IETF Logo Mail Archive

Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs

John Levine <johnl@taugh.com> Thu, 14 March 2024 23:11 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 072EDC14F60E for <dmarc@ietfa.amsl.com>; Thu, 14 Mar 2024 16:11:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.858
X-Spam-Level:
X-Spam-Status: No, score=-1.858 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="KZxtdD+T"; dkim=pass (2048-bit key) header.d=taugh.com header.b="pQwXgJmJ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IDrx64C0nsgZ for <dmarc@ietfa.amsl.com>; Thu, 14 Mar 2024 16:11:36 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 161E5C14F684 for <dmarc@ietf.org>; Thu, 14 Mar 2024 16:11:35 -0700 (PDT)
Received: (qmail 62522 invoked from network); 14 Mar 2024 23:11:34 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=f43865f38426.k2403; bh=ydFNAvEPD+6wWD/gDQJfqfhclpE11oMUjNTlMJVGwXI=; b=KZxtdD+TS6KO8CyU/slaRe3gildY3q0sK00xO5o3kGd+yFDiUhNgemErLlmAtSNcbVNmqCv7vu2Zgu37j+U1NfWqOJirtef7A2GByIS75+xYgeI2N1c6wXDaqzvKff9hLFGEGebs05XAKUOfuwfSieaWwqZbwQsmCAs04g9dcnbeTgm3k9wXBLC3VRWbuzVZZlyp7ATC1culhMYYUsvrWjNqc8T+w9Vr57QS6yvTVr29oJYb+DxUlvlMRDcuYwlsqnkpa0lFws7auZm8rVrWZA519O4pkt7mj+YPAS5xnwWl+Y5AON4J9S23VLwJ/JQrgPSTNCSj7Y1As7IXDNgB9Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=f43865f38426.k2403; bh=ydFNAvEPD+6wWD/gDQJfqfhclpE11oMUjNTlMJVGwXI=; b=pQwXgJmJRQDFZZ3icG4nNpG7tzWKBYO4YwpJn+L8Z1+6LEqAux9K1agziRvRzjagGa/gvtVJkTfdNwnnN32Dy7ubKsEBV3zeb/nuWHJTAJ0oXUkx6L0uYZaTOENkzq2JACWChr8R7kBS6kHTROQIUBiKA3wQIP5cH9kpBeeAzB5OQfIMBEfp6z8Ve+SH5VpUC3DNH4V6RbjdK6zfRave0ob0TNy1imr9L2b6OUYmd5sre5+E8bGdtULEz6sjBJD27U3HULc3KAKLggK+ULnGBH1Bv//TB1hrEmiweXmfot9cns1QGcO/ktYZVAfIVR9LOj5puT7BSRsVFckacwI1Sg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 14 Mar 2024 23:11:33 -0000
Received: by ary.qy (Postfix, from userid 501) id 373738563BAE; Thu, 14 Mar 2024 19:11:32 -0400 (EDT)
Date: Thu, 14 Mar 2024 19:11:32 -0400
Message-Id: <20240314231133.373738563BAE@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: todd.herr@valimail.com
In-Reply-To: <CAHej_8my0_2y5NqsqawiH3x1S5Xn14eGXGYDNfHmPOWu585TKw@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Psrbe2xhDYv5GWKGimvsZ1aMysM>
Subject: Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2024 23:11:41 -0000

It appears that Todd Herr  <todd.herr@valimail.com> said:
>I agree that clarifying it can't hurt, obviously, ...

I disagree, it does hurt.

If we say you're allowed to use CNAMEs to point to DMARC records,
people are to say uh oh, is there something special here? What about
DKIM records? what about SPF records? how about SPF includes? or SPF
redirects?

Really, there is nothing to say here, so let's not say it.

R's,
John

v2.23.0 | Report a Bug | By Email