Re: [dmarc-ietf] Comment on draft-ietf-dmarc-psd

"Chudow, Eric B CIV NSA DSAW (USA)" <> Mon, 09 September 2019 18:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id F1AF312022D for <>; Mon, 9 Sep 2019 11:30:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8s0qxUYZt5vD for <>; Mon, 9 Sep 2019 11:30:00 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 39F591200A4 for <>; Mon, 9 Sep 2019 11:30:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;;; q=dns/txt; s=EEMSG2018v1a; t=1568053800; x=1599589800; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=/JzAp+GDfu0IvOt5kbdpT6YD3lhLkrdVvIivwo1ZF+k=; b=QjyhY4ZZuUPqsB4qPh5frLDCVUOTktH5to4eMycgBlcfKWR8N6mRIsXB Fuq/p3NUfo7wwO14U6ZTrxc/zKFtOvPEK7R3Zi+JwQ3rW4gwQ8f5zuBd6 oJkQBEHseGjktWfbHDvf4kOxvloVMB4Rw83B1aJxszfMUrfVGlAv0ds6O y4QMxdxDJE1vjmWrjBL2C8pDTydsjFyXtnAIVp339Zi67mQUrvKBfenJB tGVx2EiGorH5xN3JT9OeoPtIYvpUR51fU6wjM9+kZay0W5Zm3rfL+JR7i D2qGg2bEfm1rmyHX8CAQ7pPokX98fv9xmuDgLdib5i5+4PxrU81sQ0U5k Q==;
X-EEMSG-check-017: 25807616|
X-IronPort-AV: E=Sophos;i="5.64,486,1559520000"; d="scan'208";a="25807616"
Received: from ([]) by with ESMTP; 09 Sep 2019 18:29:54 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.3.468.0; Mon, 9 Sep 2019 18:29:40 +0000
Received: from ([]) by ([]) with mapi id 14.03.0468.000; Mon, 9 Sep 2019 18:29:40 +0000
From: "Chudow, Eric B CIV NSA DSAW (USA)" <>
To: "''" <>
Thread-Topic: [dmarc-ietf] Comment on draft-ietf-dmarc-psd
Thread-Index: AQHVZOWUCCpheWHDpkmEkg0ixDoLvKcjqQ/g
Date: Mon, 9 Sep 2019 18:29:40 +0000
Message-ID: <>
References: <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [dmarc-ietf] Comment on draft-ietf-dmarc-psd
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 09 Sep 2019 18:30:02 -0000

On September 5, 2019 8:22:27 PM UTC, Dave Crocker <> wrote:
>On 9/4/2019 6:28 AM, Dave Crocker wrote:
>> ence my current view that:
>> 1. The change to DMARC should be limited to permitting the query for
>> organization domain to be anywhere in the DNS tree, including a TLD. 
>> Within DMARC this would not look like 'extra' mechanism.

An additional DMARC query at one level above the organizational domain should be an additional query, rather than more simply being able to have the organizational domain higher up the DNS tree and not having an extra DMARC query.  This is particularly the case for reporting so that even if the organizational domain and the PSD domain one level above the organizational domain have the same DMARC requested handling policy, they can have different DMARC reporting addresses.

For DoD and the .mil TLD, we support this PSD DMARC effort and believe that it would be beneficial to have an additional DMARC query at the PSD level.


Eric Chudow
DoD Cybersecurity Mitigations