Re: [dmarc-ietf] Description of 'n' value for the 'psd' tag AND/OR Clarify the Tree Walk
Neil Anuskiewicz <neil@marmot-tech.com> Wed, 17 April 2024 05:18 UTC
Return-Path: <neil@marmot-tech.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A7BBC14F6B5 for <dmarc@ietfa.amsl.com>; Tue, 16 Apr 2024 22:18:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.084
X-Spam-Level:
X-Spam-Status: No, score=-7.084 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=marmot-tech.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yw6oQF69MNP4 for <dmarc@ietfa.amsl.com>; Tue, 16 Apr 2024 22:18:45 -0700 (PDT)
Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78BDCC14F6AF for <dmarc@ietf.org>; Tue, 16 Apr 2024 22:18:45 -0700 (PDT)
Received: by mail-pf1-x433.google.com with SMTP id d2e1a72fcca58-6ed2170d89fso287497b3a.1 for <dmarc@ietf.org>; Tue, 16 Apr 2024 22:18:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marmot-tech.com; s=google1; t=1713331124; x=1713935924; darn=ietf.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=2YJXC8oD4w8tuxqNmRtwMgF1KDWgAhK6ANhmBhdQDLE=; b=XZW66sIeL5XzIgYd5EyE8fbVqku4Nw97gRoh5GMndd4rzwtZ970ltBUkUhzTeob/Kg SS+3fPZnqbow29lJkQbZcgS5T6gqy+kOXgxIpgsyBN+TabrdqcJhZFBtzZY4+QFeuWTD eAzyB9y5jH0s9scp4OfDlIasHuy7MaJnjjEcwtlW3s10tOkGa+RFdROZJ9ALHoUI0JUu p7iRPpkz0LCiMtvQLK5nKViJW8EpuKaOfEYDkqA2RrutqYmSoxsAbABb1MxbF9PuIFVk hlOCdkwEF3vY13Pr7g92sHCEob65CDD05xMVYl2bOz9ZXZBzpjw2n4CjMMZV9FwfEfTW 7bzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713331124; x=1713935924; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2YJXC8oD4w8tuxqNmRtwMgF1KDWgAhK6ANhmBhdQDLE=; b=HDa7T1ruYbelFCzpnygqNEGYMDBqlbM1WGAlzyA6uqdBfiSqz3mT21FIIyGV9VcKen ul71CcqgIqPDHM2prlNBfXFMrQM/g3LvtvMjqgHmN9w5rblPxyah1vWVsaUtUt1eWbhi kjuo0NkUx0pSNRsGajzOYvuInkWlRh5aKDG/VHKV7jKS7BramvtqNdYnJ44N4ES2uK4I kHsDlUzwcyO+DgZU/ZH99NdAEH/ToCACgpik3PzH3HSnPHVSJyp1WuLWHFwnMpDJ0qpr 1QOU+wqZH6RP0tVev1lfV/phk40f1He6R3T7zz2tI/gQ2uHu3W6xMd+I1CV4H1Qk+T/m fo0g==
X-Gm-Message-State: AOJu0Yzi99zlUTFQqywNYbb4XDkygZeRpOBMw9y0FVnvM58MzXiOL8KF ZIp6ERc82VCz7JxHVzeZ94C9oXYEORGj2XUlCG7WaWow7lMva3lvXZk0msiCXjP4jAVn8sFum1T V
X-Google-Smtp-Source: AGHT+IG2dokrl82An4p38aODFoa9ucqlaes8YwwBgs7OeH/36QSu6BO5nzX+vcdW/XIAr97o9Y24XA==
X-Received: by 2002:a05:6a21:4995:b0:1a9:f78f:8beb with SMTP id ax21-20020a056a21499500b001a9f78f8bebmr6306741pzc.1.1713331123919; Tue, 16 Apr 2024 22:18:43 -0700 (PDT)
Received: from smtpclient.apple (c-73-96-89-175.hsd1.or.comcast.net. [73.96.89.175]) by smtp.gmail.com with ESMTPSA id x29-20020a63171d000000b005d7994a08dcsm8564710pgl.36.2024.04.16.22.18.43 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 16 Apr 2024 22:18:43 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-DFBE1C7F-4B47-46D7-97F9-BC401CEC6AEA"
Content-Transfer-Encoding: 7bit
From: Neil Anuskiewicz <neil@marmot-tech.com>
Mime-Version: 1.0 (1.0)
Date: Tue, 16 Apr 2024 22:18:32 -0700
Message-Id: <417748AF-2CE1-4AB4-839C-18E5275787CA@marmot-tech.com>
References: <CAHej_8mTh4XVZH7tsdaTyri_dUE65TW3992Y=B-0Gy7vyGDw4Q@mail.gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
In-Reply-To: <CAHej_8mTh4XVZH7tsdaTyri_dUE65TW3992Y=B-0Gy7vyGDw4Q@mail.gmail.com>
To: Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org>
X-Mailer: iPad Mail (21E236)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/H3QLaTNvyYtKoUDDd0UhbMcmksA>
Subject: Re: [dmarc-ietf] Description of 'n' value for the 'psd' tag AND/OR Clarify the Tree Walk
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2024 05:18:50 -0000
> On Apr 16, 2024, at 2:18 PM, Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org> wrote: > > > Colleagues, > > DMARCbis currently describes the value of 'n' for the 'psd' tag in a policy record as follows: > > The DMARC policy record is published for a PSD, but it is not the Organizational Domain for itself and its subdomain. There is no need to put psd=n in a DMARC record, except in the very unusual case of a parent PSD publishing a DMARC record without the requisite psd=y tag. > > I don't think this is entirely accurate, especially the second sentence ("no need ... except in the very unusual case"), and here's why. Either that, or the description of the Tree Walk needs to be changed. > > The Tree Walk is intended for both DMARC Policy discovery and Organizational Domain discovery, and section 4.7 (DMARC Policy Discovery) says the policy to be applied will be the DMARC record found at one of these three locations: > The RFC5322.From domain > The Organizational Domain of the RFC5322.From domain > The Public Suffix Domain of the RFC5322.From domain > Meanwhile, section 4.8, Organizational Domain Discovery, gives the following three options for where the Organizational Domain is: > DMARC record with psd=n > The domain one level below the domain with a DMARC record with the tag psd=y > The record for the domain with the fewest number of labels. > The Tree Walk, as described in section 4.6, defines two explicit places to stop, both of which rely on discovery of a DMARC policy record with a psd tag defined. One of your concerns is that without a PSD tag, but I think the default is PSD=n. Does,that address that concern or did I misunderstand the concern? N
- [dmarc-ietf] Description of 'n' value for the 'ps… Todd Herr
- Re: [dmarc-ietf] Description of 'n' value for the… Neil Anuskiewicz
- Re: [dmarc-ietf] Description of 'n' value for the… Todd Herr
- Re: [dmarc-ietf] Description of 'n' value for the… Neil Anuskiewicz
- Re: [dmarc-ietf] Description of 'n' value for the… Alessandro Vesely
- Re: [dmarc-ietf] Description of 'n' value for the… Scott Kitterman
- Re: [dmarc-ietf] Description of 'n' value for the… Scott Kitterman