Re: [dmarc-ietf] Comment on draft-ietf-dmarc-psd

"Chudow, Eric B CIV NSA DSAW (USA)" <> Wed, 05 February 2020 23:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4ECA812083C for <>; Wed, 5 Feb 2020 15:11:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id EjAStfjRlbVt for <>; Wed, 5 Feb 2020 15:11:54 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7F3F61200A4 for <>; Wed, 5 Feb 2020 15:11:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;;; q=dns/txt; s=EEMSG2018v1a; t=1580944314; x=1612480314; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=ggXo79J9pFCbfnrw5LbT7GVOuXscL4l79oSr9Sq+UnA=; b=cRu/cp2CuTd2DgHGfo9HOY6N7NjolLTWWo5uxwGjXdtVz5zrXctarUL4 xvAAzOM0tqPkWN9/+jLvRddedmHH8kQgaFeiojxABW1a1dByglolLMUPB pWwhTPq103f7nwONgKthgcxrL8437+5je65CDO5e7nTCSN93rKtvFTa+C Jz6gpwS52qGfIMxkypFBMpAc3aIQM/nCNP3gMKmRhluY0usK9YtP5jq+O enOigoYV7NQA7jSF3MOxJYL6VGLBxaRj2B5J2ShJfLWd8yg6YwAuInLwg 8nP/C/QD8Yg2whGqYpJOXRNW81qwG3FcLtdkiQrR74ORcY0liUJjRVSoP A==;
X-EEMSG-check-017: 76825829|
X-IronPort-AV: E=Sophos;i="5.70,407,1574121600"; d="scan'208";a="76825829"
Received: from ([]) by with ESMTP; 05 Feb 2020 23:11:53 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.3.468.0; Wed, 5 Feb 2020 23:11:36 +0000
Received: from ([]) by ([]) with mapi id 14.03.0468.000; Wed, 5 Feb 2020 23:11:36 +0000
From: "Chudow, Eric B CIV NSA DSAW (USA)" <>
To: 'Craig Schwartz' <>, "'Murray S. Kucherawy'" <>
Thread-Topic: [dmarc-ietf] Comment on draft-ietf-dmarc-psd
Thread-Index: AQHV3BPv2W0yzjHaD0K8k+plARSzYagNOOWg
Date: Wed, 5 Feb 2020 23:11:35 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [dmarc-ietf] Comment on draft-ietf-dmarc-psd
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 05 Feb 2020 23:11:56 -0000

On Tuesday, February 04, 2020 3:44 PM Scott Kitterman wrote:
> As designed, the experiment is self-contained: For senders, it only affects
> PSDs that have been listed as participants. For receivers, it only affects
> receivers that choose to deploy code to do the additional check related to 
> PSD DMARC. As far as I can determine, there is zero impact on anyone else.

On Wednesday, February 05, 2020 5:59 AM Craig Schwartz wrote:
> Second, I have consulted with my technical advisors and our conclusion is
> that the risks to deployed infrastructure if this experiment becomes 
> permanent are negligible.

As both Craig and Scott pointed out, this experiment will only impact senders 
and receivers who opt-in to participating and has minimal risks to deployed 
infrastructure, so there shouldn’t be an issue there. For scalability, it may 
or may not scale as is, but the experiment has limited risk and should provide 
data on scalability or other issues, and so would be a good experiment to 
provide input into making DMARC better. 

On Wednesday, February 05, 2020 5:59 AM Craig Schwartz wrote:
> Finally, if the DMARC working group is successful in updating DMARC not to 
> use the PSL, then PSD DMARC would naturally evolve to use that solution (PSD
> is currently defined relative to org domain, so if the method for finding org
> domain changes, PSD DMARC will use it without any change needed).  As a 
> result, to the extent the use of lists like the PSL is a problem, PSD DMARC 
> is already ready to take advantage of whatever solution the IETF develops.

For the question related to the PSL and determining the Organizational Domain, 
I think Scott, Kurt, and Craig established this is not an issue for this 
experiment since that issue lies with DMARC itself and so it does not need to 
be addressed in PSD DMARC or for this experiment to proceed. 

On Tuesday, February 4, 2020 3:49 PM Andrew Kennedy wrote:
> One has to wonder if delaying or impeding advancement of this I-D, because
> of an external dependency that appears unlikely to be resolved in a timely
> fashion, is making the perfect the enemy of the good.  

On Monday, February 3, 2020 2:52 PM Ian Levy wrote:
> Experiments will give us data that helps us make better solutions in the 
> future. If those solutions look like the current draft then great. If they
> don’t then we’ll be changing them based on data and experience. 

Lastly, I agree with Ian, Andrew, and others that making everything perfect 
now is the enemy of the good and we should move ahead with the experiment to 
get better data to make better solutions. I think that PSD DMARC will be 
valuable and should proceed.


Eric Chudow
DoD Cybersecurity Mitigations