IETF Logo Mail Archive

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dmarcbis-07.txt

Douglas Foster <dougfoster.emailstandards@gmail.com> Tue, 19 April 2022 02:14 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71ACC3A1E78 for <dmarc@ietfa.amsl.com>; Mon, 18 Apr 2022 19:14:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ipuMkr2iKPms for <dmarc@ietfa.amsl.com>; Mon, 18 Apr 2022 19:14:45 -0700 (PDT)
Received: from mail-oa1-x2e.google.com (mail-oa1-x2e.google.com [IPv6:2001:4860:4864:20::2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC5F03A1E76 for <dmarc@ietf.org>; Mon, 18 Apr 2022 19:14:44 -0700 (PDT)
Received: by mail-oa1-x2e.google.com with SMTP id 586e51a60fabf-e2afb80550so16103494fac.1 for <dmarc@ietf.org>; Mon, 18 Apr 2022 19:14:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=DV2skC4h4bBgQ27RCzWxRrFYJRAxrGC9Uaqxg/zbOXo=; b=F8qeGb1cYtpdgQsfAGJ1W9u9g9KzqmI8ura5EphbYRPw8/NjOagknLxV+vlrC35YRc S4RS0In2XMOopgATeU0wBvp1jv2ehljFpqJcxVmNURI/8PIwdL4/CnEzN8Z9fuCnnQdY ZwifYR5477Sf4dPZftOe/dsJBlb6Y0wveDQZYI1Pr23MuDj9hCfJ+KofvEuv0hxLWhYM TKqrvaPlrNx2RmG+7DnUorLJ/KuaS9p6Zq97inujBBjt6ggSrhFKZMrUkxe0dyakNgMg PGjqUCnhZ5TMFLg+u1L5ukFuWlLq77qOghifQC6F3WArYB907cyU9m6ldBljXx4rgC00 4pZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=DV2skC4h4bBgQ27RCzWxRrFYJRAxrGC9Uaqxg/zbOXo=; b=r+009jhS2c6qUEorX55pvArNBnzysZQFPNSf8Z1o+KNOsdbdhYf0m5eIPJjV0cJc5E JC8TVKZjqjrOO16RNf4J9Wn5aNgzc7cGpCNSKiX5nBoZB3GzzSJxyylwHhI5h5uPsmi2 wckmy6UhSeMUNS64RzTAErCQkE8Nkvq7nlHMsYM6aBXKoRJbBScc5POU86OTJ9Or9ZFx Pzq1R9rCpUv1r8DNTMBWVEjvZIb+JH+Irhua302vddyc3R2DEQiUzrYUiU51p9UNtsZl rWwmm71mOaTjRNaW633vhktXDCD+Bs/DQJrplJOlo12nbBuiZrNrTqHkYb0c7D3Y2PgX /p+A==
X-Gm-Message-State: AOAM5335Mglff3E+1TuHqPMVLAxt66wZ+lY0nUZpH8SMofgpP65l05/5 shUJULhX71Y8wEIbYux6kp+cR/t9ZqeSCC4UpGq/ONj6uts=
X-Google-Smtp-Source: ABdhPJwsuGTVzaZO94KtJJp/QVXprXLvR+UfZGv+/DOJ15PbMgQFFmnfKgsXcqphiDkrQuJnd1kIMcbU/5SuHO8p2Hg=
X-Received: by 2002:a05:6870:2041:b0:de:f8b7:d98e with SMTP id l1-20020a056870204100b000def8b7d98emr5531271oad.51.1650334483526; Mon, 18 Apr 2022 19:14:43 -0700 (PDT)
MIME-Version: 1.0
References: <164925666278.4445.13789431014958416691@ietfa.amsl.com> <CAHej_8me_FnA63_ySgMwRhXnq61ujuJat9ZKrmcqBuNA_5Zbmw@mail.gmail.com> <C1B57A82-E003-4578-AB88-A00E54428533@kitterman.com> <4266119.zEdeCrfD3z@zini-1880>
In-Reply-To: <4266119.zEdeCrfD3z@zini-1880>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Mon, 18 Apr 2022 22:14:37 -0400
Message-ID: <CAH48Zfwqnbr2qyBkorQMtH+SkJk8U5P=Ns6ygmk1BApdGdUHvg@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a6b74905dcf8705b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Y8givAL7OqnPi24skWXFsK9dXwQ>
Subject: Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dmarcbis-07.txt
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Apr 2022 02:14:50 -0000

Concern 1
Of the several thousand private registry domains listed in the PSL, 45 have
DMARC policies at or above the registry point.   40 of these 45 specify
relaxed alignment for both DKIM and SPF.  Upon activation of the tree walk,
these policies will be treated as organizational domains to any private
registry clients that have not published their own psd=y policy.   Because
of relaxed alignment, these private registry clients will be able to
impersonate their siblings and parents and produce a DMARC result of PASS.

