[dmarc-ietf] Are Evaluators motivated to switch to Tree Walk?
Douglas Foster <dougfoster.emailstandards@gmail.com> Sat, 18 June 2022 12:42 UTC
Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28978C15D863 for <dmarc@ietfa.amsl.com>; Sat, 18 Jun 2022 05:42:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kYknzuP3o48n for <dmarc@ietfa.amsl.com>; Sat, 18 Jun 2022 05:42:35 -0700 (PDT)
Received: from mail-oa1-x2e.google.com (mail-oa1-x2e.google.com [IPv6:2001:4860:4864:20::2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AD0FC15BE7E for <dmarc@ietf.org>; Sat, 18 Jun 2022 05:42:35 -0700 (PDT)
Received: by mail-oa1-x2e.google.com with SMTP id 586e51a60fabf-101cdfddfacso505208fac.7 for <dmarc@ietf.org>; Sat, 18 Jun 2022 05:42:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=3fs1eeHYjDMp1Rg+OgImONyplFkiXAKtd+DBn1HK1JY=; b=JS8kX0JpndTZtfdb5QS8SAI5+w6jzasehJEZsE43SYs/0GcB8KlCIGHfTbkjTmbqFs g0ukqGV89licmLZ0Gxg7EwuSDE9RGQbpj1FESjIC2CIze3Qeu1GegS6jh8LABljPMkUi TDB0KJ4tKjaDwMXa+6Gtrm5FY3qbnGfJK3xqkOsjX2w5iKaftVMZmHprMH5bas1422ux +rOkp7YAeFHbrXUlqbdLoSu8YQrTGwvQN0qUlng5rv0mefy9/vv2ToeMYPcUeAuYZm7r RRV1HwfLvKIyy9SEBsZNRtQ9vYdif3/LfrgMtvEXIvWBkiyh2NnCmlmcjx8hvBZ+BDf9 cPWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=3fs1eeHYjDMp1Rg+OgImONyplFkiXAKtd+DBn1HK1JY=; b=tvWunskvUJ9+ZZMB0GQNziZAhZNdOX3lp9mGoWgeCN+26GH4SO+1zY9bPTnDTJtU4J S6CS8kzIIGzFYNLpMlZbyzQ9H13JFeUu+Sxfcd9YNk8D1obQDG9dg1JA/K9M5FvmuFny IVpK8lnKwUKUN47KYp2ADQI+48fFGww+Gckub/2IUxve1y81f7FmSsDvS2ZPubAzBxgb w+mNQ5Zl6zHnVtYtpFEqZxVm3mwqpXwzLkBJ282xpEZhGdd9qpBrTNe5K09KPfrwP6HB D7obDGQoEP7hbr58igPZJ0wJu/OSuNhPFbamAN9t06mhTJDOdseFtqoUpPsuo3O2ZNYZ E+qQ==
X-Gm-Message-State: AJIora/oVAcHGBtHsMGZNHme7K3XJFlGgRu9c/YmSk9jwxWA9f7D7Ay4 OYqUPj1IPg7x0SRKKspU9XO4dSFvUkyOurnMH1X1EJC2xZA=
X-Google-Smtp-Source: AGRyM1uBkeT6d1vo6MrdkT3ibStM/RY92lsMTvqoomnJc8P2TgFbK9mvSNYStnqoQ4TvGQYOXuLc077OEshI8T7iaow=
X-Received: by 2002:a05:6870:e2d4:b0:101:be60:fdd1 with SMTP id w20-20020a056870e2d400b00101be60fdd1mr2420924oad.51.1655556153396; Sat, 18 Jun 2022 05:42:33 -0700 (PDT)
MIME-Version: 1.0
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Sat, 18 Jun 2022 08:42:23 -0400
Message-ID: <CAH48ZfzxqiPQMdRA5SNZOJA2Sd9GsL5dsGdK4aYCHBY4sNmL_Q@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006dd16c05e1b8345f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/VjzAJRFMOH_rF914vP0NlyqDZ9A>
Subject: [dmarc-ietf] Are Evaluators motivated to switch to Tree Walk?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jun 2022 12:42:36 -0000
Let's talk through the selling process for the Tree Walk algorithm. Who are our Stakeholders? There are three main stakeholder groups for DMARC: Senders, Intermediaries, and Evaluators. Senders and Intermediaries just want to ensure their messages get delivered. Evaluators have the much more difficult job of ensuring that wanted messages get delivered and unwanted messages get blocked. Who has to make an effort to implement Tree Walk? If we are to switch from "RFC7489 with PSL" to "DMARCbis with Tree Walk", with no change in DMARC policy, then only Evaluators are involved in the switchover. Senders won't even know if the changeover has happened unless we add something to the reporting definition. Are Evaluators Dissatisfied with the PSL? I accept that a small subset of Senders have been inconvenienced by problems with the PSL, and they would like to see a change. But they do not have responsibility for the change. Do we have evidence that Evaluators have significant dissatisfaction with the PSL? We need to know whether we are asking Evaluators to change for their own good, or change for the good of others. Charity is nice, but it is not a strong motivator for what we are requesting. The odd nature of the PSL leaves me skeptical that widespread dissatisfaction exists among Evaluators. It is not a DNS lookup, and therefore everybody has their own list. If an Evaluator finds a PSL error, it will be a