IETF Logo Mail Archive

Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs

Todd Herr <todd.herr@valimail.com> Thu, 14 March 2024 20:38 UTC

Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B26FC14F706 for <dmarc@ietfa.amsl.com>; Thu, 14 Mar 2024 13:38:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.691
X-Spam-Level:
X-Spam-Status: No, score=-5.691 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z7FPgPa2oz98 for <dmarc@ietfa.amsl.com>; Thu, 14 Mar 2024 13:38:35 -0700 (PDT)
Received: from mail-yb1-xb30.google.com (mail-yb1-xb30.google.com [IPv6:2607:f8b0:4864:20::b30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D070C14CE2B for <dmarc@ietf.org>; Thu, 14 Mar 2024 13:38:35 -0700 (PDT)
Received: by mail-yb1-xb30.google.com with SMTP id 3f1490d57ef6-dcbcea9c261so1424732276.3 for <dmarc@ietf.org>; Thu, 14 Mar 2024 13:38:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; t=1710448714; x=1711053514; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=rjcrari1vW+n6paJDu4kbZHwy/7qMOxEWA5KEYIsCwQ=; b=ABYnU+Y6D88y5dBa9HubVIpeloITgpVlitmXl+cVgsSczXXp8VQjNoc1weetoHePa1 YN2RiJRmmcCucJUxOTpT3QhAQjzWtqzGh+98KFfqMzylfP7KHmP584vA4ptFREhnrNbz RK/2HxMFShjvz1x+zlTmXLj0+DdWedNXfUuDqVWtxcLuNbDwnqC7OPEutqklMp6ReUNV B5aDf0iQVoM9om1tDF7f4/dKnELwLqGuY5D5U+w+2xHo/lOt90s++RmhA2Ye5hdXqkd5 8jEstIzD/Wrs8lWXScY9uT13sFeDiEG8fQEOZ22/Kti1SI9e8agfCtG/zdsJX13jVfdH JBAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710448714; x=1711053514; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=rjcrari1vW+n6paJDu4kbZHwy/7qMOxEWA5KEYIsCwQ=; b=auBABxvPkRltkBqRapWWfpYCcoy7z3WGbEvgBYmD+AB93IwFrtrZOdu5knYSneTYhM mXhWH8Vw+U3G2NFcLyB2z2MtsDqJx9KXFinBwlYvPDNJMSGKBdW+/RNrv/itjzWQj6fX 8Tt55xUjtGVSvH5PjZMw1ybEaYZ6zYBKyGHc7WQxO0RNVqE8BenaBvFc8v5l9Kr40IGW /bFYwvgSbPsyBC7JmfwBDT5UrLpahn/EHkXQm6E2hgWn1ZRHHmFopdLOhEl8sM2MtiNi 5HpU5Y5nlVBX8QZ+u56C9iv75ft6O08aCHrRcI8iQf9UElM7RoZXUWBccGi+QzRAAr05 D95A==
X-Gm-Message-State: AOJu0Yzx/zwUOOUI5uFGguQ7vuZRnvjE0Dk54tLeWErA4+R4455jeBdK KtTtGgoV83vyvy7Gwb8YCpGoboQCZIS/K5GH5+VOAQz+eg/7gOUJI726FoNjpToF7AKhVjYRI/C hw56lBQPR3hL2u2sGnzVRmKCmuyvFqSyoHO8fFU11KQn5cwgQ90E=
X-Google-Smtp-Source: AGHT+IH2hDKGHAKCnFFqrVUhrP5fYwrJqlzvUlAXTL/VJETxg7CNmgZsjH7fVauInY4wd/WBE5/9B7AuYpuujPQyJB4=
X-Received: by 2002:a25:acc2:0:b0:dd1:517b:571d with SMTP id x2-20020a25acc2000000b00dd1517b571dmr2914652ybd.16.1710448713856; Thu, 14 Mar 2024 13:38:33 -0700 (PDT)
MIME-Version: 1.0
References: <CAHej_8kip_p+n56=Y5WuVG2M_+HXHj51fyY3k6dx-itJRZkCpQ@mail.gmail.com> <B18FD596-D342-4569-8A23-3E01B137DDDA@kitterman.com>
In-Reply-To: <B18FD596-D342-4569-8A23-3E01B137DDDA@kitterman.com>
From: Todd Herr <todd.herr@valimail.com>
Date: Thu, 14 Mar 2024 16:38:17 -0400
Message-ID: <CAHej_8=+fHDstBHCzS54cr5dmGo=XfyXy0wzaS6gY6WokpF_Lg@mail.gmail.com>
To: Scott Kitterman <sklist@kitterman.com>
Cc: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ff139b0613a4df23"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/GG8OLvxxVlUGrtYlBK0LUUNLiNI>
Subject: Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2024 20:38:39 -0000

On Thu, Mar 14, 2024 at 4:34 PM Scott Kitterman <sklist@kitterman.com>
wrote:

>
> I think this is correct.  I think it's obviously enough correct that I'm
> surprised anyone was confused.
>
> Do we know what the theory was that led people to think otherwise?
>
> Seems to me we don't really need this, but maybe there's a reason.
>
>
The reasons given were:

   1. https://www.rfc-editor.org/rfc/rfc5863#section-4.1
   2. https://datatracker.ietf.org/doc/html/rfc6376#section-7.5
   3. Neither RFC 7489 nor DMARCbis contain the phrase "CNAME", so if it's
   not explicitly mentioned...

Granted, the first two citations are in regards to DKIM records, not DMARC
records, but those were the reasons given.

-- 

Todd Herr | Technical Director, Standards & Ecosystem
Email: todd.herr@valimail.com
Phone: 703-220-4153


This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.

v2.23.0 | Report a Bug | By Email