Re: [dmarc-ietf] Comment on draft-ietf-dmarc-psd

"Kurt Andersen (b)" <> Mon, 11 November 2019 15:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3164912089E for <>; Mon, 11 Nov 2019 07:46:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4xiXz1bywae4 for <>; Mon, 11 Nov 2019 07:46:37 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 223EA1200B2 for <>; Mon, 11 Nov 2019 07:46:37 -0800 (PST)
Received: by with SMTP id k1so15080369ioj.6 for <>; Mon, 11 Nov 2019 07:46:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130612; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3ije/aDwslIHUNif2pyijYGIhGMMTpFSyPDXKI1NMJ0=; b=IxSR78XPDpin1/gq65RRFICStdbZJSvi7Cbd+WR33d3mkHc8XtuHXPmFa9X63OfULm 14/raB5yUwdrhtJ360RyPJnTw6PnG4oHCzVg2manlXRS4QaQ9dKEqU6bgnkYXUCBnWqC YtCpHOlUDWBRlpyyMyAeYNxUd52EGt617Xd+c=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3ije/aDwslIHUNif2pyijYGIhGMMTpFSyPDXKI1NMJ0=; b=JRKleAJW6wBhteQ5Aj0+AgQl2KRutHpcxJjTvAgRXAR2K/Ht6ifPNU7nheuJsoyxR5 +DNdsplqbyGrNCnpFe4evUxFSSdqdWp6T0C7levc6SDEPxdGITRe0rnhlRXYa78Nevbk MrMx84TCOACE6OPOUhXBPoe2O5vHupYYhHAqwkU1eqECSUHTqPF2Ub69raG+jC7mMizF LKibc1gJabBlfOONKNaASaSN+qAlRlp59zMVgASBWevJ6wmkYAkzSumZpi/846hSJQcx tYfujcm6vjWX9Yu4GnuFWGJdJtBFF6gt56qV5owA/Or+XAQf4en1aoSf6aTOnCdBc8Qp hULQ==
X-Gm-Message-State: APjAAAVSchnVNo41dR2T269Z85RJB6WgzCIKxQAFkp5H8KH4bOsn/cxA TioOapudgtrtbSHvtWwiEgq59NTEU4XS9i2uoSMMxQ==
X-Google-Smtp-Source: APXvYqxlXz0Umoj8/w6QhAjQyC87ou5XmjHNwbJAL1o1ZapzjorpKviavszj6iOk9fh6xiTvGNgVhdHgEixgh92L+yQ=
X-Received: by 2002:a5d:8051:: with SMTP id b17mr6381126ior.104.1573487196105; Mon, 11 Nov 2019 07:46:36 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <> <> <> <>
In-Reply-To: <>
From: "Kurt Andersen (b)" <>
Date: Mon, 11 Nov 2019 07:46:17 -0800
Message-ID: <>
To: Tim Wicinski <>
Cc: Scott Kitterman <>, IETF DMARC WG <>
Content-Type: multipart/alternative; boundary="000000000000623b790597140953"
Archived-At: <>
Subject: Re: [dmarc-ietf] Comment on draft-ietf-dmarc-psd
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 11 Nov 2019 15:46:39 -0000

On Mon, Nov 11, 2019 at 1:58 AM Tim Wicinski <> wrote:

> Scott
> PSD DMARC does talk about organizational domains which from the original
> DMARC spec (section 3.2)
> does say 'Acquire a "public suffix" list'
> The addition of the preamble text shouldn't move the document in either
> direction.
> I do feel anything which helps focus us on moving forward on DMARC-bis is
> a good thing.
> The WG should be able to start writing the PSL document right away.


I think that you are being too liberal in applying transitive references.
The PSD document only refers to the PSL in

   - Informative References
   - Appendix A.1
   - Appendix B.3
   - Appendix C.2 (implementations)

I don't think that it is fair to say that anyone who refers to the org
domain concept as cited in the DMARC spec is necessarily invoking the PSL.

I do have a problem with the conflation of the org domain with a
super-organizational "realm" (?) that may impose conditions upon
organizations that fall within their jurisdictional purview. My main
concerns are with the potential usurpation of the org domain's policy
declaration rights. "Moving" the org domain up one level disenfranchises
the organizations and that is the wrong thing to do IMO.

As to the proposed "let's run this as an experiment pending DMARCbis", I
don't see how that satisfies Dave's concern about creating new work for
receivers in order to help a small set of domain (realm) owners. I'm not
opposed to it, but I just don't see how this solves the issue.