IETF Logo Mail Archive

Re: [dmarc-ietf] Tree Walk impact

Neil Anuskiewicz <neil@marmot-tech.com> Fri, 13 October 2023 19:29 UTC

Return-Path: <neil@marmot-tech.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 332F5C151072 for <dmarc@ietfa.amsl.com>; Fri, 13 Oct 2023 12:29:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.203
X-Spam-Level:
X-Spam-Status: No, score=-1.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_PERMERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=marmot-tech.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07FpZRjKf5NI for <dmarc@ietfa.amsl.com>; Fri, 13 Oct 2023 12:29:34 -0700 (PDT)
Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4270DC14CE40 for <dmarc@ietf.org>; Fri, 13 Oct 2023 12:29:29 -0700 (PDT)
Received: by mail-pl1-x62b.google.com with SMTP id d9443c01a7336-1ca052ec63bso7308635ad.1 for <dmarc@ietf.org>; Fri, 13 Oct 2023 12:29:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marmot-tech.com; s=google1; t=1697225368; x=1697830168; darn=ietf.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=v7/7Hdi8Ai/8G7p7cHrU9UFYc5ID7MTk51PjmjUo11Y=; b=bWx5HP8POV/VEuvu5399P3mOBt0+IBxiQwFBHLjUcxpgkM9Zyf3hdoethmGCDj92x9 bFDFpuUA+nY5NkCast0JekJCE315bCR2qMl+FuEzBce2C7DNHA97eUd748Ci/5LkOaVW hznhY9BF/WWa+OY3QhoxtOZyyJ9kSWoBKW1tiJv46HSn8z1seEx+F2XhVadBmoKOaxsp JNZrLIN1Pvog3GGqSEFsN299WXr7QnV1NKixx3Q2v9+UGnCMRIYqsrpW0n0mJkmFvUzx N/4cq/52RSeJ9iIDlO3ARg1GKf7k1JP3OHKSzkmSI6f7/SxbGk5iV6Zo+UO3frD3xyR2 68Qw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697225368; x=1697830168; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=v7/7Hdi8Ai/8G7p7cHrU9UFYc5ID7MTk51PjmjUo11Y=; b=SF17BJV7+rXGv9xgjHBI3vTt5ou2ke3GRoR1xlfDJLjdoMxIOVL6diZnH2zVl/ncjx 7JBeJY2wDjyveie8gIaeaXT5QfLIrxpJbuxk1vf9+6drnUnMe4/uCTCX5iX/kKjoSP8H ue4sUreK/UeSDa/NpTOCW/Ugd1OZqySR0R1aYETTqI7H4PVvt/oquFEqnayIDWW6IOR2 HxMGIZHYaJI+y0MaPgKO/AOcsUFpJksS8O7RUMEyT7lm1QvjoHI92QwSuhELOyxOAnyd m25fwckyz0+HfRThS4EueYwkDZ0XYS0PR7DFbFTwS2tUVyEp5yO6q2Jku4p1UM0UsBOI 86vw==
X-Gm-Message-State: AOJu0YyTpqH6MVF0hX3N3z916hp3zlD1dY7+QqIA5OVwsir+S3TJ4oHp xywOm9vPX1KxArINBloekL9tLlNf7uYcSvbijK1g6A==
X-Google-Smtp-Source: AGHT+IF8SCJ5yvZKx2Tv2FOYQ7c7/7DEDkdtHxmISnQc0mmqk4UpXL6svvWX80Q9vCO5P6yzPhFBqw==
X-Received: by 2002:a17:902:f688:b0:1c9:e830:160d with SMTP id l8-20020a170902f68800b001c9e830160dmr4766207plg.22.1697225367500; Fri, 13 Oct 2023 12:29:27 -0700 (PDT)
Received: from smtpclient.apple ([2601:1c0:cb02:fad0:b1d4:328b:8f54:28a6]) by smtp.gmail.com with ESMTPSA id d2-20020a170902cec200b001c5fe217fb9sm3317028plg.267.2023.10.13.12.29.26 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 13 Oct 2023 12:29:27 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-71C0B3B1-088B-4724-B83D-6C02393112CE"
Content-Transfer-Encoding: 7bit
From: Neil Anuskiewicz <neil@marmot-tech.com>
Mime-Version: 1.0 (1.0)
Date: Fri, 13 Oct 2023 12:29:15 -0700
Message-Id: <03ECD2C2-5AE6-4453-997D-24EA96A1B048@marmot-tech.com>
References: <CAH48Zfz9pytrQC+XeC7_dYc4V1T3EyrKpC5-E3cBzxDoCtaDkA@mail.gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
In-Reply-To: <CAH48Zfz9pytrQC+XeC7_dYc4V1T3EyrKpC5-E3cBzxDoCtaDkA@mail.gmail.com>
To: Douglas Foster <dougfoster.emailstandards@gmail.com>
X-Mailer: iPad Mail (20G81)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/YdT4g9LriLH78SZPTyLtZYPVbTg>
Subject: Re: [dmarc-ietf] Tree Walk impact
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Oct 2023 19:29:38 -0000

