Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs
Mark Alley <mark.alley@tekmarc.com> Thu, 14 March 2024 20:28 UTC
Return-Path: <mark.alley@tekmarc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EE3AC14F6BD for <dmarc@ietfa.amsl.com>; Thu, 14 Mar 2024 13:28:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=tekmarc.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6YLGrfcdsQNi for <dmarc@ietfa.amsl.com>; Thu, 14 Mar 2024 13:28:14 -0700 (PDT)
Received: from mail-yw1-x1135.google.com (mail-yw1-x1135.google.com [IPv6:2607:f8b0:4864:20::1135]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25B87C14F6F7 for <dmarc@ietf.org>; Thu, 14 Mar 2024 13:28:14 -0700 (PDT)
Received: by mail-yw1-x1135.google.com with SMTP id 00721157ae682-609f4155b76so15076487b3.1 for <dmarc@ietf.org>; Thu, 14 Mar 2024 13:28:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tekmarc.com; s=google; t=1710448093; x=1711052893; darn=ietf.org; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:from:to:cc:subject:date:message-id :reply-to; bh=PszYGnhIgg8GvwFhwqZi74lTWWxxqLwibgKfhltW7L4=; b=H56Fmi9nItBMZoKx2T6Sc856zytdjwgCe8TklRlEx3E0PPPDrpRqeLR/izaLA2zBxK tGcDXvMOUhYu+wMkQPld9J6P+t0X7sFEWBHvehnUMShkIPyivzEEn5uUsMObhf8b/24P RHI9lokV+zVCaUHGwD6jfs4f7BxEeOXFfrsI/h2k1cIZ0VneqZRTWY5EHg9F40BTYqdE uWUhhOQ3xPT/Sg9F2qpAmiJo21GmKGPwyI4KL8DjrIPW/h7fhRp67ev+OrrRqFvaSY9r vTArU2nJxjkZMgdmMPGGFAQC5wm6efK1+8pqyVkbwqUj7iVspWWuTiHLe9HdPylOBXwU Qb3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710448093; x=1711052893; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=PszYGnhIgg8GvwFhwqZi74lTWWxxqLwibgKfhltW7L4=; b=uYve0r8PZ4zDU5oIldEV0JIpcuQclBe7He/pPYbFcQz579kkiVYwKR6PJTptNVSo+3 uzddhr5iOr79Ypb7rKj/OHdGOvKkcUBBTrSiF39U1TLletBVmUhtmwsrn7uycrLPHzam 7oiUdQnVkZLqzOVeUthvzlYwpkeObLCx0G0aqCfoTNJCtQmpfNo7A5P7Q61fZ+sl76eO 3+RHusW3X534K+P6sraepN0TUbrzxYU53FxyoOmo7FmFR2BWaIaUUHs0jGUS2XLCosm5 Th+0a85Niv2lrRcjrUdxE2DbxqIrscys+ssuNKa18R8uk8yWYBL/nmlsOtXQIl/HS3Zk v/vw==
X-Gm-Message-State: AOJu0Yyh6Gbu6ZylPy2JB03DpV4HUHWwoW8te+IUn4C6tcroq3q/NAWl lMLH7ux7j+nBgYUOJ6n0ZVtgWCRTbac3BkYSmZPpJDzK9l5x6QTqGcsubIHIZyDTDhL+MCrXa30 7
X-Google-Smtp-Source: AGHT+IFi78ca4+LGvAuCK/DHS4R2hv19YzmSoR7NyX/rilN+aQezU/lOI4ZC34NTJgNkBUb04syKew==
X-Received: by 2002:a25:918f:0:b0:dcc:4b44:3377 with SMTP id w15-20020a25918f000000b00dcc4b443377mr2529217ybl.25.1710448092638; Thu, 14 Mar 2024 13:28:12 -0700 (PDT)
Received: from [192.168.2.20] (162-238-103-217.lightspeed.brhmal.sbcglobal.net. [162.238.103.217]) by smtp.gmail.com with ESMTPSA id b8-20020a25bb48000000b00dcc620f4139sm388861ybk.14.2024.03.14.13.28.11 for <dmarc@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 14 Mar 2024 13:28:12 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------IFuxBkPNKa6Mwb46vyyeYE67"
Message-ID: <54b44e40-e298-432b-9fc0-1269a328ae58@tekmarc.com>
Date: Thu, 14 Mar 2024 15:28:11 -0500
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: dmarc@ietf.org
References: <CAHej_8kip_p+n56=Y5WuVG2M_+HXHj51fyY3k6dx-itJRZkCpQ@mail.gmail.com>
From: Mark Alley <mark.alley@tekmarc.com>
In-Reply-To: <CAHej_8kip_p+n56=Y5WuVG2M_+HXHj51fyY3k6dx-itJRZkCpQ@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Hnklqm0Gm2wBB1yC6NViL7uAOxc>
Subject: Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2024 20:28:18 -0000
If we need some real world examples of this, got a few here: _dmarc.oit.alabama.gov _dmarc.tjx.com _dmarc.walmart.com _dmarc.novanta.com - Mark Alley On 3/14/2024 3:18 PM, Todd Herr wrote: > Colleagues, > > There was a discussion among M3AAWG members on March 13 that centered > on the question of whether DMARC records can be published in DNS as > CNAMEs, e.g., > > _dmarc.example.com <http://dmarc.example.com> IN CNAME > _dmarc.example.org <http://dmarc.example.org> > > _dmarc.example.org <http://dmarc.example.org> IN TXT "v=DMARC1; > p=reject; rua=mailto:dmarc-reports@example.org > <mailto:dmarc-reports@example.org>;" > > Section 3.6.2 of RFC 1034 seems to indicate that it is permissible to > publish DMARC records in this fashion, and describes the following > scenario using an CNAME record and an A record: > > For example, suppose a name server was processing a query with for > USC- > > ISIC.ARPA, asking for type A information, and had the following > resource > > records: > > |USC-ISIC.ARPA IN CNAME C.ISI.EDU <http://C.ISI.EDU>| > > |C.ISI.EDU <http://C.ISI.EDU> IN A 10.0.0.52| > > Both of these RRs would be returned in the response to the type A > query, > > while a type CNAME or * query should return just the CNAME. > > I recommend adding a paragraph to DMARCbis, section 5.1 DMARC Policy > Record at the end of that section that reads: > > Per RFC 1034 section 3.6.2, a DMARC record MAY be published as a > CNAME record, so long as the corresponding canonical name > ultimately resolves to a TXT record so as to ensure that queries > of type TXT return a DNS RR in the expected format. > > Issue 136 has been opened for this. > > -- > > Todd Herr | Technical Director, Standards & Ecosystem > Email: todd.herr@valimail.com > Phone: 703-220-4153 > > > This email and all data transmitted with it contains confidential > and/or proprietary information intended solely for the use of > individual(s) authorized to receive it. If you are not an intended and > authorized recipient you are hereby notified of any use, disclosure, > copying or distribution of the information included in this > transmission is prohibited and may be unlawful. Please immediately > notify the sender by replying to this email and then delete it from > your system. > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Scott Kitterman
- [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Reco… Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Tim Wicinski
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Tim Wicinski
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … John Levine
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Murray S. Kucherawy
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … OLIVIER HUREAU
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Alessandro Vesely
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Neil Anuskiewicz
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Tero Kivinen
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Neil Anuskiewicz
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … John Levine