Re: [dmarc-ietf] Description of 'n' value for the 'psd' tag AND/OR Clarify the Tree Walk
Todd Herr <todd.herr@valimail.com> Wed, 17 April 2024 13:33 UTC
Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4701C14F6A0 for <dmarc@ietfa.amsl.com>; Wed, 17 Apr 2024 06:33:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id en1KKwkXbvIN for <dmarc@ietfa.amsl.com>; Wed, 17 Apr 2024 06:33:26 -0700 (PDT)
Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com [IPv6:2607:f8b0:4864:20::b2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41EBEC14F5F7 for <dmarc@ietf.org>; Wed, 17 Apr 2024 06:33:26 -0700 (PDT)
Received: by mail-yb1-xb2d.google.com with SMTP id 3f1490d57ef6-dbed0710c74so4842405276.1 for <dmarc@ietf.org>; Wed, 17 Apr 2024 06:33:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; t=1713360805; x=1713965605; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=o8jRPEMvItrBPRslEavYWlwOmD17YpmgNX5fEPvj6LY=; b=Hzx2vOrDcwtSsNdMM7naA2P2AAA6n/zko/YzgLaCdcspTegdeL4XCZTW8+nqq++NXh mhF6IigYdg1NX5tTokZgb24jAp2XWyGKRw+KaNHvCV5IaPtuFo4Hvt8losU9pcMBtXBj zejxQ80hwXYyG3eLpEnoHaYZVK3EavvBadvyit4MgJZbi5bDicEhrB3EvOxS+aIt4TEb KVnoOns8I1deIvi5ilORCmY/bBsX9yjaxGM+sHL17bd/iDrJe0QdsH9aIPlVM+gRgJYb eN5M8ATjwrHb/HzwurPO/lNwOPlcjIdTOKxFWCerkHBw2axJP+99g1JKVLelN28MCN9O Xcaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713360805; x=1713965605; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=o8jRPEMvItrBPRslEavYWlwOmD17YpmgNX5fEPvj6LY=; b=Me5R0FStAFFGTdBj0d2uVurcQGmq0gwUVbtqtA+taQ8i8DhuwsPifR6JWipOPFY9e2 Yr3vPJLoZT6kydHXxsWt1SvuQV1IZ/J4RgRt+lQ3QLRyESLUo8DGCcKV53m+fBd11Mjh bmVPFyrQfNlmahCigqFq3YA3JqFQLlzMiD6i5m4Y25xbOMsAUKf+4MWlL3vpKvMTa7iq nnDPgX94EHvmOCjM6IfR+BtVDDhH8MRceQfNnuslPnAPDgW7lDABI8g5qu85vy/Nhmeo afcR2IqReY8BsuCTHwSdOJF6ZJWew25t52/ys95Ddhm7zxKvFDQ/uVZqJK7dUe0PjjA4 W5rA==
X-Gm-Message-State: AOJu0YzN7gy8JoKJDmN7Uc12j4EcnvKhLFyec7JusTSOUaPPfjmTXWnI l9Olt2VtzGBqr6o1G5k9Ojc6Tc3kvn0z+W728rKpKmrZnwWW7Sc6wBJWCD8R8C97blvFDvy6wyX Dxsv5uHWvYTgHJoQA+fd948vntNv2417MFx+4srcbs2CYfytmLxs=
X-Google-Smtp-Source: AGHT+IFyYxWWXOzOIt3gXalU/btwZbnJbHoSzzB+LVydjhFJ7VLFRJHuNnzehMhc6aTNsNCEJrALti8dn3/WHwdBepg=
X-Received: by 2002:a25:d8cf:0:b0:de4:1825:508f with SMTP id p198-20020a25d8cf000000b00de41825508fmr1735727ybg.39.1713360804953; Wed, 17 Apr 2024 06:33:24 -0700 (PDT)
MIME-Version: 1.0
References: <CAHej_8mTh4XVZH7tsdaTyri_dUE65TW3992Y=B-0Gy7vyGDw4Q@mail.gmail.com> <417748AF-2CE1-4AB4-839C-18E5275787CA@marmot-tech.com>
In-Reply-To: <417748AF-2CE1-4AB4-839C-18E5275787CA@marmot-tech.com>
From: Todd Herr <todd.herr@valimail.com>
Date: Wed, 17 Apr 2024 09:33:09 -0400
Message-ID: <CAHej_8kA_BsnNNh9wFHd7EnoMt0jhZY=_oROa01P6NVbLimPYw@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000026d99506164ae65c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/LEUVfbTMp4fy-fTQW8ZuwHw03Ho>
Subject: Re: [dmarc-ietf] Description of 'n' value for the 'psd' tag AND/OR Clarify the Tree Walk
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2024 13:33:30 -0000
On Wed, Apr 17, 2024 at 1:18 AM Neil Anuskiewicz <neil= 40marmot-tech.com@dmarc.ietf.org> wrote: > > > On Apr 16, 2024, at 2:18 PM, Todd Herr <todd.herr= > 40valimail.com@dmarc.ietf.org> wrote: > > > Colleagues, > > DMARCbis currently describes the value of 'n' for the 'psd' tag in a > policy record as follows: > > The DMARC policy record is published for a PSD, but it is not the > Organizational Domain for itself and its subdomain. There is no need to put > psd=n in a DMARC record, except in the very unusual case of a parent PSD > publishing a DMARC record without the requisite psd=y tag. > I don't think this is entirely accurate, especially the second sentence > ("no need ... except in the very unusual case"), and here's why. Either > that, or the description of the Tree Walk needs to be changed. > > The Tree Walk is intended for both DMARC Policy discovery and > Organizational Domain discovery, and section 4.7 (DMARC Policy Discovery) > says the policy to be applied will be the DMARC record found at one of > these three locations: > > - The RFC5322.From domain > - The Organizational Domain of the RFC5322.From domain > - The Public Suffix Domain of the RFC5322.From domain > > Meanwhile, section 4.8, Organizational Domain Discovery, gives the > following three options for where the Organizational Domain is: > > 1. DMARC record with psd=n > 2. The domain one level below the domain with a DMARC record with the > tag psd=y > 3. The record for the domain with the fewest number of labels. > > The Tree Walk, as described in section 4.6, defines two explicit places to > stop, both of which rely on discovery of a DMARC policy record with a psd > tag defined. > > > One of your concerns is that without a PSD tag, but I think the default is > PSD=n. Does,that address that concern or did I misunderstand the concern? > > The default for the psd tag is 'u', not 'n'. See https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-30.html#name-general-record-format -- Todd Herr | Technical Director, Standards & Ecosystem Email: todd.herr@valimail.com Phone: 703-220-4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- [dmarc-ietf] Description of 'n' value for the 'ps… Todd Herr
- Re: [dmarc-ietf] Description of 'n' value for the… Neil Anuskiewicz
- Re: [dmarc-ietf] Description of 'n' value for the… Todd Herr
- Re: [dmarc-ietf] Description of 'n' value for the… Neil Anuskiewicz
- Re: [dmarc-ietf] Description of 'n' value for the… Alessandro Vesely
- Re: [dmarc-ietf] Description of 'n' value for the… Scott Kitterman
- Re: [dmarc-ietf] Description of 'n' value for the… Scott Kitterman