Re: [dmarc-ietf] tree walk and Org and PSD, Second WGLC for draft-ietf-dmarc-psd
"Brotman, Alex" <Alex_Brotman@comcast.com> Tue, 24 November 2020 12:53 UTC
Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE5853A0BF4 for <dmarc@ietfa.amsl.com>; Tue, 24 Nov 2020 04:53:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Level:
X-Spam-Status: No, score=-0.2 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zv44WQumtQkm for <dmarc@ietfa.amsl.com>; Tue, 24 Nov 2020 04:53:18 -0800 (PST)
Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2F893A0BB0 for <dmarc@ietf.org>; Tue, 24 Nov 2020 04:53:18 -0800 (PST)
Received: from pps.filterd (m0156892.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0AOCjORo006141 for <dmarc@ietf.org>; Tue, 24 Nov 2020 07:53:18 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=20190412; bh=x1xY9BSXaEuybIoj/1YP1B0+Xded9Ob9RyJD41WodhQ=; b=EJPl+A6PoBtLuFzAf/DG8ya/R//oxu/svB0NnI/mOr2awSpr4wy7J06j14aa7BV4/T/3 0AO1BXf+qvi1h2E2a/503kCuaMiLTi4nAz47LxtA0AmY2MJumgClk6lTWbr1NsEkqyWk GtFZoZGvwi2G2iiDcabpq8R+0moBFThXTPfQxANtH//Wr5EemRBF8aN8ElULfL/WW2iB wIVh39Zg8bLH3y3LmoWMjdsIrYqI4/c+yMkGfncbnLe30nZxw98B2bW2v/LKl5Mi2eSL wUnMUGYuEOYbQmLTkAIerSU8JQ6rz+Ymv6N5ucTRlm4FMCDXLR351OqHY4/WmXMk7rCW fw==
Received: from copdcexc37.cable.comcast.com (dlppfpt-po-1p.slb.comcast.com [96.99.226.137]) by mx0a-00143702.pphosted.com with ESMTP id 34xy3q8qmh-4 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <dmarc@ietf.org>; Tue, 24 Nov 2020 07:53:18 -0500
Received: from copdcexc33.cable.comcast.com (147.191.125.132) by COPDCEXC37.cable.comcast.com (147.191.125.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Tue, 24 Nov 2020 05:52:58 -0700
Received: from COPDCEXEDGE01.cable.comcast.com (96.114.158.213) by copdcexc33.cable.comcast.com (147.191.125.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5 via Frontend Transport; Tue, 24 Nov 2020 05:52:57 -0700
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.173) by webmail.comcast.com (96.114.158.213) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 24 Nov 2020 07:52:44 -0500
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by BL0PR11MB3313.namprd11.prod.outlook.com (2603:10b6:208:60::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.24; Tue, 24 Nov 2020 12:52:43 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::d4a7:d9e:d031:c24c]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::d4a7:d9e:d031:c24c%6]) with mapi id 15.20.3589.022; Tue, 24 Nov 2020 12:52:43 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: [dmarc-ietf] tree walk and Org and PSD, Second WGLC for draft-ietf-dmarc-psd
Thread-Index: AQHWwHaVhBEGBcHryUmeC3DSrkQxLanTqm8AgAILEoCAABNcAIAAbwWAgAEHt2A=
Date: Tue, 24 Nov 2020 12:52:43 +0000
Message-ID: <MN2PR11MB4351DF962549AAF1E46F4128F7FB0@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <553D43C8D961C14BB27C614AC48FC0312811FC37@UMECHPA7D.easf.csd.disa.mil> <20201123210543.694B127C778E@ary.qy>
In-Reply-To: <20201123210543.694B127C778E@ary.qy>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=comcast.com;
x-originating-ip: [2601:43:101:380:f556:d089:d888:4427]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bb24839b-6b7c-4214-0a7d-08d89077d5a1
x-ms-traffictypediagnostic: BL0PR11MB3313:
