Re: [dmarc-ietf] How does PSD for DMARC affect tree walk issue?

"Chudow, Eric B CIV NSA DSAW (USA)" <> Thu, 19 November 2020 22:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 25BE23A131E for <>; Thu, 19 Nov 2020 14:35:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id oIccNJ-qGVxP for <>; Thu, 19 Nov 2020 14:35:38 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5382A3A0D73 for <>; Thu, 19 Nov 2020 14:35:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;;; q=dns/txt; s=EEMSG2018v1a; t=1605825338; x=1637361338; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=lTfGSJzwOxrSleDQeZIiN1vFAE4vR8ML7Gw8qf0cAME=; b=AsGM9U6Y7tYOXOUZSyYY0szWSZXppAvskvTDE/RtyDF9QwV7RjtYxaHh wO4Xn5nEglDThAPnzj0KjG8PKPgKKsFUosEFiwvPYXIeamdgH7p3roSFu 8kZmtJZLi7JKWQMPVweqmP6hk/Nt8Cal0jLjzVaxofPtg/UkL2cdTOuf7 S/wI00Rs6QokQ1JkMCwEcTdVQNr+aSu6srKLS7fINmO7LGP2uQS5dv7OM VO9qtpP2koOZq1a3UTs6flxQfUR9fDBlR4SO47iRyvzuG0H71+iuPOJLx BuROLjPgYwLaggC0LW1ByTdqx/3+idze/NqMmiELNes7idQf2LxxQ34pM A==;
X-EEMSG-check-017: 146852373|
X-IronPort-AV: E=Sophos;i="5.78,354,1599523200"; d="scan'208";a="146852373"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-SHA; 19 Nov 2020 22:35:35 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.3.487.0; Thu, 19 Nov 2020 22:34:30 +0000
Received: from ([]) by ([]) with mapi id 14.03.0487.000; Thu, 19 Nov 2020 22:34:30 +0000
From: "Chudow, Eric B CIV NSA DSAW (USA)" <>
To: 'Doug Foster' <>, 'IETF DMARC WG' <>
Thread-Topic: [dmarc-ietf] How does PSD for DMARC affect tree walk issue?
Thread-Index: AQHWvsGkAWTmp4RaHEW5GvreMBRMcKnQCeEw
Date: Thu, 19 Nov 2020 22:34:30 +0000
Message-ID: <>
References: <004001d6bec1$6434b630$2c9e2290$>
In-Reply-To: <004001d6bec1$6434b630$2c9e2290$>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [dmarc-ietf] How does PSD for DMARC affect tree walk issue?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 19 Nov 2020 22:35:40 -0000

For domains and organizational domains that have DMARC policies, then there is no difference.  For ones that don't, there is only one extra check and I think that often it will be cached to minimize the actual lookups needed in practice.


Eric Chudow
DoD Cybersecurity Mitigations

From: Doug Foster <> 
Sent: Thursday, November 19, 2020 5:15 PM
Subject: [dmarc-ietf] How does PSD for DMARC affect tree walk issue?

PSD for DMARC specifies moving up one additional layer of the DNS tree to look for the PSD policy, but it has the effect of adding DMARC policies to all levels of participating public suffixes.    How do we judge whether this workload will be acceptable or not if widely implemented?

I ask because it seems to be moving us closer to the performance implications of a scope-limited tree walk.

Doug Foster