IETF Logo Mail Archive

Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy for the Author Domain - dmarcbis-06

Alessandro Vesely <vesely@tana.it> Tue, 05 April 2022 08:44 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2ACD3A224C for <dmarc@ietfa.amsl.com>; Tue, 5 Apr 2022 01:44:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=tana.it header.b=FsUnhMYR; dkim=pass (1152-bit key) header.d=tana.it header.b=Acn+rHI2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KZaypOxz7jML for <dmarc@ietfa.amsl.com>; Tue, 5 Apr 2022 01:43:55 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B91103A1FA9 for <dmarc@ietf.org>; Tue, 5 Apr 2022 01:43:54 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=tana.it; s=epsilon; t=1649148229; bh=dVpP2OP+Gyi7K2fXQe8EPpFt7LEWe7P/FHtRZZV8EtE=; h=Date:Subject:To:References:From:In-Reply-To; b=FsUnhMYRXd8a9aQpkTQ8Aqj3rQzKctPnUhnX8/lhg8FAz1xfoCFp+H32NOOEim584 rqsLSDw9RAnB9aVaX8OBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1649148229; bh=dVpP2OP+Gyi7K2fXQe8EPpFt7LEWe7P/FHtRZZV8EtE=; h=Date:To:References:From:In-Reply-To; b=Acn+rHI28j6Jtfdk+Fj0HH6lOwydN5ubhxxNjqDbhIfoEw0M5vYEwgqRmoNhyGHa8 EmVrTmsRDtRy1Gpj3/B3HfyqQe4F9QrqS15MzjYG7N+CYz6j8BLnwQ9FQGocyd7Fy6 +OHivKzHtSD8+4nLBMAop77NEuYSrsvkMn82CXqvLlKbKuROWu+8bwbo/X5Vd
Author: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0D6.00000000624C0145.000054C5; Tue, 05 Apr 2022 10:43:49 +0200
Message-ID: <c99eb896-eef9-1a89-60d6-3f2412b03a9a@tana.it>
Date: Tue, 5 Apr 2022 10:43:49 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
To: dmarc@ietf.org
References: <20220403024904.479EA3A462E4@ary.qy> <2550778.P67xgtABij@zini-1880>
Authentication-Results: tana.it; auth=pass (details omitted)
From: Alessandro Vesely <vesely@tana.it>
In-Reply-To: <2550778.P67xgtABij@zini-1880>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/L5yBo6Vai_zAqxlJjuaClUjKM6A>
Subject: Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy for the Author Domain - dmarcbis-06
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2022 08:44:03 -0000

On Mon 04/Apr/2022 15:29:40 +0200 Scott Kitterman wrote:
> 
> The diff is relative the last text I posted.


Section 5 has to stay before Section 4.  It makes no sense to exemplify 
_dmarc.example.com if we haven't yet said that:

    Domain Owner and PSO DMARC preferences are stored as DNS TXT records
    in subdomains named "_dmarc".
                                                   [Current Section 5.1]


Then, let's make a statement like so:

    Retrieving the DMARC record of a domain implies the following steps:

    1.  Prepend the label "_dmarc" to the domain name and issue a DNS Query for
        a TXT record at the resulting domain.  For example, if the domain is
        example.com, query _dmarc.example.com.

    2.  Collate any string returned, in the order returned.

    3.  Records that do not start with a "v=" tag that identifies the
        current version of DMARC are discarded.  If multiple DMARC
        records are returned, they are all discarded.


At this point, the algorithm can be expressed in a shorter form like so:

    1.  Set the current target to the identifier at hand, which is one of the
        domain(s) described above.

    2.  Retrieve the DMARC record of the current target.

    3.  If the record exists and contains either psd=y or psd=n, stop.

    4.  Break the current target name into a set of "n" ordered
        labels.  Number these labels from right to left; e.g., for
        "a.mail.example.com", "com" would be label 1, "example" would be
        label 2, "mail.example.com" would be label 3, and so forth.

    5.  Count the number of labels in the current target.  Let that number
        be "x".  If x = 1, stop.  If x < 5, remove the left-most (highest-
        numbered) label from the subject domain.  If x >= 5, remove the
        left-most (highest-numbered) labels from the subject domain until
        4 labels remain.  The resulting DNS domain name is the new target
        for subsequent lookups.

    6.  Go to 2.


Better?


Best
Ale
--

v2.8.7 | Report a Bug | By Email