Re: [dmarc-ietf] NXDOMAIN
Douglas Foster <dougfoster.emailstandards@gmail.com> Thu, 08 April 2021 20:49 UTC
Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 550D53A1CB9 for <dmarc@ietfa.amsl.com>; Thu, 8 Apr 2021 13:49:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.075
X-Spam-Level:
X-Spam-Status: No, score=-1.075 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fJQWjOuF9IzA for <dmarc@ietfa.amsl.com>; Thu, 8 Apr 2021 13:49:39 -0700 (PDT)
Received: from mail-ua1-x934.google.com (mail-ua1-x934.google.com [IPv6:2607:f8b0:4864:20::934]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C7F83A1C73 for <dmarc@ietf.org>; Thu, 8 Apr 2021 13:49:38 -0700 (PDT)
Received: by mail-ua1-x934.google.com with SMTP id u11so1148833uaw.2 for <dmarc@ietf.org>; Thu, 08 Apr 2021 13:49:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:cc; bh=HpH4B/9c36rCY+fbBgdCz8ERlCvuPK3oWt94ic21PN4=; b=IHQhfUa6eVDNaYCe2skvLp7aQBE5du0/P5sn2b3GacmScYI5vHLuX8xdRxc1I8UD+S pPdDFMFgaW0ntI2/1LGDvU9Sx377i3NOcUqls9eKNRDIElwNk/RewesCgVwMB9AtbKlm vPpsENQxpVSQW14Jku/er+ZJ5cK7XKcbIHFGGd6mR+lXHCFvx1SLe0zQTD5AODauIQuY /Ftny+wkQrMe9bJjS3YxM1TGDQ1kLCN110avPACezCTQ+HqnTgBrey8Tv/XUONG49hWQ 4x73noIatD94OLGHhfdwGIjgaECkvrj36W25ICs74IvTZsIhLpK/nj/9RIuSmrCrbyY7 jxvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:cc; bh=HpH4B/9c36rCY+fbBgdCz8ERlCvuPK3oWt94ic21PN4=; b=DL08ygszLO/GqaLieKBovobxhcw1YGZH+z6RVGzr25ZYI+ODZSwtn69oD3g8G3eChG WrPJg3jEMCiiMlYrQC+70TGvzrPpki/toEbug50rP/023GwOMbpZL+EG++wTl2vunVt5 5hPeOqHOxAUmKB637tGDHs2TGy6vvsWhABV5Sr/PPlZRFf+Y3ECAKu6hVQwdg6EnIcgQ QQoutGY7kYnmoUdcif4oMBm/erIpKQlDHmQslpEairXnpqauzChvqSM2ZPqWeli3Dstm Cxh9Cvb7TPfQvMN/mdhfJO6FW8p0dtfPpOMnl99KUM999ed+dGX8FqQ6FOOBR5859Ctz tW6g==
X-Gm-Message-State: AOAM533zVhAJWIydcrVBf2yfbZihT0iZJevNFLPyBYH7Zq2V87nzMVwY Nyo23OSzbYJAhCWVJ4PSVKACVW74v3JqyGIylVGyVChP5ko=
X-Google-Smtp-Source: ABdhPJxoscf3oqDo8JYsQwdTK2Lq18QCRRTvSjtr1QwZ236EptT0sDfj/cgOUCIKed0Z77/ER541/JM3CtXSSC+rYqM=
X-Received: by 2002:a9f:2069:: with SMTP id 96mr8987164uam.110.1617914977131; Thu, 08 Apr 2021 13:49:37 -0700 (PDT)
MIME-Version: 1.0
References: <CAL0qLwYr+w1hjV3Wez6xd96OmmXjYU3D=-4+2qfCxkQ5TVA+Ww@mail.gmail.com> <20210408182948.5E4AF7282ACE@ary.qy>
In-Reply-To: <20210408182948.5E4AF7282ACE@ary.qy>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Thu, 08 Apr 2021 16:49:26 -0400
Message-ID: <CAH48ZfxM5DgDds1-wHiXMSfSAoT3+rSL_L4wbADtLz=JQ9QU=w@mail.gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007d1f9d05bf7c2ff8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Vr4taec3NJ8M5hgYq4Mu10wqSfE>
Subject: Re: [dmarc-ietf] NXDOMAIN
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2021 20:49:51 -0000
DNS Examples that Murray requested, which should also addresses John's question about relevance to DMARC: nslookup > set type=txt > _dmarc.junk.thisisjunk.com *** <server> can't find _dmarc.junk.thisisjunk.com: Non-existent domain Domain has no DMARC policy. Is this because it chose not to deploy one, or because it does not exist? That answer requires a second query. > junk.credcontrol.com *** <server> can't find junk.credcontrol.com: Non-existent domain The TXT query demonstrates that this is a non-existent domain, and therefore not under the full administrative control of any parent domain. The