x-microsoft-antispam-prvs: <BL0PR11MB33133953DBC044B9FB1F09F1F7FB0@BL0PR11MB3313.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Th7D2AFIj5+5AOUu/xCpymL+wOmLFKBGug5TJHQQzdefIX/hVWmXt7sJyBeaxZBpGJydHalLySv1kdyd+bPKtoKMsmHtZ4lubyBjgz2nUJxd3lee6JOd+4aRbduQs16Dp1SG9S9EqShALLkPRjThxjRrXGLsnwnIGbvIz+TDUA6D+oibrAA4NeJ78CXdB+p0wkekztVyZEketnm5uFg8UazdO48CAKQiNw3SmdFPVbFq/Fldh/HN/oBE8LVHt9Zm0dAAkbSSLlJV0r68UVdT0jAsoaVqqrhrFl/8OB5LtH1eU5J6TbQ3nKnaS8tvuqSeOq+JPx3r3ZOBRUaJJeZo0T2TMoyJPZSe1MVhlmn8JONG1cIue0qqoecQH7qt+7y/QoLKQkxzs7WVeysiAcmDC6qI5FdB4YA43C/Af/kmG+hjiRwk2taccNTfLGnsn65GTzmjc7TslLPiyxLrWKTpOA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(376002)(39860400002)(366004)(346002)(136003)(2906002)(9686003)(86362001)(7696005)(55016002)(33656002)(8936002)(53546011)(316002)(6506007)(478600001)(186003)(6916009)(5660300002)(52536014)(966005)(66446008)(76116006)(66946007)(66556008)(64756008)(83380400001)(66476007)(71200400001)(8676002)(46394003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: CdyytesNAi365fiKnqmvdQjnuh9YkJByUGvg0SsbiWXuc/wSq68jj1vQ5BVvJHhwMhmXgfQJgB1yrRMahufCIddU1WeADXkogybbo2OMHfEqLsRcQY3piDosxmRhtK9Fu02U/jfgzZqmnK6x3xXDNXx4I8RXsawiQtA2Trum086nS7K+RNEjoKtEX/qR6VZX3e1L8kaI1+o086fPNe55brcxFRiHTyoEsE4SXGTXA1/Y2mGhbwElVptmMYziJ6XrYmBM0x0Jure5362h04KDzXt+roiViHAsET7VqtHTO788IWFx6m9HMBKQSwKDVHI8slLmJCUp9Tk4PlfSpRoh1+jIza1+mPvLOqNSrPQVMyeL0C3GFvk575IeLMy9mdFOrjSdfZJXu9IEuSowIjrK4zx5uQKLq5cvhxzn7ePFZqlSG9lBlQ0O4uCxstMYaSW+1KnmXaerByOKKaB9et3vcsBsf9XE8glHdnv08MxMIMD/bGfhJoqrR/uQB/mcvo5K07BjGr0pJ2c5eR4u/LvYphyMJbgGkrjdYvhL6oi8UdqF5jbDjkxD20Cc9LalFvmrjYJRYGNffWf7svxQx+3woVKDnKqdLP/k7Ctz1w1QS/CQwOVcntxGGLQNd+VTi88T5lq2QWSz9mATSCHDbnjDhHVNbxyHQp2SxDd1x01gsJsOqfSh65oS5xIRJGETdOte8MIYPCYxW0IZ/m8WtGhomMWbfpStMWOeVZ+zSJjo/gdSKl7CKBR8SNodUM6y5B9fM5f/f9YaqI9dM7hkVSJvBWzG9u+a6mTp+2t9IzltRbOATH1+SKrkg/hzQBlE+P3Obwrqk4L15h6YkAQ2BhRLU7jQAapfKpY4Sk1W2tpYpM61zNPa0K0YG1EdreYEKWaD+V95WfI0P5u3Lq+x+EIhpW2cyX7qSmNE6V5R/8q7hTaJ+mkwxJ7/ZheSD2POtJDPjWCaltH4ZpTvtE0qSud4wg==
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BoIt7I0x0t2gXjisCBbXsFWE1eGhmRhTLsWMFpAFyW7XxrMWA4L8dECHrzpiW8LHDXS0NIFX5R4uwRKil3KBFyKYdVaW97kFq75Pwx0wJbJPzoa/URTO/6vMECSTpIFsH7ZBe4SX/niv/KJA4NQhqoty2Z8CYeb1BdU9h3mu+IeeVPKz/iCJ8X8KOHkSpKAP1ftTc4nNa6bmk/jkLqNbbrqzWHiZdwmoef/HZ8Fjnag39BookTpkAcxOkVx349Pho5hSz2KiUcWz3wCCPOi9+0rkdFVas5YADGis0QZuhbnv3/hmiG/MGfDAjdGnZDXxqQD5QjAQjG7HKnQQOaU+sw==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+lTqoxxLvnfcCAP5GO0voPZL827XFYX+wTW8h5Vm/+E=; b=PMSUc+VfFmBdtCPTasug8QEqzAnFwyQUc8tUCLGZLtvDav9MqQ5xr8J6TyAnOuZ6txgWSW8TdFDl36/qvaAxP/bmWaP820Zwp5Hg9iJnruxMlS71WgWOWynicobaziv5QX+czcLicOYuvLitMnUXxcnwHrYIlq8lavYs3MPqMlTTUoabDdjiwGuTPUKr0uKjKiJGXn6dAPZpW3bpE6WsIGpTVN3kLJyS+Q+zayjy91wNsmoStHc65LCnfTf8N0aoN75VUN9ejbyZXw2CXWnysRQa0hbmhqlXLZtRDQYGgWOMR3/qT1txo9wOzodvQI3dMxpwvbzYNOUqz0IMLuwydw==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4351.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: bb24839b-6b7c-4214-0a7d-08d89077d5a1
x-ms-exchange-crosstenant-originalarrivaltime: 24 Nov 2020 12:52:43.1580 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: th0F6lbjZ9o28ZoYQnPf7su1Eq/S28aUpjPdBbaG0oRyGfM+8ygrcvgBJvgMRXE7Yt3UAx1ftxLjQYhqxPwvvxcIA7p+RmjHgjOjlQ1dhsY=
x-ms-exchange-transport-crosstenantheadersstamped: BL0PR11MB3313
x-originatororg: comcast.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWT
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-11-24_04:2020-11-24, 2020-11-24 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/R1MKE5eaz7E-ETeZ4XpbkxGa6_Y>
Subject: Re: [dmarc-ietf] tree walk and Org and PSD, Second WGLC for draft-ietf-dmarc-psd
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2020 12:53:25 -0000
