Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs
Neil Anuskiewicz <neil@marmot-tech.com> Sat, 16 March 2024 04:13 UTC
Return-Path: <neil@marmot-tech.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 144E9C14F68E for <dmarc@ietfa.amsl.com>; Fri, 15 Mar 2024 21:13:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.094
X-Spam-Level:
X-Spam-Status: No, score=-7.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=marmot-tech.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ceWsJBAXXpDL for <dmarc@ietfa.amsl.com>; Fri, 15 Mar 2024 21:12:56 -0700 (PDT)
Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C164C14F60E for <dmarc@ietf.org>; Fri, 15 Mar 2024 21:12:56 -0700 (PDT)
Received: by mail-pf1-x42f.google.com with SMTP id d2e1a72fcca58-6e6f4ad4c57so1551114b3a.2 for <dmarc@ietf.org>; Fri, 15 Mar 2024 21:12:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marmot-tech.com; s=google1; t=1710562375; x=1711167175; darn=ietf.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=Pt6tDD9RmZ/JI8DP4Huz6HqDCls8P40ucIVRpK2Me28=; b=DyeOiBVgLy2ZeMt/M8GxpGsjuyouPIf7KlBxLxgpUx1+7JjJTJkiIWbo6XeYI+H3W9 iEY0eSes5W6McZoN9ZKY1xPar1mfYN1FM/a/WzP6lDi5ETmuafnjBQZW9ZqxhQnhvnCF 6NGk0sFJAP4S1LzZmFS24tHWq38Hl76qguGL9PI6KwuAWTkquC/jhHo/+OlohIf3hprX Jw8JB5UAOPPC+bBox/0JJMpztgRGaUHqpI4SnD6i009kLzLABjoYu3CWYH0DVxUDVAaH 5urp+ujJLj5R0Wqm7PzK1xmAd4cgIrkIKTROxl2EJuBTGh8hylPmkueSGv/Mlr88rb/5 Q5rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710562375; x=1711167175; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Pt6tDD9RmZ/JI8DP4Huz6HqDCls8P40ucIVRpK2Me28=; b=AiwDUw5GNzwnQFigDEcJiTwKFjQkGjR9VzIKFf0Kv6poK8DasxpXyd9RUmR0ffasnl rAk3l0DQZv74iUC+rnwEd5BQcXClSUNtPoVnuaWPrHmbC/clJmAkm08kgGrlOM/TX0BB Pi/BBKCxhs1u2gcCRo+eFHy+LNIwKxwNWRzcDhKHH3TqzPI5ILm8ZJIQXYL/yh2NpvL0 6UKY1eeQ3Um9Dhei9tlYndwOUJuSCpgQyairLKaHZtbhShGyMw6p1hEkBVcPv0pczyF/ uW9wzY7fjAE8cw9kb4eLsje0CcZ6N9LQJcLwrUpUviW7vET+U6R7CtFpy4Df5yhiYuaG e23Q==
X-Gm-Message-State: AOJu0YxhA6JG8Zz7KQgU8VufuiPJCXogA+zxLBQwg1eBdZxz5aqK0aD8 QI1ll2+kmZBcoVOWKj+ihrpgNVfs5K0g5o8HlJzMP1thvoQ4Ti2JARYO5ufRODuQzuA3EtcVCbY e
X-Google-Smtp-Source: AGHT+IHVL/5ynRt3dWFmNvdOu6MC08Z4TlAluOaYG0IaV7vELSAfkdFXFY1Q2mrvS4K7RbU2ekpZ7w==
X-Received: by 2002:a05:6a20:244e:b0:1a3:5541:c106 with SMTP id t14-20020a056a20244e00b001a35541c106mr1496050pzc.26.1710562374781; Fri, 15 Mar 2024 21:12:54 -0700 (PDT)
Received: from smtpclient.apple (c-71-236-242-106.hsd1.or.comcast.net. [71.236.242.106]) by smtp.gmail.com with ESMTPSA id i189-20020a62c1c6000000b006e66a76d877sm4313848pfg.153.2024.03.15.21.12.54 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 15 Mar 2024 21:12:54 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Neil Anuskiewicz <neil@marmot-tech.com>
Mime-Version: 1.0 (1.0)
Date: Fri, 15 Mar 2024 21:12:43 -0700
Message-Id: <BD0CBC93-E7F2-472B-9F9F-5B48CE8F2F7A@marmot-tech.com>
References: <5dba40ce-98f1-4981-aa42-81b20272b004@tana.it>
Cc: dmarc@ietf.org
In-Reply-To: <5dba40ce-98f1-4981-aa42-81b20272b004@tana.it>
To: Alessandro Vesely <vesely@tana.it>
X-Mailer: iPad Mail (21E219)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/UcE8R8TXNroCXqVnV313RkeovFM>
Subject: Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Mar 2024 04:13:00 -0000
> On Mar 15, 2024, at 9:40 AM, Alessandro Vesely <vesely@tana.it> wrote: > > On Fri 15/Mar/2024 02:34:15 +0100 Murray S. Kucherawy wrote: >>> On Fri, Mar 15, 2024 at 9:11 AM John Levine <johnl@taugh.com> wrote: >>> It appears that Todd Herr <todd.herr@valimail.com> said: >>> >I agree that clarifying it can't hurt, obviously, ... >>> >>> I disagree, it does hurt. >>> >>> If we say you're allowed to use CNAMEs to point to DMARC records, >>> people are to say uh oh, is there something special here? What about >>> DKIM records? what about SPF records? how about SPF includes? or SPF >>> redirects? >>> >>> Really, there is nothing to say here, so let's not say it. >>> >> +1, I don't understand what needs to be clarified here. If I ask for a TXT >> record at a given name, I expect to get one back (or a non-success code). >> It really doesn't matter to DMARC whether that process traversed a CNAME >> record in the process. (Or if it does matter, I've yet to see a reason >> why.) > > > +1, people who know DNS can derive the possibility to use CNAME on their own. Those who don't are better off not trying it. It’s mostly ESP’s with large customer bases that ask for CNAMES, providing them with scalability, and the ability to rotate keys. It’s the appropriate choice in some contexts. Why is this a concern of the WG? Neil
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Scott Kitterman
- [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Reco… Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Tim Wicinski
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Tim Wicinski
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … John Levine
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Murray S. Kucherawy
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … OLIVIER HUREAU
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Alessandro Vesely
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Neil Anuskiewicz
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Tero Kivinen
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Neil Anuskiewicz
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … John Levine