message is DMARC NOT_VERIFIED even if domain alignment occurs with a DKIM signature or SPF PASS. Since there is no domain-level policy record, disposition depends on local policy related to non-existent domains and this particular domain name. The organizational policy record may be useful if its requested action is more stringent than the local policy default action for non-existent domains. > junk.thisisjunk.com *** <server> can't find junk.thisisjunk.com: Non-existent domain Domain has no DMARC policy. Is this because it chose not to deploy one, or because it does not exist? That answer requires a second query. >thisisjunk.com primary name server = ns1.dreamhost.com responsible mail addr = hostmaster.dreamhost.com serial = 2018071003 refresh = 19193 (5 hours 19 mins 53 secs) retry = 1800 (30 mins) expire = 1814400 (21 days) default TTL = 14400 (4 hours) The TXT query demonstrates that the domain exists. This is true whether the result returns data or NODATA, and in this case the result is NODATA. The message can be DMARC-verified using domain alignment to a DKIM Signature or SPF PASS. Doug Foster On Thu, Apr 8, 2021 at 2:30 PM John Levine <johnl@taugh.com> wrote: > It appears that Murray S. Kucherawy <superuser@gmail.com> said: > >-=-=-=-=-=- > > > >On Thu, Apr 8, 2021 at 9:50 AM Douglas Foster < > >dougfoster.emailstandards@gmail.com> wrote: > > > >> Why is it problematic to document this risk, and indicate that when "No > >> Policy detected" occurs, it is recommended to check whether the domain > >> exists, and if it does not exist then local policy for nonexistent > domains > >> should be applied? > >> > > > >Can you put together an example message exhibiting the properties you're > >talking about, and what DNS records are in play in that scenario? > > > >I still can't picture the problem you're trying to solve. > > My question would be what does it have to do with DMARC. > > We already have policies for dealing with non-existent domains unrelated > to DMARC. > > R's, > John > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- Re: [dmarc-ietf] NXDOMAIN John Levine
- [dmarc-ietf] NXDOMAIN Douglas Foster
- Re: [dmarc-ietf] NXDOMAIN Todd Herr
- Re: [dmarc-ietf] NXDOMAIN Tim Wicinski
- Re: [dmarc-ietf] NXDOMAIN Grant Taylor
- Re: [dmarc-ietf] NXDOMAIN Todd Herr
- Re: [dmarc-ietf] NXDOMAIN Douglas Foster
- Re: [dmarc-ietf] NXDOMAIN Murray S. Kucherawy
- Re: [dmarc-ietf] NXDOMAIN Murray S. Kucherawy
- Re: [dmarc-ietf] NXDOMAIN Grant Taylor
- Re: [dmarc-ietf] NXDOMAIN Laura Atkins
- Re: [dmarc-ietf] NXDOMAIN Douglas Foster
- Re: [dmarc-ietf] NXDOMAIN Murray S. Kucherawy
- Re: [dmarc-ietf] NXDOMAIN Douglas Foster
- Re: [dmarc-ietf] NXDOMAIN Todd Herr
- Re: [dmarc-ietf] NXDOMAIN Murray S. Kucherawy
- Re: [dmarc-ietf] NXDOMAIN Douglas Foster
- Re: [dmarc-ietf] NXDOMAIN Kurt Andersen (b)
- Re: [dmarc-ietf] NXDOMAIN John Levine
- Re: [dmarc-ietf] NXDOMAIN Douglas Foster
- Re: [dmarc-ietf] NXDOMAIN Murray S. Kucherawy
- Re: [dmarc-ietf] NXDOMAIN John Levine
- Re: [dmarc-ietf] NXDOMAIN Jan Bouwhuis (DMARC)
- Re: [dmarc-ietf] NXDOMAIN Douglas Foster
- Re: [dmarc-ietf] NXDOMAIN Todd Herr
- Re: [dmarc-ietf] NXDOMAIN Douglas Foster
- Re: [dmarc-ietf] NXDOMAIN Todd Herr
- Re: [dmarc-ietf] NXDOMAIN Douglas Foster