If I read that right it gives you what you think is a desirable outcome. That is, this might be a strong sign that you’re at least considering supporting DMARCbis!

Yes, we all need to be prepared for headaches no matter which direction this all goes.

On Oct 13, 2023, at 3:59 AM, Douglas Foster <dougfoster.emailstandards@gmail.com> wrote:


The first step in my research has been to do DMARC policy lookups on the PSL domains   About 400 of them have DMARC policies.  A super-majority specify relaxed authentication without specifying a NP policy.   This indicates that the policy was created before the PSD for DMARC spec.   I conclude that these domains want to be treated as organizations, not PSOs, and tbe stop-last Tree Walk will enable what they have been wanting.

Doug

On Fri, Oct 13, 2023, 1:06 AM Neil Anuskiewicz <neil=40marmot-tech.com@dmarc.ietf.org> wrote:


> On Oct 10, 2023, at 11:57 AM, Alessandro Vesely <vesely@tana.it> wrote:
>
> On Tue 10/Oct/2023 19:16:10 +0200 Todd Herr wrote:
>>> On Tue, Oct 10, 2023 at 6:14 AM Alessandro Vesely <vesely@tana.it> wrote:
>>> On Tue 10/Oct/2023 00:19:56 +0200 Douglas Foster wrote:
>>>> Both approaches have problems.   Stop-at-last enables the walk to exit the current organization and stop on a private registry, for both alignment evaluation and for aggregate report transmission.   This is not a minor problem, even if it is arguably infrequent.
>>>
>>> The illustrative example in the draft says:
>>>
>>> _http://dmarc.a.b.c.d.e.mail.example.com" rel="noreferrer noreferrer nofollow" target="_blank">dmarc.a.b.c.d.e.mail.example.com
>>> _http://dmarc.e.mail.example.com" rel="noreferrer noreferrer nofollow" target="_blank">dmarc.e.mail.example.com
>>> _http://dmarc.mail.example.com" rel="noreferrer noreferrer nofollow" target="_blank">dmarc.mail.example.com
>>> _http://dmarc.example.com" rel="noreferrer noreferrer nofollow" target="_blank">dmarc.example.com
>>> _http://dmarc.com" rel="noreferrer noreferrer nofollow" target="_blank">dmarc.com
>>>
>>> That is, no stop at all.  In this respect, a psd=n at http://example.com" rel="noreferrer noreferrer nofollow" target="_blank">example.com would save a lookup.  However, it is not something that we can recommend, after we chose the obscure tag name. >
>> I'm not sure I understand what you're saying...
>> The illustrative example cited is intended to illustrate a full tree walk
>> that follows the steps for a full tree walk that are spelled out in the
>> numbered list just prior to the illustrative example.
>
>
> Yup, I'm not criticizing the text (I wouldn't know how to better it).
>
> Just wondering how to implement it.  It is understood that programs must behave /as if/ they followed the letter of the spec, but don't have to actually do so.

Would it be possible to test these scenarios with a working prototype or some other way to provide proof. Due to other obligations I haven’t been able to lurk here much but upon coming back I think the tree walk issues touched on today are possibly the only things standing in the way of dmarcbis. Though I saw there’s a nascent save our PSL movement that I read about. I’m not sure how serious or influential this movement is and why they’d feel so strongly that they’d step in with somewhat dubious play reviews on the 10 yard line.

I’m just an observer.

I’d be shocked if DMARCbis to emerge perfect and triumphant. I expect problems will be addressed, there’s going to be stress, but ultimately another hack such as the hosts file for DNS will become largely irrelevant in the big picture, taking the Internet another step out of childhood toward adulthood. That’s a good thing even if some things go wrong along the way that need to be fixed or mitigated. The Internet is a place where the perfect is often more blatantly the enemy of the good.

Neil
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc" rel="noreferrer noreferrer nofollow" target="_blank">https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email