IETF Logo Mail Archive

Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs

Mark Alley <mark.alley@tekmarc.com> Thu, 14 March 2024 20:42 UTC

Return-Path: <mark.alley@tekmarc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FB55C14F6A2 for <dmarc@ietfa.amsl.com>; Thu, 14 Mar 2024 13:42:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=tekmarc.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RK84dTySCzn2 for <dmarc@ietfa.amsl.com>; Thu, 14 Mar 2024 13:42:50 -0700 (PDT)
Received: from mail-yw1-x1136.google.com (mail-yw1-x1136.google.com [IPv6:2607:f8b0:4864:20::1136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 244CEC14F748 for <dmarc@ietf.org>; Thu, 14 Mar 2024 13:42:50 -0700 (PDT)
Received: by mail-yw1-x1136.google.com with SMTP id 00721157ae682-609408d4b31so14522287b3.0 for <dmarc@ietf.org>; Thu, 14 Mar 2024 13:42:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tekmarc.com; s=google; t=1710448968; x=1711053768; darn=ietf.org; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:from:to:cc:subject:date:message-id :reply-to; bh=qnWSaqx0T8rMQeFr/HUaH5pdqLlJl3z8O+rDm6WI8xA=; b=FE+Ucx4PbGlN88N1eDTDxcEq+p93FgR5Tl0AoILCgHZY3pBXREywRRjSFEBhSTW+3h URa7/xsAYi9Rk8HNJZARSW2suqdXWc8/Q15nPYbqJy1PQbT3w+QdV6j1ErGOpHiyVdTf lAnBFDLhTW/y8x9Px0BPmV6mLetWoy+OVjANvZBEBSBxaWWvzA/AMm769Mrm9PaRpGNV ix6I9fu4pgNTFg03TVbMMefazldx8RfLOr3U27BEVsGtT1kO9sL6ZaquytITfBHUMwks 3b7XvUA2wQFP/bv55Do564obQyHMfo2OXzbt9hDyrQCE5pHhTXekjqE97JlnDi4fLjoI 4vJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710448968; x=1711053768; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=qnWSaqx0T8rMQeFr/HUaH5pdqLlJl3z8O+rDm6WI8xA=; b=uOOnrplcL8kQ5/zTDu6Ox3ATmLbz5tsCt4X3XX3o/xGZHDwe3YqCQMDyetSRgH5gYH 71AzeAnOzYjCFbuaOYXmCWtIwx7wVaylgUATaA+p6UguUilOCSyZHlppWE9buGF+2uh7 fSiml58+fcVqqdrdw7ZCgHrgK//eKkL8dFMVKTXF2OPQ9339jV8UW2GYRbtJUcB18Zwq tDKmEKgzgKnXR86wlWdEGaqLHvk4E5lQD1P6ZdFGYJyoaNu8lcOpjlORKAFpXZ1tshVc Buk82R131G6iDy6vj0YIi5E8RkGUQsU0D2yVQjOMRKJdaZtXHfKGHXCap2xgYfgpwz8R R/7A==
X-Gm-Message-State: AOJu0YzIKccmEtet0HVAI/p0Od9+hQOzaiYfAoGJC/4EFCefyhAPZt2q 6Aa9Z+sEGLMQar2U9ZIVltDdZAAnUF1KfeTWYvez3DWE9xXFC5BNXZ3cB/EAK3zpLd/tvdpLQ9G n
X-Google-Smtp-Source: AGHT+IGeThqfVKA3W4wTuZ/lE/C/tyylFfQY7Svr95cx/FZM3W7XEtjEp9oxuE6OqxMLBka3duoG7w==
X-Received: by 2002:a0d:fe45:0:b0:609:3a29:17ff with SMTP id o66-20020a0dfe45000000b006093a2917ffmr2075172ywf.33.1710448968380; Thu, 14 Mar 2024 13:42:48 -0700 (PDT)
Received: from [192.168.2.20] (162-238-103-217.lightspeed.brhmal.sbcglobal.net. [162.238.103.217]) by smtp.gmail.com with ESMTPSA id h194-20020a816ccb000000b00609f3bbec15sm426094ywc.110.2024.03.14.13.42.47 for <dmarc@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 14 Mar 2024 13:42:47 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------Hq58pheRcRxmKmxV0LJYyApP"
Message-ID: <791cdf24-011d-4cd1-83cd-79d438f3020d@tekmarc.com>
Date: Thu, 14 Mar 2024 15:42:47 -0500
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: dmarc@ietf.org
References: <CAHej_8kip_p+n56=Y5WuVG2M_+HXHj51fyY3k6dx-itJRZkCpQ@mail.gmail.com> <B18FD596-D342-4569-8A23-3E01B137DDDA@kitterman.com> <CAHej_8=+fHDstBHCzS54cr5dmGo=XfyXy0wzaS6gY6WokpF_Lg@mail.gmail.com>
From: Mark Alley <mark.alley@tekmarc.com>
In-Reply-To: <CAHej_8=+fHDstBHCzS54cr5dmGo=XfyXy0wzaS6gY6WokpF_Lg@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/WR9jFJYeM4KIBHjYt97l3MxW8Yg>
Subject: Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2024 20:42:54 -0000

- Mark Alley

On 3/14/2024 3:38 PM, Todd Herr wrote:
> On Thu, Mar 14, 2024 at 4:34 PM Scott Kitterman <sklist@kitterman.com> 
> wrote:
>
>
>     I think this is correct.  I think it's obviously enough correct
>     that I'm surprised anyone was confused.
>
>     Do we know what the theory was that led people to think otherwise?
>
>     Seems to me we don't really need this, but maybe there's a reason.
>
>
> The reasons given were:
>
>  1. https://www.rfc-editor.org/rfc/rfc5863#section-4.1
>  2. https://datatracker.ietf.org/doc/html/rfc6376#section-7.5
>  3. Neither RFC 7489 nor DMARCbis contain the phrase "CNAME", so if
>     it's not explicitly mentioned...
>
> Granted, the first two citations are in regards to DKIM records, not 
> DMARC records, but those were the reasons given.

Couldn't hurt to clarify explicitly, I'm for it. Domain owners have been 
using CNAMEs with DMARC TXT RRs pretty much since its inception.

- Mark Alley

v2.23.0 | Report a Bug | By Email