLwbbz_UhBLsURg=eXhRBC2g9OghiN==T9Uq9pFuLtd=b7w@mail.gmail.com> <3280991.vD5HP6B0ME@l5580> <CABuGu1rPUXTeeFL0YLEdZ80DV3tL6QVirrmf05eSE12=mZaE3w@mail.gmail.com> <2002899.ZhquKih7Hz@l5580>
In-Reply-To: <2002899.ZhquKih7Hz@l5580>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Fri, 19 Jul 2019 23:16:26 -0400
Message-ID: <CADyWQ+G9eA4KnkiHkzc3K25J8mgbas2EYgcEfU-hmMm5aNUaHg@mail.gmail.com>
To: Scott Kitterman <sklist@kitterman.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005cca77058e144502"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/7JlhXMUSs3sDOoBHJHvyZs5z5WA>
Subject: Re: [dmarc-ietf] Nonexistent Domain Policy was: Re: Working Group Last Call: draft-ietf-dmarc-psd
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Jul 2019 03:16:40 -0000

An experimental draft isn't the best place for a deployment guide.

an operational document that discusses deployment among other things is a
different story

On Fri, Jul 19, 2019 at 11:13 PM Scott Kitterman <sklist@kitterman.com>;
wrote:

> On Friday, July 19, 2019 11:30:01 AM EDT Kurt Andersen (b) wrote:
> ....
> > > > I'm also concerned
> > > > that a wildcard null MX record at the org level would end up having
> all
> > > > subdomains "exist", but the policy that should be applied would be
> the
> > >
> > > more
> > >
> > > > restrictive "np" policy, not the (possibly) more permissive "sp"
> policy.
> > >
> > > I think this is one of those "you must be this tall to ride on this
> ride"
> > > situations.  DNS comes equipped with multiple footguns and you have to
> > > know a
> > > bit about what you're doing to make sure you get the effects you're
> after.
> >
> > Perhaps a reminder in the text related to "np" that wildcards may cause
> > undesired results and leave it as an exercise for the implementor to
> learn
> > from that warning.
>
> It seems like either too much or not enough.  This at least slightly
> concerns
> me because I don't want to warn about the implication of one DNS feature
> without being comprehensive.  DMARC deployment in any non-trivial
> organization
> is an inter-disciplinary task, even more so PSD DMARC.  I don't think we
> want
> to take on being a deployment guide, so I'd leave it out.
>
> Let's see what others think.
>
> Scott K
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>