quick administrative move to disable a problem entry or add a missing entry. Of course, a master list of these edits needs to be maintained so that it can be reapplied on each refresh, but the process is essentially a one-time effort. Even if the PSL website goes away forever, the Evaluator has his personalized copy available for use, which can be maintained locally, forever. For PSL overrides to become a burning issue with Evaluators, given all their other problems, the problems would need to come at a pretty high rate, not less than multiple times per month. Is that really happening? Do we have any information on this question? But aren't Evaluators also Senders? An argument can be made that most participants play a role as both Sender and Receiver, so it is silly to treat Sender motivation and Evaluator as two different things. But the argument cuts both ways. We are currently reluctant to ask Senders to add content to their DMARC policies, because there are so many of them. But we seem unconcerned about asking Evaluators to redesign their filtering strategy, even though there are equally many of them. And most Senders will not be unhappy with the PSL, just those who have been burned by mistakes. Does Tree Walk free Evaluators from use of the PSL? This question moves into the larger space of how DMARC should fit into an overall filtering strategy. A competent Evaluator has good reason to continue using the PSL even if the Tree Walk is adopted. Consider a message fitting these assumptions: - The From domain address which contains several segments. - The SMTP and Server identity analyses not been definitive, so that the source filtering decision depends on the From name itself. - The Tree Walk finds no DMARC policies. - A lookup on the domain name itself returns NXDOMAIN. We have learned that legitimate messages will sometimes use non-existent subdomains of their parent organization, so NXDOMAIN by itself is not determinative. The Evaluator will want to know if this is a PSD domain, an organizational domain, or an organizational subdomain. The he will want to know if the organization exists. What tests are available? - The TLD can be checked against the IANA list to see if it exists, but this test becomes redundant if the next test is used - The PSD can be determined by checking the PSL, to see if the PSD exists in the list. If the From domain matches a PSD, the Evaluator will want to consider whether he believes the PSD itself is being impersonated. - The PSD+1 can be queried to see if it produces NXDOMAIN - The DMARC algorithm can be used to determine if the message produces PASS with Strict Alignment, PASS with relaxed alignment, or FAIL because of no alignment. Imputing relaxed alignment for this situation will depend on a PSL lookup. Based on these tests, an Evaluator has good reason to continue maintaining and using his copy of the PSL on a permanent basis. Switching to the Tree Walk does not reduce his administrative effort. In sum, why should an Evaluator make the switch? Doug
- [dmarc-ietf] Are Evaluators motivated to switch t… Douglas Foster
- Re: [dmarc-ietf] Are Evaluators motivated to swit… Scott Kitterman
- Re: [dmarc-ietf] Are Evaluators motivated to swit… Murray S. Kucherawy
- Re: [dmarc-ietf] Are Evaluators motivated to swit… Scott Kitterman
- Re: [dmarc-ietf] Are Evaluators motivated to swit… Murray S. Kucherawy
- Re: [dmarc-ietf] Are Evaluators motivated to swit… Scott Kitterman
- Re: [dmarc-ietf] Are Evaluators motivated to swit… John Levine
- Re: [dmarc-ietf] Are Evaluators motivated to swit… Murray S. Kucherawy
- Re: [dmarc-ietf] Are Evaluators motivated to swit… John R Levine
- Re: [dmarc-ietf] Are Evaluators motivated to swit… Alessandro Vesely
- Re: [dmarc-ietf] Are Evaluators motivated to swit… Alessandro Vesely
- Re: [dmarc-ietf] Are Evaluators motivated to swit… Douglas Foster
- Re: [dmarc-ietf] Are Evaluators motivated to swit… Scott Kitterman