IETF Logo Mail Archive

Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy for the Author Domain - dmarcbis-06

Alessandro Vesely <vesely@tana.it> Tue, 05 April 2022 07:57 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 043E23A1F5D for <dmarc@ietfa.amsl.com>; Tue, 5 Apr 2022 00:57:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=tana.it header.b=ZUS4AuUk; dkim=pass (1152-bit key) header.d=tana.it header.b=BCS3jE+y
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0gxIIkLBklJZ for <dmarc@ietfa.amsl.com>; Tue, 5 Apr 2022 00:57:39 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE6A73A21F3 for <dmarc@ietf.org>; Tue, 5 Apr 2022 00:57:37 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=tana.it; s=epsilon; t=1649145450; bh=8mSkAcONx+H+Ky8OhMOw4jDnXxxbaLHsiefYtrOWvDo=; h=Date:Subject:To:References:From:In-Reply-To; b=ZUS4AuUkpCOpIlg9SZttaQHIYHtNkwJPDLAD6l6UScMR8T6JgeFJpYLksLzvgj0bl zrWlJ0+ZmDJAWf6vtdgCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1649145450; bh=8mSkAcONx+H+Ky8OhMOw4jDnXxxbaLHsiefYtrOWvDo=; h=Date:To:References:From:In-Reply-To; b=BCS3jE+yJDbJap+9NNc8rLzBXKaK1XES0MJev1TTMv2FS2qtGAmcmQEYtlgIFxMrE 3vnITuhJcQIU/yLVmp6Cj82Ek+KWsxU3qYqoZCge34JTnBF6Qqw6FvxyNBDxJ1jQ4d pJpheSEfOnq5IaNZuFdniVTUur8mI6vhyRxtERWul0oKLHguaklBk8Zi8aRtq
Author: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0CF.00000000624BF66A.00004DB4; Tue, 05 Apr 2022 09:57:30 +0200
Message-ID: <362b2316-53fc-59bc-ba71-d9fe4b184c8a@tana.it>
Date: Tue, 5 Apr 2022 09:57:30 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
To: John R Levine <johnl@taugh.com>, dmarc@ietf.org
References: <20220403024904.479EA3A462E4@ary.qy> <45a019b3-3f97-6c56-409b-5a3f9f2d06ba@tana.it> <83bed554-8def-0952-28e8-47cf6abe67df@taugh.com> <f1ae6447-0f91-39e5-fdbe-e6f9edba31c4@tana.it> <751a4cb2-35d5-7182-b42b-377fc9d11b22@taugh.com> <a2f653bb-5a5f-e41f-fd91-aac4c04ea2aa@tana.it> <0c06b5b0-a298-479d-90b5-a17cfaa4e672@taugh.com>
Authentication-Results: tana.it; auth=pass (details omitted)
From: Alessandro Vesely <vesely@tana.it>
In-Reply-To: <0c06b5b0-a298-479d-90b5-a17cfaa4e672@taugh.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/KKStPH3BkzOojrKZ_EELyitQOhY>
Subject: Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy for the Author Domain - dmarcbis-06
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2022 07:57:47 -0000

On Mon 04/Apr/2022 19:31:36 +0200 John R Levine wrote:
>>> If it's the original domain, yes.
>>
>> We know that co.uk is not an Organizational Domain.  Asking what is the 
>> Organizational Domain of co.uk is an ill-posed question.
> 
> These are all in the PSL.  What are their organizational domains?


Scott took the time to define PSDs and PSOs in RFC 9091, restated in Sections 
3.2.8 and 3.2.9 of the current draft.  Since the definitions of Organizational 
Domain (both the current 3.2.7 an my proposed change) require PSD + 1, a PSD 
has to be a proper subdomain of another PSD in order to admin an Organizational 
Domain itself.


