IETF Logo Mail Archive

Re: [dmarc-ietf] PSD flag vs Version bump

John Levine <johnl@taugh.com> Sat, 10 June 2023 21:05 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4F68C151091 for <dmarc@ietfa.amsl.com>; Sat, 10 Jun 2023 14:05:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.848
X-Spam-Level:
X-Spam-Status: No, score=-6.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="WBurRZBB"; dkim=pass (2048-bit key) header.d=taugh.com header.b="GiuMPhXx"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rL63LI3Lks25 for <dmarc@ietfa.amsl.com>; Sat, 10 Jun 2023 14:05:02 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1956C151085 for <dmarc@ietf.org>; Sat, 10 Jun 2023 14:05:01 -0700 (PDT)
Received: (qmail 34131 invoked from network); 10 Jun 2023 21:04:58 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=8550.6484e57a.k2306; bh=JJmN6wZgkNZprnreI+XyjFiYB0bgQTACtYWao5L/4yE=; b=WBurRZBBcNt+a+dyO4UBUGl/+Rc8pqJKvfE59F/zp/56GIYe/Lib3+zozrFrPjhEH2H44CTvm5nKzUaDCekB91NsEo/6JNPOAF6mF69fzzeee5CkAIbAGCEmUHVW2h9i4gIw5QX5QIf5a09t+/BlFuJYHcFgCq3WO+C6KJOozb6x85yyDuOohHk4tfMmmy4fJqBYUc9qAcRvkRk8PST0UgID3iA9Qm6rxvD9T+Wq0E124NTo3E7iocCskGxHenCeqAT9rHvxmeEPgY1/z3VavVwnjUjjP+gOW8TH42NnZvrcq7TaZOLWrL3Vt6hpXMI1zwQW0R6pzZFptf/P05FF6w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=8550.6484e57a.k2306; bh=JJmN6wZgkNZprnreI+XyjFiYB0bgQTACtYWao5L/4yE=; b=GiuMPhXxekYPr6HbM82g2jmrVdc+YJWVHd60meq/8olGJ56VueLSuV3LDqagAzfoscT2Y8vOGjciLXXRe3ItSGME6bQmMa9uCeASbGEMsbTK/ozPOC9odGCrjoQ9MOjRCdVpusMoIr4F2hZbOdXblatToc7fbi45GZOJ+ahZGrowR3w9tNBuJnWYCuDrhz7+85bzuAVVPsCu8Ka46JB4uyQ+gIc9VH9yrG84IpSf5BPoWTNu2dWTL1l1r4ax3C0H5isgK8bMo4igs1bvd7SCGUucctyEwhp6Z9W+r8lW6vbZyfstxynQShaUr0zzBKaUO4otAGHGej+zXE6Vhw0UKg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 10 Jun 2023 21:04:58 -0000
Received: by ary.qy (Postfix, from userid 501) id B4C22E924922; Sat, 10 Jun 2023 17:04:57 -0400 (EDT)
Date: Sat, 10 Jun 2023 17:04:57 -0400
Message-Id: <20230610210457.B4C22E924922@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: sklist@kitterman.com
In-Reply-To: <502ADE6F-E01E-4DF0-BF79-6A5E810A3F96@kitterman.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/FzJE9Y65MW3IquUQZAWJHBHHMhc>
Subject: Re: [dmarc-ietf] PSD flag vs Version bump
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Jun 2023 21:05:06 -0000

It appears that Scott Kitterman  <sklist@kitterman.com> said:
>
>What's the incentive that any existing DMARC users (senders or receivers) would have to invest additional resources in another email
>authentication protocol?

We have two of the largest mail operators in the world saying that if
they can't tell which org domain scheme domain expects, they won't
implement the tree walk. We have to do something or we are wasting our
time.

So how about this: in the tree walk, you look for DMARC records that
have an explicit psd=y/n/u tag. If you find at least one record with a
tag, you use the new scheme. If you find no records with a tag, you
fall back to the old scheme. I think this will let people do
everything they can do with the current tree walk, while being
backward compatible. If you want a domain to be an org domain you put
psd=n, if you want the tree walk to skip it and keep looking, you put
psd=u, and if it's one of the 0.001% of domains that actually is a
PSD, you put psd=y.

We already added DiscoveryType to the aggregate report schema so we
are OK there.

R's,
John

PS: Whether we say people SHOULD NOT use SPF is a separate issue.

v2.23.0 | Report a Bug | By Email