Re: [dmarc-ietf] Nonexistent Domain Policy was: Re: Working Group Last Call: draft-ietf-dmarc-psd

Alessandro Vesely <> Sun, 21 July 2019 18:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DDB9E120165 for <>; Sun, 21 Jul 2019 11:01:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1152-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RZisUq_hP5ab for <>; Sun, 21 Jul 2019 11:01:08 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 33FE412015F for <>; Sun, 21 Jul 2019 11:01:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=delta; t=1563732065; bh=N2ooXE3O2U0lMqaPelTweF+AbiQvGNjFW9GeLAH1jUw=; l=2184; h=To:References:From:Date:In-Reply-To; b=A/hxfR8SB/GFQa/7UJFmIC3ECMm91M+ZqdF44ysFvVWpllZHYsA1Uw+iqfOW9dKzp sXE/1BM49eM0ReUp3w4HSoC6hbz5Ns5fd7ZoqT3vAoOICuuvxYDM0878GpUBpWsHt9 s+qtEIPM74QkEhSbcUTZMEDDsBlC9obIgN1VJilVyqA/WG9F5k9Tx80HYAggc
Authentication-Results:; auth=pass (details omitted)
Received: from [] (pcale.tana []) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by with ESMTPA id 00000000005DC07B.000000005D34A861.0000666B; Sun, 21 Jul 2019 20:01:05 +0200
References: <> <1808303.aIhlromXIS@l5580> <> <1692123.ljdY5SVR4M@l5580> <> <> <> <>
From: Alessandro Vesely <>
Openpgp: id=0A5B4BB141A53F7F55FC8CBCB6ACF44490D17C00
Message-ID: <>
Date: Sun, 21 Jul 2019 20:01:05 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=us-ascii
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [dmarc-ietf] Nonexistent Domain Policy was: Re: Working Group Last Call: draft-ietf-dmarc-psd
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 21 Jul 2019 18:01:10 -0000

On Sun 21/Jul/2019 18:53:35 +0200 Scott Kitterman wrote:
>>> Keep in mind that senders do send from what we call non-existent domains for
>>> reasons that seem good and sufficient to them.  Let's take that as a fact,
>>> whether it makes sense to us or not.
>> Fair enough.  Let me quote the current spec:
>> A.4.  Domain Existence Test
>>   A common practice among MTA operators, and indeed one documented in
>>   [ADSP], is a test to determine domain existence prior to any more
>>   expensive processing.  This is typically done by querying the DNS for
>>   MX, A, or AAAA resource records for the name being evaluated and
>>   assuming that the domain is nonexistent if it could be determined
>>   that no such records were published for that domain name.
>>   The original pre-standardization version of this protocol included a
>>   mandatory check of this nature.  It was ultimately removed, as the
>>   method's error rate was too high without substantial manual tuning
>>   and heuristic work.  There are indeed use cases this work needs to
>>   address where such a method would return a negative result about a
>>   domain for which reporting is desired, such as a registered domain
>>   name that never sends legitimate mail and thus has none of these
>>   records present in the DNS.
> Yes, but that was for a different use case.  It was , AIUI, considered that
> reporting could be skipped on such 'non-existant' domains, but that proved
> problematic since such domains as these are used in mail.

Wasn't it for rejecting non-existent domains?  That is, IIRC, <sciencefiction>
as if there were a root DMARC record (_dmarc.) with np=reject.</sciencefiction>

> 'np' doesn't have the same issue.  It uses non-existence in a positive (do
> some processing) not a negative sense (reporting can be skipped for these),
> so the problems described in that paragraph are not only not relevant, the
> paragraph supports the case for 'np'.

Uh?  (I don't understand your parenthesized phrase...)

At any rate, the first paragraph gives a definition of non-existence equal to
the one we've been discussing these days, doesn't it?