> _dmarc.wa.gov.au TXT "v=DMARC1; p=none; fo=1:d; rua=mailto:dmarc_rua@emaildefense.proofpoint.com,mailto:dmarc_records@wa.gov.au;ruf=mailto:dmarc_rua@emaildefense.proofpoint.com,mailto:dmarc_records@wa.gov.au"
> wa.gov.au mail is handled by 10 inbound-smtp.us-west-2.amazonaws.com.
> wa.gov.au TXT "v=spf1 include:amazonses.com ~all"
> 
> _dmarc.gov.az TXT "v=DMARC1; p=reject; pct=100; fo=1; adkim=s; aspf=s; rua=mailto:dmarcrep@gov.az"
> gov.az mail is handled by 0 sea1.mail.gov.az.
> gov.az mail is handled by 10 sea2.mail.gov.az.
> gov.az TXT "v=spf1 redirect=_spfx.mail.gov.az"
> 
> _dmarc.gov.in TXT "v=DMARC1; p=quarantine; sp=none; fo=1;rua=mailto:pmaster-wlist@gov.in;ruf=mailto:pmaster-wlist@gov.in"
> gov.in mail is handled by 5 mailgwgov.nic.in.
> gov.in TXT "v=spf1 mx ip4:164.100.14.0/24 ip4:164.100.2.0/24 ip4:164.100.10.0/24 ip4:164.100.15.0/24 ip4:164.100.13.0/24 -all"
> 
> _dmarc.edu.kz TXT "v=DMARC1; p=none; rua=mailto:abuse@edu.kz"
> edu.kz mail is handled by 10 post.mail.kz.
> edu.kz TXT "v=spf1 a mx ip4:88.204.157.164 ~all"
> 
> _dmarc.ac.me TXT "v=DMARC1; p=quarantine; adkim=r; aspf=r; fo=0; pct=100; rua=mailto:dmarc@ac.me"
> ac.me mail is handled by 10 mail.ac.me.
> ac.me TXT "v=spf1 mx ip4:89.188.43.10 ip6:2a02:4280:0:200:89:188:43:10 -all"
> 
> _dmarc.nhs.uk TXT "v=DMARC1; p=reject; sp=none;adkim=s;aspf=s;fo=1; rua=mailto:A-NE.postmaster@nhs.net,mailto:dmarc-rua@dmarc.service.gov.uk"
> nhs.uk mail is handled by 50 mail.nhs.uk.
> nhs.uk TXT "v=spf1 ip4:213.161.89.71 ip4:213.161.89.72 ip4:213.161.89.73 ip4:213.161.89.103 ip4:213.161.89.104 ip4:213.161.89.105 -all"
> 
> _dmarc.police.uk TXT "v=DMARC1;p=none;sp=none;adkim=s;aspf=s;fo=1;rua=mailto:dmarc-rua@dmarc.service.gov.uk;ruf=mailto:dmarc-ruf@dmarc.service.gov.uk"
> police.uk has no MX record
> police.uk TXT "v=spf1 -all"
> 
> _dmarc.k12.dc.us TXT "v=DMARC1; p=none; rua=mailto:a6p7qzhr@ag.dmarcian.com;"
> k12.dc.us mail is handled by 10 dck12.mail.protection.outlook.com.


All of the above admit no org domain.  I'd amend step 2 like so:

OLD
    2.  If a valid DMARC record contains the psd= tag set to 'y' (psd=y),
        the Organizational Domain is the domain one label below this one
        in the DNS hierarchy, and the selection process is complete.

NEW
    2.  If a valid DMARC record contains the psd= tag set to 'y' (psd=y),
        the Organizational Domain is the previous domain of those selected,
        if any.  In any case the selection process is complete.


I note that only police.uk is registered at psddmarc.org.  It is also the only 
"pure" PSD, in the sense that they don't send mail themselves.

Scott, is that the reason why the others are not registered?

All them should amend their DMARC records adding psd=y.


Best
Ale
--

v2.8.7 | Report a Bug | By Email