Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy for the Author Domain - dmarcbis-06
Scott Kitterman <sklist@kitterman.com> Tue, 05 April 2022 22:52 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 98D8A3A138E
for <dmarc@ietfa.amsl.com>; Tue, 5 Apr 2022 15:52:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.11
X-Spam-Level:
X-Spam-Status: No, score=-2.11 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral
reason="invalid (unsupported algorithm ed25519-sha256)"
header.d=kitterman.com header.b=nBXQ7CC8; dkim=pass (2048-bit key)
header.d=kitterman.com header.b=mSz40hf8
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id YBPZM1zPZTHJ for <dmarc@ietfa.amsl.com>;
Tue, 5 Apr 2022 15:52:32 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com
[64.20.48.66])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 7B66D3A14E9
for <dmarc@ietf.org>; Tue, 5 Apr 2022 15:52:32 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com
[64.20.48.66])
by interserver.kitterman.com (Postfix) with ESMTPS id 2B31AF80260
for <dmarc@ietf.org>; Tue, 5 Apr 2022 18:52:30 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com;
i=@kitterman.com; q=dns/txt; s=201903e; t=1649199150; h=from : to :
subject : date : message-id : in-reply-to : references : mime-version
: content-transfer-encoding : content-type : from;
bh=mDUa97LN07oeMXnAb4zFEiPG+RTEvtOL2BiaJSCQ+sA=;
b=nBXQ7CC8znMMYreVDuszA/7aSziPUw+/B3a1cTc3i/o2juPYWu+QvE3MiNIrEl8JMmqX7
JK/Ft8Guqf/o590CQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com;
i=@kitterman.com; q=dns/txt; s=201903r; t=1649199150; h=from : to :
subject : date : message-id : in-reply-to : references : mime-version
: content-transfer-encoding : content-type : from;
bh=mDUa97LN07oeMXnAb4zFEiPG+RTEvtOL2BiaJSCQ+sA=;
b=mSz40hf8jmmX1SEzdWeDoI4p17OpSdwn9p7tNB8v9KsQCqDrd+LIbVCn4vh89Bnaaw055
SAMOmvqeBiYWJS2lZJkeVSYKa4EKb8czduGd7Z5g4Mk6U+Ounpd0MKzLbTj3MGKdKcPLgBK
fWwvNoB6+IK6BigEbD0/fPlMX57VVxQDPc5luaX2zquH+qF5oNnX3F2DqSD6vu/dDWsF78G
VMVgGDVWFKFIJ9Ajv2vGYnnirxpEmFelvIdcXyyAbRxBfVuMLJk/zkMx0o0D1/T2PBEfG95
6yg7JofKjfBj2GF2KhCkGuMNoPDS/hNUoxAZ4k2TIkEev32g40Bh58ZHKGVw==
Received: from zini-1880.localnet (static-72-81-252-22.bltmmd.fios.verizon.net
[72.81.252.22])
by interserver.kitterman.com (Postfix) with ESMTP id 12218F8014F
for <dmarc@ietf.org>; Tue, 5 Apr 2022 18:52:30 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Tue, 05 Apr 2022 18:52:29 -0400
Message-ID: <2197974.0AaHhFyGSN@zini-1880>
In-Reply-To: <20220404214446.9CB223B2CFED@ary.qy>
References: <20220404214446.9CB223B2CFED@ary.qy>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/SPKqGTkea98GL4qo3Fo9wcEPtS0>
Subject: Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy for the Author
Domain - dmarcbis-06
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting,
and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>,
<mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>,
<mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2022 22:52:38 -0000
On Monday, April 4, 2022 5:44:46 PM EDT John Levine wrote: > It appears that Scott Kitterman <sklist@kitterman.com> said: > >I think the attached addresses this. I also tried to make it clear that if > >there's only one domain (common 5322.From, 5321.MailFrom, and d=), then no > >tree walk is needed. > > Is that right? Let's say all three domains are sales.foo.com, there is > no DMARC record _dmarc.sales.foo.com, but there might be one at > _dmarc.foo.com. I think you need to do the tree walk to find the policy. > > This is less urgent, but between steps 7 and 8 8 in 4.6, I'd say that > if you find a record with psd=y or psd=n you stop the tree walk, since > nothing above that is relevant. I agree on the first point. I'd suggest we change the first point in the note for 4.8. Was: * The RFC5322.From domain and the RFC5321.MailFrom domain (if SPF authenticated), and/or the DKIM d= domain (if present and authenticated) are all the same. In this case, this common domain is treated as the Organizational Domain. Is: * The RFC5322.From domain and the RFC5321.MailFrom domain (if SPF authenticated), and/or the DKIM d= domain (if present and authenticated) are all the same and that domain has a DMARC record. In this case, this common domain is treated as the Organizational Domain. Adding "and that domain has a DMARC record" as a condition for not doing the tree walk should be sufficient. For the second point, I think that's accurate, but I don't really think we need to standardize the optimization. If I'm using an async DNS resolver, I would implement firing off all the necessary queries and then evaluating them once I have the answer. I don't think we'd want to require (or appear to require) anyone to do a single query and evaluate the result before doing the next query. That could be several times slower and at scale that typically will be more important than the extra DNS queries. I'm not going to post another proposed revision for the above change, I think Todd can just incorporate that for the next revision. Scott K
- [dmarc-ietf] I-D Action: draft-ietf-dmarc-dmarcbi… internet-drafts
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- [dmarc-ietf] 5.5.4. Publish a DMARC Policy for th… Alessandro Vesely
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- [dmarc-ietf] Ruminating the tree walk Alessandro Vesely
- Re: [dmarc-ietf] Ruminating the tree walk Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- Re: [dmarc-ietf] Ruminating the tree walk Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] Ruminating the tree walk Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Douglas Foster
- Re: [dmarc-ietf] Ruminating the tree walk Barry Leiba
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] Ruminating the tree walk Douglas Foster
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Douglas Foster
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] Ruminating the tree walk Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Todd Herr
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John Levine
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… John R Levine
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… Alessandro Vesely
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… John Levine