IETF Logo Mail Archive

Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc-psd: Definition of NP

"Douglas E. Foster" <fosterd@bayviewphysicians.com> Fri, 20 November 2020 11:57 UTC

Return-Path: <btv1==59378e5df8d==fosterd@bayviewphysicians.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 425A23A1C7E for <dmarc@ietfa.amsl.com>; Fri, 20 Nov 2020 03:57:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bayviewphysicians.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6TW-Q_J3waWu for <dmarc@ietfa.amsl.com>; Fri, 20 Nov 2020 03:57:29 -0800 (PST)
Received: from mail.bayviewphysicians.com (mail.bayviewphysicians.com [216.54.111.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DEF63A1C7D for <dmarc@ietf.org>; Fri, 20 Nov 2020 03:57:28 -0800 (PST)
X-ASG-Debug-ID: 1605873447-11fa313c0114d40001-K2EkT1
Received: from webmail.bayviewphysicians.com (webmail.bayviewphysicians.com [192.168.1.49]) by mail.bayviewphysicians.com with ESMTP id E3fS1yI7Qnbm1Yo1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO) for <dmarc@ietf.org>; Fri, 20 Nov 2020 06:57:27 -0500 (EST)
X-Barracuda-Envelope-From: fosterd@bayviewphysicians.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.1.49
X-SmarterMail-Authenticated-As: fosterd@bayviewphysicians.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bayviewphysicians.com; s=s1025; h=message-id:reply-to:subject:to:from; bh=3uSVoVN6Fo7I+evKXDW4n/5eNaeYz+WcnD3HXh3BwCU=; b=PRRvjjX221l3JHRRadhG5ecHJjrYbxA95aY2y4QhSL1iu8oNq9DP0C8SfGrthFtMs w6a6bzC66PoXeY/F/5XSxQA+D4onzooLy/O6zdxg0qKF3uJymJvdhMYdqGU8oNIHP G35chCQExhS2009Wfu49HYAoda8wSHvCi/Jd4NCC0=
From: "Douglas E. Foster" <fosterd@bayviewphysicians.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Date: Fri, 20 Nov 2020 06:57:20 -0500
X-ASG-Orig-Subj: Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc-psd: Definition of NP
Reply-To: fosterd@bayviewphysicians.com
Message-ID: <f3b54fdb25b24549a40105c6e4a31c6c@bayviewphysicians.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="57129732e30a4267b81501dd0b27b450"
In-Reply-To: <553D43C8D961C14BB27C614AC48FC03128116528@UMECHPA7D.easf.csd.disa.mil>
References: <553D43C8D961C14BB27C614AC48FC03128116494@UMECHPA7D.easf.csd.disa.mil> <20201120040420.B3F4727A02FB@ary.qy> <553D43C8D961C14BB27C614AC48FC03128116528@UMECHPA7D.easf.csd.disa.mil>
X-Exim-Id: f3b54fdb25b24549a40105c6e4a31c6c
X-Barracuda-Connect: webmail.bayviewphysicians.com[192.168.1.49]
X-Barracuda-Start-Time: 1605873447
X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384
X-Barracuda-URL: https://mail.bayviewphysicians.com:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at bayviewphysicians.com
X-Barracuda-Scan-Msg-Size: 13875
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.85999 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/UX0ZCyqVhG7IenjhUaflJuIwOG8>
Subject: Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc-psd: Definition of NP
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Nov 2020 11:57:31 -0000

I fear that I muddied the waters by asking about the RFC5321.MailFrom address.   Let's return to the main issue of the RFC5322.From address which DMARC protects.

This is not an edge case.   If spam filters were already blocking messages with RFC5322.From addresses with non-existent domains, we would not be having this discussion.

The RFC5322.From address can be very ethereal.   Consider the following situation:

The marketing department of Example.com hires a mass mailer to do a campaign from marketing@ChristmasSale.Example.com.   
ChristmasSale.Example.Com does not currently exist.
The email service provider does its due diligence during account setup:

- The client has sent email communication from example.com and account paperwork for the same organization.   I have the client identified correctly,.
- The client has no DMARC policy on Christmas.Example.com, and an organization or PSD DMARC policy of SP=none, so I do not need to acquire a DKIM signing key.
- But the organization or PSD policy does specify NP, so I need the client to prove that ChristmasSale.Example.Com exists.

Requiring the client to create a bogus host record with a bogus IP address makes no sense, and is likely to be rejected by the client DNS administrator.

Requiring the client to create a name server record to prove domain existence does make sense, and should be easily approved and implemented by the client DNS administrator.

Ergo, defining the NP policy based on A, AAAA, and MX is not appropriate.

Doug Foster

----------------------------------------

From: eric.b.chudow.civ=40mail.mil@dmarc.ietf.org
Sent: 11/20/20 6:30 AM
To: 'John Levine' <johnl@taugh.com>, "'dmarc@ietf.org'" <dmarc@ietf.org>
Subject: Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc-psd: Definition of NP

Thank you, John. I agree that it's an edge case and not worth addressing separately.

Eric Chudow
DoD Cybersecurity Mitigations

-----Original Message-----
From: John Levine <johnl@taugh.com>
Sent: Thursday, November 19, 2020 11:04 PM
To: dmarc@ietf.org
Cc: Chudow, Eric B CIV NSA DSAW (USA) <eric.b.chudow.civ@mail.mil>
Subject: Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc-psd: Definition of NP

In article <553D43C8D961C14BB27C614AC48FC03128116494@UMECHPA7D.easf.csd.disa.mil> you write:
>Section 2.7. defines a non-existent domain as "a domain for which there
>is an NXDOMAIN or NODATA response for A, AAAA, and MX records. This is
>a broader definition than that in NXDOMAIN [RFC8020]." This should be sufficient for determining that the domain is not intended to be used and therefore could have a more stringent policy applied.
>
>The idea of looking for a "mail-enabled domain" based on if an "MX record exists or SPF policy exists" is interesting.
>Although there may be domains that send email but not receive email and so may not have an MX record.

These days I think you will find that if the domains in your bounce address and your From: headers don't have an MX or A record, very few recipients will accept your mail. This seems like an edge case. In practice I find that the domains caught by the Org domain or I suppose PSD have A records but no mail server because they're actually web hosts rather than mail hosts.

We have the Null MX to indicate that a domain receives no mail and SPF plain -all to indicate that it sends no mail so I hope we don't try to reinvent these particular wheels.

R's,
John

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email