IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #111 - MX/A/AAAA test needs justification

Douglas Foster <dougfoster.emailstandards@gmail.com> Fri, 07 May 2021 20:03 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B6223A30AF for <dmarc@ietfa.amsl.com>; Fri, 7 May 2021 13:03:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G9xwWn_aOtOz for <dmarc@ietfa.amsl.com>; Fri, 7 May 2021 13:02:58 -0700 (PDT)
Received: from mail-oi1-x229.google.com (mail-oi1-x229.google.com [IPv6:2607:f8b0:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ACC43A30AD for <dmarc@ietf.org>; Fri, 7 May 2021 13:02:58 -0700 (PDT)
Received: by mail-oi1-x229.google.com with SMTP id l6so9813515oii.1 for <dmarc@ietf.org>; Fri, 07 May 2021 13:02:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=9bUfeS9e5zlFhtMxnrUgbkDnS6wdiPjELQubEQyZJzg=; b=ORc1UkA/hyFw5e/VGb/ARC57f2Ck+2VORt29ZNcMvUQ80irGy6t8hCat6rIWWgfxPQ feADpOXxt6A5E+f1ohddbJVA9zC2Z7/p/B94rxqPN96CuKcwr6gBbuBvrn5Gc4glXJe9 pcmbWzyCjJxEBOmUXaW7FOAt1+05EGAh3kMt8g6IG+R8AJFUt/SdVRYJngxNVVsZ6C/A 1LJC8gRuhnfOsa6ebNZnosrAmG8TM5PBQxuK1snHKsn96oI47IHFzzhbXywIQMij/AZ/ cqcZXXV+GwoaZYe4RKgmgs/WWXEE7r6M5696oCgOAk7O/uyHYvTQ2d6km77B/027MNhE Fvtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=9bUfeS9e5zlFhtMxnrUgbkDnS6wdiPjELQubEQyZJzg=; b=aJ8gqRnWblSLZiGDqM1vZfl8k3REORjhAit0DH9D8wUCGOAbGyzz5HfEQBX6sZafvF hVOoHSbhnSudK5Or+/wnDepuolsDpjiRfMuv6gWl6CFIleg1oVTEScgCQdg29qGo5j2b GeCbjR4NreEHsUoAkklbd9yhgbzDR0FJpfjhpLIbnxemz9ez92WjXnFp/MToSyuU/3Y0 3P96e0jDJjBHf5oaRYtQgQqGz1Jm2MqxO9l8f4bWCtZYjUJBzH9xT5xYY0qjhvN4o3tv UG0sNbf1wRn65DjYVgX6cFviHQGOptev0n5tNaJ3EcTWpUdnJA7czVg5sJHFDdgQ8jmu jJFQ==
X-Gm-Message-State: AOAM531MLdhNNoR8RRNcIWH+E2m61YdnuH77l5hhbqtge35/xEDyY5uj bI/PtRz02N0hwF+HNpHN5JKOg06OeNfmTPcqOMsTLUuYc1w=
X-Google-Smtp-Source: ABdhPJyCy9CzXVRmIFHqyO1Au1RgPF70xtWwb0wrdyM2lnp0f0mbWlKiJxgkkdgB9/lvpTxTbElbGxFGNf56y6++pgA=
X-Received: by 2002:aca:c449:: with SMTP id u70mr4196261oif.146.1620417776385; Fri, 07 May 2021 13:02:56 -0700 (PDT)
MIME-Version: 1.0
References: <CAH48Zfw36HJ0C4owJXPowgVqwZ5eLxSwibQ6ANzryZDKO0B6dw@mail.gmail.com> <3f70ef7c-d506-d799-2cb0-d836f47bc3d3@wizmail.org> <CAH48ZfxfMm12bkq8TfcXJpGNh0C_aLi28bLJHStx7MUXzxeF9w@mail.gmail.com> <CAL0qLwb3YKr1cYgpBmS28rXGJZ-oyENLSAXhKhN8QHxjP0Qzgw@mail.gmail.com>
In-Reply-To: <CAL0qLwb3YKr1cYgpBmS28rXGJZ-oyENLSAXhKhN8QHxjP0Qzgw@mail.gmail.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Fri, 07 May 2021 16:02:45 -0400
Message-ID: <CAH48ZfztKxsiCj5B5MGt8BXD4DE8wUYwkYPJONSdx4KObotCAw@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f300ef05c1c2e902"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/_Lc64UI4i0ynxT1mvKgmFhGcqcc>
Subject: Re: [dmarc-ietf] Ticket #111 - MX/A/AAAA test needs justification
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2021 20:03:03 -0000

Here are the tests that I am looking to define:


*The existence / non-existence test:*
Given an identifier which is presumed to be a DNS domain name, perfrom a
DNS lookup based on that name.
The query may:
- return results using data from the identifier domain
- return results using data from a parent domain
- return NXDOMAIN

If the result is definitely from the identifier domain, the domain name
exists
If the result is NXDOMAIN, the domain does not exists
If the result is from the parent domain, the results are uncertain.

Is there a query or collection of queries that can ensure that we only
accept results from the identifier domain and not from the parent?


*Wildcard DNS:*

Wildcard entries create intentional ambiguity.   How do we suggest that
wildcard results should be factored into the evaluation?


*The mail-enabled test:*

Once existence / non-existence is determined, is it desirable to test for
"mail enabled"?
If so, what role should parent-domain results play in answering this
question?
If "Mail Enabled" is relevant, why is the existence of an SPF policy
irrelevant?

If "mail enabled" is used, this creates implicit DNS configuration
requirements on the domain owner.  New requirements should be stated quite
explicitly.



On Fri, May 7, 2021 at 3:06 PM Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Thu, May 6, 2021 at 5:02 PM Douglas Foster <
> dougfoster.emailstandards@gmail.com> wrote:
>
>> I have begun data collection on the effectiveness of the MX and A tests.
>>  Wildcard DNS entries increase the frequency of false positives and reduce
>> the usability of the test.   For example, "msaqq189.ford.com" returns a
>> set of MX results, but I rather doubt that I made a lucky guess and found a
>> mail domain that Ford Motor actually uses.
>>
>
> There's no need to guess.  You can query for wildcard records:
>
> $ host -t mx '*.ford.com'
> *.ford.com mail is handled by 10 cluster4.us.messagelabs.com.
> *.ford.com mail is handled by 20 cluster4a.us.messagelabs.com.
>
> -MSK
>

v2.23.0 | Report a Bug | By Email