IETF Logo Mail Archive

Re: [dmarc-ietf] [Gen-art] [Last-Call] Genart last call review of draft-ietf-dmarc-psd-08

Douglas Foster <dougfoster.emailstandards@gmail.com> Tue, 19 January 2021 22:11 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A63D03A1824 for <dmarc@ietfa.amsl.com>; Tue, 19 Jan 2021 14:11:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AKuB-g5aLbHs for <dmarc@ietfa.amsl.com>; Tue, 19 Jan 2021 14:11:16 -0800 (PST)
Received: from mail-vs1-xe29.google.com (mail-vs1-xe29.google.com [IPv6:2607:f8b0:4864:20::e29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F0A63A0C74 for <dmarc@ietf.org>; Tue, 19 Jan 2021 14:11:15 -0800 (PST)
Received: by mail-vs1-xe29.google.com with SMTP id o186so4192468vso.1 for <dmarc@ietf.org>; Tue, 19 Jan 2021 14:11:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=aZj2oyv8qyfy60d0rKZS3eTd3SnoD7QJ93oW+yohMAM=; b=RxB9foDbDiJq5vKBC0Wpbt1JjtK+Rhw0RKbZUt7ycJiMQGObNoiF0Q7fYIODL08aru +kA0AKFRgjRypEDb4fi9M97xZOtc4lt+sj9h72QtoJfb4HCFXlI40vxttgZxzwws0rgJ V8XWl9WP30nM/OZfysQS1jjAyyuAsibPndaxzcPe7baFngY7amX2m0/c2xX6yCsBsssp OVNE6BbknZaz9ZLxzWRtE0pbRI5kdIddNjtWCWQaODb0Kjth/JL7qYbNOPymMpSd+KiA BCqQBi6sSw19UdX1ox/vAq8S54b6jsy3MbLAL8Jep3Jq/ZBKYJedPHe2qdxCSYQLFnqM WzJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=aZj2oyv8qyfy60d0rKZS3eTd3SnoD7QJ93oW+yohMAM=; b=uTuzLnfP2nAMBzGMEEroCR8Tz2aWcV7l8V5SpxMpMe8CJPxczubJ+acuWWbu3n8Ifh krKUzutH6jtbJkyaTWaGz8lnSf+ToAiehqlN2iIJdK+ETjdxDeIMZDpWieNBXEoqFYfJ hKNQk6LF1+rc+XSzaOcJrChILaQRr0yCtrUBzx6lzi2T1zzFwHkZAaXx47uDOVcw31pT yo29oaguejg+57xaluNgx6CyLYPch9owejRFTsBs/psNaOvpn8PEp1IatCL9cFx4vrDJ KyrLSYcU6ft33qKGXc+uzMeTQw+g6uFsxyFMAyPT3w87g6e3pFlxy/47KWA0EjCmzk2u HYxQ==
X-Gm-Message-State: AOAM532FhCQWPsKvUa3kCZK4H5wMI2/RXRWKYygDCWTCBTP5yG1l3dcR vnpPyvvVMaTuRnRfbQJ2asVuTPF1xntQrxE/r4c3gkqER0Y=
X-Google-Smtp-Source: ABdhPJz2lZ/bePxjzpcfgVejw4Ba4YAChFfhuliZ2PW5MFSHHTVFsc8JptGFT/8TQVIq3dEsrITXMMY6kGgrGNJbQbE=
X-Received: by 2002:a67:c29e:: with SMTP id k30mr782440vsj.45.1611094274751; Tue, 19 Jan 2021 14:11:14 -0800 (PST)
MIME-Version: 1.0
References: <CADyWQ+Fb93SkiAnL4cuCfxC5Wi1ERLeKhguWqAp3j8YEa6JBSA@mail.gmail.com> <87ima4wu3s.fsf@hobgoblin.ariadne.com> <CAL0qLwbiOrgsEjZU_V6W8e42SRNoUh7CzyngRMR5RLeQpzrxaQ@mail.gmail.com> <CAH48ZfwOdZcJz02a76wktQDpV_dpPHKw+qJjE2ZCDvOqF3Ptdw@mail.gmail.com> <CAL0qLwZf+tEGZj0T6UmaNBSMC-nqSpfb5DAFh8+GDuP6F5pRkQ@mail.gmail.com>
In-Reply-To: <CAL0qLwZf+tEGZj0T6UmaNBSMC-nqSpfb5DAFh8+GDuP6F5pRkQ@mail.gmail.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Tue, 19 Jan 2021 17:11:04 -0500
Message-ID: <CAH48ZfxJBwROXjtTr0YCOtBN0h_Q=jU559fAnUUNRpFjvEinRA@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f240c505b9481d0b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/XsRk1FPFJV61CfHZRhWTsBqlHbw>
Subject: Re: [dmarc-ietf] [Gen-art] [Last-Call] Genart last call review of draft-ietf-dmarc-psd-08
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jan 2021 22:11:18 -0000

No Murray, I was speaking to the PSD document.

PSD's entire purpose is to detect abuse of non-existent organizational
domains, so the definition of non-existent is crucial to its success.    I
believe the current language will produce false positives, albeit probably
a small number.    The current language is also more resource-intensive
than mine, although that is not my concern.

I believe this is also a general problem that full DMARC should address.
 If a domain exists but does not have a policy, we interpret this to mean
that the domain owner has not chosen to publish a policy, which is his
right.    If a domain does not exist, then there is no domain owner to
publish a policy and no reason to believe that the use of the domain is
legitimate.   In fact, use of an unregistered domain is a violation of IETF
policy and the entire name registration infrastructure.    Consequently, I
believe that SPF and DMARC SHOULD differentiate between "policy not
specified" and NXDOMAIN.   But to put this topic into play for DMARC, I
need to create a ticket, right?

I also want PSD to use a correct definition of non-existent because it will
establish a precedent for any generalization done as part of the full DMARC
effort.

Doug Foster

On Tue, Jan 19, 2021 at 9:23 AM Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Tue, Jan 19, 2021 at 4:34 AM Douglas Foster <
> dougfoster.emailstandards@gmail.com> wrote:
>
>> I raised objections to the definition of "non-existent", which never
>> received an adequate response before the discussion went silent.
>>
>> DMARC checks the From  header address, which may exist only as an
>> identifier used for mass mailings.   These mailings are often sent by an
>> ESP using an unrelated SMTP address.    As such, the From address need not
>> be associated with any A, AAAA, or MX record.    I assert that the only
>> viable definition of non-existent is "not registered", as evidenced by
>> absence of an NS record.
>>
>
> This is a discussion of DMARC, not of PSD, right?  DMARC defines this test
> in an Appendix, and then makes it non-mandatory.  PSD says to apply that
> test for domains that request it.
>
> Hooking this test up to registration requires introducing RDAP or
> something similar.  Is that what we're talking about here?
>
> I don't believe the proposed definition of "non-existent" is reliably true
>> even in the special case of interest for this document, impersonation fraud
>> occurring at the top of an organizational structure.  Example.PSD may
>> legitimately use mail.Example.PSD for email and www.example.psd for web.
>>  If the proposed condition MUST always be true, I have not seen that fact
>> demonstrated.   Since the document raises a general concern about
>> fraudulent use of non-existent domains, the definition used should be one
>> that can be generalized.,
>>
>
> This sounds like something that should be solved in DMARC, not PSD, but
> naturally consensus wins here, so have at it.
>
> -MSK
>

v2.23.0 | Report a Bug | By Email