I was sort of curious yesterday and checked as well. Most were four or less. I had a number that were five or six. A couple dozen were at eight. I had one spam message that had 13 parts. It included both "_mta-sts" and "mta-sts" in there, as well as "mail" nine times. The last two parts were the org domain. -- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast > -----Original Message----- > From: dmarc <dmarc-bounces@ietf.org> On Behalf Of John Levine > Sent: Monday, November 23, 2020 4:06 PM > To: dmarc@ietf.org > Cc: eric.b.chudow.civ@mail.mil > Subject: Re: [dmarc-ietf] tree walk and Org and PSD, Second WGLC for draft- > ietf-dmarc-psd > > In article > <553D43C8D961C14BB27C614AC48FC0312811FC37@UMECHPA7D.easf.csd.dis > a.mil> you write: > >-=-=-=-=-=- > > > >Even for .mil, the vast majority of email domains are fairly short with > >four or fewer labels. Most of the other ones tend to be individual servers that > send automatic performance emails, and I think should be considered more of > an edge case and less of our concern. > > I scraped my logs for the past few months and that's what I found. > Nearly everything was four labels or less. Spot checking the few five-label > names, I found that most of the mail was all from MAILER-DAEMON@<long- > mailhost-name> and it appeared to be spam blowback. There was a trickle of > what looked like real mail from stumail.zcs.k12.in.us and feedback.retail.voice- > your-views.hsbc.com, > > I found nothing at all with six labels or longer. > > So if we made the tree walk limit six or seven I think we'd be unlikely to lose any > mail that anyone would miss. > > R's, > John > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/dmarc__;! > !CQl3mcHX2A!TIKw8O7ptxZvJLkZ0GxAxe4haD43V7NWTdLfVAZUiJUaCqFVIV1co > wazKVYiV8c2YXTskHmvzw$
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Doug Foster
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Chudow, Eric B CIV NSA DSAW (USA)
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Douglas E. Foster
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Douglas E. Foster
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… John Levine
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Tim Wicinski
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Murray S. Kucherawy
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Chudow, Eric B CIV NSA DSAW (USA)
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Douglas E. Foster
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Doug Foster
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Kurt Andersen (b)
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Douglas E. Foster
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Murray S. Kucherawy
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Douglas E. Foster
- Re: [dmarc-ietf] tree walk and Org and PSD, Secon… Murray S. Kucherawy
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Douglas E. Foster
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Murray S. Kucherawy
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Murray S. Kucherawy
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Murray S. Kucherawy
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Douglas E. Foster
- Re: [dmarc-ietf] tree walk and Org and PSD, Secon… John Levine
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Murray S. Kucherawy
- Re: [dmarc-ietf] tree walk and Org and PSD, Secon… Laura Atkins
- Re: [dmarc-ietf] tree walk and Org and PSD, Secon… Douglas E. Foster
- Re: [dmarc-ietf] tree walk and Org and PSD, Secon… Chudow, Eric B CIV NSA DSAW (USA)
- Re: [dmarc-ietf] tree walk and Org and PSD, Secon… Jesse Thompson
- Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc… Doug Foster
- Re: [dmarc-ietf] tree walk and Org and PSD, Secon… John Levine
- Re: [dmarc-ietf] tree walk and Org and PSD, Secon… Brotman, Alex
- Re: [dmarc-ietf] tree walk and Org and PSD, Secon… Alessandro Vesely
- Re: [dmarc-ietf] tree walk and Org and PSD, Secon… John Levine