Re: [dmarc-ietf] Ticket #111 - MX/A/AAAA test needs justification

"Murray S. Kucherawy" <superuser@gmail.com> Fri, 07 May 2021 21:25 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E1483A33AD for <dmarc@ietfa.amsl.com>; Fri, 7 May 2021 14:25:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Vh6CUIkSzwq for <dmarc@ietfa.amsl.com>; Fri, 7 May 2021 14:25:03 -0700 (PDT)
Received: from mail-ua1-x935.google.com (mail-ua1-x935.google.com [IPv6:2607:f8b0:4864:20::935]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 822ED3A33A7 for <dmarc@ietf.org>; Fri, 7 May 2021 14:25:03 -0700 (PDT)
Received: by mail-ua1-x935.google.com with SMTP id 33so3263023uaa.7 for <dmarc@ietf.org>; Fri, 07 May 2021 14:25:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=v9T+X4jJxKlvCupgbChU5706ybJspE1ZRd3v6j2TMPc=; b=fZFO5JUvbfx6+qKUpk7XtECiHKfNYUGw8bv1NJXLYJc5KY/U2NIbgp0UJhrRuL7ulv GEM6qD8460mmggV22S5MpBxoiMNMcd07ZB9oBQOaiu3xeBLuoNMUSioA0wj2Z7NsCra8 TzP5GIoYbwzIRzgyn4QCU729dWuGfYwCAvaI9DWrMfDUyXwmZna7r75kiCo7p60vM/sb FK6L0pPlo8VY1rXWU76uh3g4B1a++gaF1o2eOS+i/yOS8PV/QA/Fh3C1xLs8ox5v1oQB RyOAoLmCWY3hz41fEmh7KWc+xRpGWPCQXrNY4LmdYwrZda9GsbQe1jQwEf6B8ehvOJyI +mFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=v9T+X4jJxKlvCupgbChU5706ybJspE1ZRd3v6j2TMPc=; b=at8E5tPNQhp2VqoGQ4WDFW7noO1x9rZDwxghufjNxgaeUJqxCLtz9PVSqLi8gC2XSc TIRyuQ0dq7BfKW3ZDn2VorhU19PRhFB1m8PbTiz6SWIEpxCxyBN4OFSIE5g3yPNCVr6W DMI2Qpv+KTyKIyO+Uhd1CMy0PapsU8ePryXvy41HFHbikSTGxfwejHFuBw801T/DZH3H kQaOwf10FObGz+B2I8LYrI0fUxsUaZB3S1f0lUsvI1wakUsKxv+IseN0QsilYFNCtUEh FtcZPKf1DgB91vAxKNRA6zu9oPjRT6H/15SNY6QxnYLXBGv2lJqHNYkP5C5u3uWCI/BV QWew==
X-Gm-Message-State: AOAM531acJjfgut6AW3Mrp9fuE4flC9YpoSInWpgNEtWiyBaKI3cZuAs vPvvV0FCDIkalVfe2mFW/VIsCM0Ox08pnrLeZqY=
X-Google-Smtp-Source: ABdhPJyW8RwJ29HUYJi0mE/PmQ+UbVaAg6+OpWfI+CZ2XwFzktTD6BruJX1pNIbrmJ2o3dvjyvE7cbwp4Aazw57g6Yo=
X-Received: by 2002:ab0:2659:: with SMTP id q25mr11734067uao.47.1620422701452; Fri, 07 May 2021 14:25:01 -0700 (PDT)
MIME-Version: 1.0
References: <CAH48Zfw36HJ0C4owJXPowgVqwZ5eLxSwibQ6ANzryZDKO0B6dw@mail.gmail.com> <3f70ef7c-d506-d799-2cb0-d836f47bc3d3@wizmail.org> <CAH48ZfxfMm12bkq8TfcXJpGNh0C_aLi28bLJHStx7MUXzxeF9w@mail.gmail.com> <CAL0qLwb3YKr1cYgpBmS28rXGJZ-oyENLSAXhKhN8QHxjP0Qzgw@mail.gmail.com> <CAH48ZfztKxsiCj5B5MGt8BXD4DE8wUYwkYPJONSdx4KObotCAw@mail.gmail.com>
In-Reply-To: <CAH48ZfztKxsiCj5B5MGt8BXD4DE8wUYwkYPJONSdx4KObotCAw@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Fri, 7 May 2021 14:24:50 -0700
Message-ID: <CAL0qLwZ6YnzHOmSPYiz9hNQQGpLx1jrB0y0N7UDPomcWs2OQWQ@mail.gmail.com>
To: Douglas Foster <dougfoster.emailstandards@gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000081908105c1c40fb9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/V4VmPfCaPyvu9XfXlSRWViQT73o>
Subject: Re: [dmarc-ietf] Ticket #111 - MX/A/AAAA test needs justification
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2021 21:25:06 -0000

On Fri, May 7, 2021 at 1:03 PM Douglas Foster <
dougfoster.emailstandards@gmail.com> wrote:

> *The existence / non-existence test:*
>
> Given an identifier which is presumed to be a DNS domain name, perfrom a
> DNS lookup based on that name.
> The query may:
> [...]
> - return results using data from a parent domain
>

Can you give an example?  Otherwise I don't know what distinction you're
trying to make.

Is there a query or collection of queries that can ensure that we only
> accept results from the identifier domain and not from the parent?
>

I don't understand.  In the "answer" portion of a DNS record, you either
get what you asked for (or something matching it like a wildcard), or you
don't.  Anything else you might get is "glue" data, which as I recall is
easy to identify and exclude.


> *Wildcard DNS:*
>
> Wildcard entries create intentional ambiguity.   How do we suggest that
> wildcard results should be factored into the evaluation?
>

You can't, as far as I know.  That's the nature of wildcard records.

*The mail-enabled test:*
>
> Once existence / non-existence is determined, is it desirable to test for
> "mail enabled"?
>

It may be, but it's historically an expensive test with false negatives, as
far as I recall from my time working on mailing list software.  Those sorts
of probes get you into block lists if you do them a lot.

If so, what role should parent-domain results play in answering this
> question?
> If "Mail Enabled" is relevant, why is the existence of an SPF policy
> irrelevant?
>

I don't understand the purpose of the latter question.

-MSK