Concern 2
Since the longest current PSL entry has 5 segments, the longest
organizational domain is 6 segments.   The "jump to 5" logic needs to be
changed to "jump to 6".

Concern 3
The "psd=u" language is inconsistent.  Which is true?
"This token indicates that this policy is not an organizational domain,,
the organizational domain is above this point"
or
"This token indicates no usable information, proceed with the heuristic to
determine if this policy is the organizational domain"

Doug Foster

On Sun, Apr 17, 2022 at 4:54 PM Scott Kitterman <sklist@kitterman.com>
wrote:

> I've finished going through this and also updated authheaders [1] to
> match.  It
> now has a script called dmarc-policy-find which you can used to determine
> the
> DMARC policy to be applied for a domain.  You can use RFC 7489, RFC 7489 +
> RFC
> 9091, and DMARCbis-07.
>
> It does currently cheat and assume psd=y is in the records for domains on
> the
> PSD DMARC registry list, since no one has actually published that yet.
>
> Scott K
>
> [1] https://github.com/ValiMail/authentication-headers (also on pypi)
>
> On Wednesday, April 6, 2022 12:27:04 PM EDT Scott Kitterman wrote:
> > I believe it does.
> >
> > Thanks,
> >
> > Scott K
> >
> > On April 6, 2022 2:53:59 PM UTC, Todd Herr
> <todd.herr=40valimail.com@dmarc.ietf.org> wrote:
> > >I believe this rev has the proposed text that was submitted in various
> > >messages in the thread titled "*5.5.4. Publish a DMARC Policy for the
> > >Author Domain - dmarcbis-06"*
> > >
> > >On Wed, Apr 6, 2022 at 10:51 AM <internet-drafts@ietf.org> wrote:
> > >> A New Internet-Draft is available from the on-line Internet-Drafts
> > >> directories.
> > >> This draft is a work item of the Domain-based Message Authentication,
> > >> Reporting & Conformance WG of the IETF.
> > >>
> > >>         Title           : Domain-based Message Authentication,
> Reporting,
> > >>
> > >> and Conformance (DMARC)
> > >>
> > >>         Authors         : Todd M. Herr
> > >>
> > >>                           John Levine
> > >>
> > >>         Filename        : draft-ietf-dmarc-dmarcbis-07.txt
> > >>         Pages           : 62
> > >>         Date            : 2022-04-06
> > >>
> > >> Abstract:
> > >>    This document describes the Domain-based Message Authentication,
> > >>    Reporting, and Conformance (DMARC) protocol.
> > >>
> > >>    DMARC permits the owner of an email author's domain name to enable
> > >>    verification of the domain's use, to indicate the Domain Owner's or
> > >>    Public Suffix Operator's message handling preference regarding
> failed
> > >>    verification, and to request reports about use of the domain name.
> > >>    Mail receiving organizations can use this information when
> evaluating
> > >>    handling choices for incoming mail.
> > >>
> > >>    This document obsoletes RFC 7489.
> > >>
> > >> The IETF datatracker status page for this draft is:
> > >> https://datatracker.ietf.org/doc/draft-ietf-dmarc-dmarcbis/
> > >>
> > >> There is also an HTML version available at:
> > >> https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-07.html
> > >>
> > >> A diff from the previous version is available at:
> > >> https://www.ietf.org/rfcdiff?url2=draft-ietf-dmarc-dmarcbis-07
> > >>
> > >> Internet-Drafts are also available by rsync at rsync.ietf.org:
> > >> :internet-drafts
> > >>
> > >> _______________________________________________
> > >> dmarc mailing list
> > >> dmarc@ietf.org
> > >> https://www.ietf.org/mailman/listinfo/dmarc
> >
> > _______________________________________________
> > dmarc mailing list
> > dmarc@ietf.org
> > https://www.ietf.org/mailman/listinfo/dmarc
>
>
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email