Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs
Neil Anuskiewicz <neil@marmot-tech.com> Sat, 16 March 2024 19:10 UTC
Return-Path: <neil@marmot-tech.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 728FFC14F5EC for <dmarc@ietfa.amsl.com>; Sat, 16 Mar 2024 12:10:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=marmot-tech.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e9P11jS59cHt for <dmarc@ietfa.amsl.com>; Sat, 16 Mar 2024 12:10:26 -0700 (PDT)
Received: from mail-oa1-x2d.google.com (mail-oa1-x2d.google.com [IPv6:2001:4860:4864:20::2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B6FBC14F5E4 for <dmarc@ietf.org>; Sat, 16 Mar 2024 12:10:26 -0700 (PDT)
Received: by mail-oa1-x2d.google.com with SMTP id 586e51a60fabf-2218da9620cso2089054fac.3 for <dmarc@ietf.org>; Sat, 16 Mar 2024 12:10:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marmot-tech.com; s=google1; t=1710616224; x=1711221024; darn=ietf.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=BOZIJLzNtfsIEjEW8k/YzOxOvEh6X/7SMIKVyCvTOGM=; b=NioYgam9K521BH9eU4IG9/mBTdR3POEdmbcyggDvrZLGEFDSszsA+X5FS2+D3MqAdI Bd4KQ6g0HXFC6C6qdFDG/ugHyDkKyljU5LOhq7nTioMOtQdFeHhWlwTX9n8gXay6bQyC LiZsliFR3gXl63lhE65KIjgcdZ3aZpu6fSdg3ClvlN5UZ6UT+VPe/43pVl7FZS1Yf9dy oIY6uJILYVhZjcBZzgpYXpQG5HskoFJPHpUL1QlwJHjUrbTNH12HMny0VqHIIFvwYrSq 61PncYi7zI4Od8/XM4eGgGw1L790UuoArppNnCUSWBSOSlI73wdnLb7Lr+9IrRUWXx53 PMtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710616224; x=1711221024; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BOZIJLzNtfsIEjEW8k/YzOxOvEh6X/7SMIKVyCvTOGM=; b=j30+HqbaKJj7MLqYGnh88UbsXQyuBoJq47ArA0zOS183RFDdmtz76ptqDDFiMGPWBh UXWEcb1c/l9a3zs+PMIaDXf9/GdQYx5slF8+jE0iwhrTY0w61HSWsucvxSKbanaf0Dci aS/V9aNzLrvGERCKC+hxPi8Sxi2MFPOxH4tZGwSe4HXJ+U4Cz9FL4FqtgSAjTDmhpO7/ HvpPo2GYeu8GQEuovC1kGfabHVdhoTIN3br1xCbt4kytF/cEU9QsdlklUnDd0lz87XxM Wo8f874rJxkOibuoKBceRQ0ld4kMy8bThVfOWqgaFL3PFhH8PWeR+iwu/izJ5RxwG0+8 Lpow==
X-Gm-Message-State: AOJu0Yw9dkWq+AXtEJT4+Tn47UPQtehxG7FzEuozy/mZ+vlc7AgXS6TS zSyMB8gHRWkXYqT2yoqWU9liunWirIlQxu6TL3m4PvaL5TbqPXVRVgR3VlldYaflqvp7BTDaATG z
X-Google-Smtp-Source: AGHT+IHRsx83KA8BIje5QvLzwk77RPln0PWfszws2khTMHb9T7cOqjnV4R2w+a9ARMKWGONrvUWSzA==
X-Received: by 2002:a05:6870:6390:b0:221:fa57:b706 with SMTP id t16-20020a056870639000b00221fa57b706mr8311943oap.34.1710616224407; Sat, 16 Mar 2024 12:10:24 -0700 (PDT)
Received: from smtpclient.apple (c-71-236-242-106.hsd1.or.comcast.net. [71.236.242.106]) by smtp.gmail.com with ESMTPSA id ks11-20020a056a004b8b00b006e647059cccsm5278887pfb.33.2024.03.16.12.10.23 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 16 Mar 2024 12:10:24 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Neil Anuskiewicz <neil@marmot-tech.com>
Mime-Version: 1.0 (1.0)
Date: Sat, 16 Mar 2024 12:10:13 -0700
Message-Id: <40417AC5-69BD-4CF5-A00A-8FD8E2270F52@marmot-tech.com>
References: <14622763.LyJXvKb98q@zini-1880>
Cc: dmarc@ietf.org
In-Reply-To: <14622763.LyJXvKb98q@zini-1880>
To: Scott Kitterman <sklist@kitterman.com>
X-Mailer: iPad Mail (21E219)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/A_6di928buwbWnUTeafSPdZ0B84>
Subject: Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Mar 2024 19:10:30 -0000
> On Mar 16, 2024, at 9:38 AM, Scott Kitterman <sklist@kitterman.com> wrote: > > On Saturday, March 16, 2024 4:52:54 AM EDT Tero Kivinen wrote: >> John Levine writes: >>> It appears that Todd Herr <todd.herr@valimail.com> said: >>>> I agree that clarifying it can't hurt, obviously, ... >>> >>> I disagree, it does hurt. >>> >>> If we say you're allowed to use CNAMEs to point to DMARC records, >>> people are to say uh oh, is there something special here? What about >>> DKIM records? what about SPF records? how about SPF includes? or SPF >>> redirects? >>> >>> Really, there is nothing to say here, so let's not say it. >> >> We could add an example Appendix B that uses CNAME, so that would give >> indication, yes of course you can use CNAMEs, without explicitly >> adding text that might cause confusion. > > I think we have more important things to spend our time on. > > Scott K > I agree that CNAMES isn’t worth time or effort. From what I’ve seen it’s the larger ESP’s do this and they document it and they provide records to copy and paste from the auth settings into DNS. Then you go back and click a button and it lights up green. The sort of person who’s confused by the CNAME is the same person confused by a TXT record. I’m reading DMARCbis 30 now and things are looking good to me. My only quibble is, so far, I’ve not seen a clear, concise explanation of the general purpose domain. It’s not complicated but I think the idea is going to be new for a lot of people. Some people might misunderstand in less than useful ways as well. Neil
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Scott Kitterman
- [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Reco… Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Tim Wicinski
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Tim Wicinski
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … John Levine
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Murray S. Kucherawy
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … OLIVIER HUREAU
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Alessandro Vesely
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Neil Anuskiewicz
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Tero Kivinen
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Neil Anuskiewicz
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … John Levine