IETF Logo Mail Archive

Re: [dmarc-ietf] Tree Walk impact

Douglas Foster <dougfoster.emailstandards@gmail.com> Mon, 09 October 2023 22:20 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D248C151070 for <dmarc@ietfa.amsl.com>; Mon, 9 Oct 2023 15:20:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HX-KlaByeGXv for <dmarc@ietfa.amsl.com>; Mon, 9 Oct 2023 15:20:10 -0700 (PDT)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B252C15106C for <dmarc@ietf.org>; Mon, 9 Oct 2023 15:20:10 -0700 (PDT)
Received: by mail-lj1-x230.google.com with SMTP id 38308e7fff4ca-2c3ca6ff5a7so36379041fa.1 for <dmarc@ietf.org>; Mon, 09 Oct 2023 15:20:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696890008; x=1697494808; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ff9Mk1sbH09iOORI6Eld3DwKVQbP1+MoTxrNsV2oECE=; b=bXqbOMH6iH3GmURpfUDLrYrqueV7aFZnHaiW3rAKqj1vdZBssEbJfd7xHqZrjz84hP kDLoB/XLhhRqDY/pj82FOhd3EP2W7qaAY+vyPtYoK7Bkbak4bqMq6OA5a7wisdMmQV9H oeTE/LDFBR0uhcDDXseeMyRub/FRHcU/aUN/bkKWdFFkRf+S9IMtjq8OHKCJuLsCzmgW irteFvGu/OfaAlltOpzp2+jopqoK7FfZDhN3qkylpo7VH2Z4vjXZzejP1GIzVdIvf8HY Zg1s9vXTOjhxfsYtezZa79th+GRyIi8mB1xuuAElDfOMjV7DwzZvhvaC/s+eNUPEZwd3 13nQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696890008; x=1697494808; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ff9Mk1sbH09iOORI6Eld3DwKVQbP1+MoTxrNsV2oECE=; b=TOsRRI97uN7tM2j381MdgUill7JqwPS4/vM6+aBGWJ9B3pqrGtcTZI53kRL0tQQBFO PD1IHFDsXpMu4cuxamTLcreahMe9XI8CtACqgB/QkLvIFrSXnJwxnvHhuPUjGcGmEpmD S/+WDQ8pIL5SZ90eDjTa0dTb+LUkoSHIaS5rsJSO8PZBOQqm1aoejBP3gYllaJp8Oc8r 4xV9Mvx3F6snKY4OXCdyw6ANaH66puiznVLczfMDp572GlSQDzlRWv+gNB7Ghs24oegn lgpmBZnfH7Qx1YyeqRtzAUswg9jNQoUiF4Mlw8kPL6sMbklgqKXr9sy8H3lYvvYRb6kU 0ttA==
X-Gm-Message-State: AOJu0YyqcSnxD+tp/CoB/f7526gqSL0CFBvHXkjYg7vAwz/xdiB8e2Cz NypHhFdmYQVtzV1e+us9LX7VWNl6Qianz85tkDGn4mb6ahw=
X-Google-Smtp-Source: AGHT+IHvH3RYEnVgZjPk/wFAUnkoPX9ITj9ieYOkAUidlhyJE0VA0mZEPEkrvZNhZ4Lc3mhxBDHl6OL1UFmQ/k3xK1M=
X-Received: by 2002:a2e:7010:0:b0:2c1:2211:97d1 with SMTP id l16-20020a2e7010000000b002c1221197d1mr13099576ljc.50.1696890007994; Mon, 09 Oct 2023 15:20:07 -0700 (PDT)
MIME-Version: 1.0
References: <2$gO5vBMRZIlFAqX@highwayman.com> <20231007194547.2C45A35A9CEE@ary.local> <CAH48ZfwRVa9sjA3ZFxujbraRrVj9WJ7ZpSL6L1+ZXaWgd7bd+w@mail.gmail.com> <3498ed9e-2338-e90c-03f6-168f4720e463@tana.it> <CAH48ZfzoH54ss5qguh+qZKy2qJbGfJAEM-xhwZVMru9YwwZahw@mail.gmail.com> <9255ED77-2E7F-487E-AAC2-FA0FE69D2331@kitterman.com>
In-Reply-To: <9255ED77-2E7F-487E-AAC2-FA0FE69D2331@kitterman.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Mon, 09 Oct 2023 18:19:56 -0400
Message-ID: <CAH48ZfyV_qBd_aEimU_TVfCw_Cra0fOFVkDQX2gsJiRwhLZ=9Q@mail.gmail.com>
To: Scott Kitterman <sklist@kitterman.com>
Cc: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="00000000000026467e06074ffe30"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/N8jiduekMQipz3ZXcdCYqXfKHuk>
Subject: Re: [dmarc-ietf] Tree Walk impact
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Oct 2023 22:20:14 -0000

Great question.   On Feb 23rd, I had this exchange which John settled:
It appears that Douglas Foster  <dougfoster.emailstandards@gmail.com> said:

>-=-=-=-=-=-
>
>I seem to have missed this redesign.   I thought the plan had always been
>to take the top-most policy not flagged as PSD=Y.


The current design has been in the draft since October, and we discussed
it on this list at great length.


R's,
John

Today, re-reading draft version 28, it says to use the top version.   I
missed when stop-first was chosen "after discussion at great length", and I
also seem to have missed the decision to switch back, presumably after
equally vigorous discussion?

Both approaches have problems.   Stop-at-last enables the walk to exit the
current organization and stop on a private registry, for both alignment
evaluation and for aggregate report transmission.   This is not a minor
problem, even if it is arguably infrequent.

Given that the problem with PSL is imperfect data, the solution is better
data.   Instead we have chosen a heuristic, and consequently we can be
certain of heuristic-induced harm.   We should give domain owners full
control over their organizational boundary, and stop guessing.

Doug Foster





On Mon, Oct 9, 2023 at 9:00 AM Scott Kitterman <sklist@kitterman.com> wrote:

> Where does it say to stop at the first policy found?
>
> Scott K
>
> On October 9, 2023 12:51:33 PM UTC, Douglas Foster <
> dougfoster.emailstandards@gmail.com> wrote:
> >Right, but we walk up from both domains separately, and each walk stops at
> >the first policy found.  Since the two walks stop at different policies,
> >they are presuned to be different organizations.
> >
> >Doug
> >
> >
> >On Mon, Oct 9, 2023, 5:35 AM Alessandro Vesely <vesely@tana.it> wrote:
> >
> >> On Sun 08/Oct/2023 04:00:31 +0200 Douglas Foster wrote:
> >> > Attached it is a spreadsheet with the problems from my data set.
> >>
> >> I see no blocking.  For example, the list shows From: bayer.com,
> >> d=crm.bayer.com, the latter deemed blocking.  Both domains feature a
> >> DMARC
> >> record and (unsurprisingly) none has a psd= tag.
> >>
> >> According to the spec, one should look up:
> >> _dmarc.bayer.com
> >> _dmarc.com
> >>
> >> And then
> >> _dmarc.crm.bayer.com
> >> _dmarc.bayer.com
> >> _dmarc.com
> >>
> >> The organizational domain is bayer.com and they are aligned.  No
> blocking.
> >>
> >> Best
> >> Ale
> >> --
> >>
> >>
> >>
> >> _______________________________________________
> >> dmarc mailing list
> >> dmarc@ietf.org
> >> https://www.ietf.org/mailman/listinfo/dmarc
> >>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email