IETF Logo Mail Archive

Re: [dmarc-ietf] NXDOMAIN

Douglas Foster <dougfoster.emailstandards@gmail.com> Thu, 08 April 2021 16:50 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 718B43A11CD for <dmarc@ietfa.amsl.com>; Thu, 8 Apr 2021 09:50:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3FAtQVYVb8iZ for <dmarc@ietfa.amsl.com>; Thu, 8 Apr 2021 09:50:42 -0700 (PDT)
Received: from mail-vs1-xe2e.google.com (mail-vs1-xe2e.google.com [IPv6:2607:f8b0:4864:20::e2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7FFC3A11CB for <dmarc@ietf.org>; Thu, 8 Apr 2021 09:50:41 -0700 (PDT)
Received: by mail-vs1-xe2e.google.com with SMTP id h20so1494275vsu.1 for <dmarc@ietf.org>; Thu, 08 Apr 2021 09:50:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BcCmGxTMU15TgtbGJRFJjcvxfpOAp8VwczRMv0fwLyA=; b=IfAPAuzy+tUnLJFJ+BQNAdAQuyrmbGMlyW04H3x1T8diD3RIndrX5P1e8QaPEWIqgl qBs6KaMOiu7KLimJW3j0d9AICN5k2WGWMyaT7WSuqIx58t2MFQdPY5ljFyPBJb4FfUqk Zx1ks3Jud4MsuHNSc0rwXTLyI136R1uHQQWjL8WuOz7+E9CoQBQ15kHImW90YX5YCIkt QYKmJ7HLICwxIuesmOCmNnMmhzwomXbAwWTSF7HuLMTSBjInst4O3DOn8XW7vSJOS/xy 6WVOmxNsQ1XmOuegxYNkvHeZ5iFdA9ph9HfbVoxcXPeqm2msGHCcXq+XRfeRMYLRX0FH vE8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BcCmGxTMU15TgtbGJRFJjcvxfpOAp8VwczRMv0fwLyA=; b=HNsoB4CSmqRW1Gn2HqlnEMzIf05Do5bUmR2lEMRlqBlMM26oGpKdUJTCR4449evSu7 kFViY1pnNY7t+rVqoM2pEYH3U7vAL9ZuvcadDa109TvHJIGUbzfNz4h8RS6WUudm1KCr vTwPeSDgYmDSpRL3f6KfNn7F6Qt+FfbgNjFUGPap3uZI31yV1dtWlSOxMCXdQsaObKaV q+3w+t5j+qwViCqxNm60wIx+S8juBwE3Hre8/xVub5o/AG27xo+HTFaYUfcgzH17ixiH sP2gtslEzp27Lv+6SSRtgKID7MosnMPWNX1ql293fSalDxHAHXXuJn6Ta9vfH7KrX7Kl buaQ==
X-Gm-Message-State: AOAM5333DOXSnV/ysRkXXKIaXBe5zzCDNClID6jZtKybE8AzsKBFyR68 w4X6stWQglX+njkKRHvBVlE28ayonoxn4VarYzs=
X-Google-Smtp-Source: ABdhPJxkb6kmDBNVzLGYqj8XQxRy1ouE/tmObazQc7yo2GzuOjQEP/I98Ogsl5OKKIVeJ0Oq2mVpn2RDVUsXkPWYzjY=
X-Received: by 2002:a05:6102:238f:: with SMTP id v15mr7455993vsr.45.1617900639172; Thu, 08 Apr 2021 09:50:39 -0700 (PDT)
MIME-Version: 1.0
References: <CAH48ZfxjotxU8G4ZucGTqERP0ZXSF8i9EH9vvQyi2SacbPxvvw@mail.gmail.com> <CAL0qLwa-ZkwxF=-9T42_d-pPrmVpMTZ0gMyq+4i1zXrZGPK1fQ@mail.gmail.com> <CAH48Zfx6mdmwiBtD0nRKMsuxwPkh7Wm7aX_qdUEt=4+OM6DG2g@mail.gmail.com> <CAL0qLwYmu20PB-HRjLNtnuykoJDerQ2NryEc5SdBD759Muoc7Q@mail.gmail.com> <CAH48Zfy6Qrp7etxvC6oieQORy8nfNdDF7Kju5hwDZOG2tEarPg@mail.gmail.com> <CAL0qLwbe2y3y=6+UvcdqeAYFs41mPwLtXOjMVSD-Gj5D24WUZw@mail.gmail.com> <CAH48Zfzo=VspGD5EuJHEnMTsDU77p5_+Jqzm=DAbZS_zQ4s_0w@mail.gmail.com> <CABuGu1q5UA=EXwzPikc8uES4KSBth+4Qcayc+X2dndZX=cb-pw@mail.gmail.com>
In-Reply-To: <CABuGu1q5UA=EXwzPikc8uES4KSBth+4Qcayc+X2dndZX=cb-pw@mail.gmail.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Thu, 08 Apr 2021 12:50:26 -0400
Message-ID: <CAH48Zfy2C6w1Ziq03gY4FWJNw1P06HX9oa8UqWXEkFwKD98aqw@mail.gmail.com>
To: "Kurt Andersen (b)" <kboth@drkurt.com>
Cc: "Murray S. Kucherawy" <superuser@gmail.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e13d6b05bf78d8e5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/_1PqvQOyvc-4zHjrM896hR66B5M>
Subject: Re: [dmarc-ietf] NXDOMAIN
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2021 16:50:47 -0000

They are covered by accident if the domain has an enforceable policy.   The
reality is that NX status means tharmt the subdomain is not under the
administrative control of any parent domain and therefore the presence or
absence of a domain policy is irrelevant.


Why is it problematic to document this risk, and indicate that when "No
Policy detected" occurs, it is recommended to check whether the domain
exists, and if it does not exist then local policy for nonexistent domains
should be applied?

On Thu, Apr 8, 2021, 11:44 AM Kurt Andersen (b) <kboth@drkurt.com> wrote:

> On Thu, Apr 8, 2021 at 5:02 AM Douglas Foster <
> dougfoster.emailstandards@gmail.com> wrote:
>
>>
>> "IETF is interested in attacks of the form
>> 'otherdomain.nonexistentdomain.psd', but IETF is not interested in attacks
>> of the form 'nonexistentdomain.otherdomain.psd'.
>>
>
> I don't understand your assertion here. Non-existent domains under
> existing org domains are already covered by the org-level DMARC policy
> assertion. 5322.From domain of nosuchdomain.example.com would be treated
> in accord with the policy for example.com.
>
> --Kurt
>

v2.23.0 | Report a Bug | By Email