IETF Logo Mail Archive

Re: [dmarc-ietf] Tree Walk impact

Scott Kitterman <sklist@kitterman.com> Mon, 09 October 2023 22:49 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80CCDC1524DC for <dmarc@ietfa.amsl.com>; Mon, 9 Oct 2023 15:49:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="Kytm23SN"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="RaRUOo+p"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YQftuJTbrA2R for <dmarc@ietfa.amsl.com>; Mon, 9 Oct 2023 15:49:00 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5932C1522B9 for <dmarc@ietf.org>; Mon, 9 Oct 2023 15:49:00 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 0EC92F8027F; Mon, 9 Oct 2023 18:48:49 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1696891714; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=xQhajWa+k0Riv4DnnijHpXgLrdubEsd//fAASRp2okg=; b=Kytm23SN3VTcDx7+7O2FLULumSwhqyNEcw1WPHBjyx4B8dBd0C6P6fSSXlk4WSRg9EpE1 jZnW044Dbc7Ad0vDw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1696891714; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=xQhajWa+k0Riv4DnnijHpXgLrdubEsd//fAASRp2okg=; b=RaRUOo+pc9EVeb6RfmvOlzhrYi5gFd1OYvCmmJkpKayFAz7lKZph3Xbk8PxTIhNTmSXRK 4auvzH/8oUY+azudgMNkDVQN6NqwiYLxVF1LwE0PHybq05vWgpsLadoRJoZV2QdOBg2pDh8 GliSDfy251VDt7BxI5TiTvSBVoa4LzGrEIwkokOnHXKTs2GJnYY6G6wCMYZ9oxKp9GmIAim YocYNOUutf1kvCm4IDPHMv9FR7TKc2lrwOytQ7w3+BAh0vq63/AJ3ri4+E7+gxjLfutwAoz 7ltSQ+bEon56J9VLH5NcgheNS+0RdraHeQ3PRL+eEKWWqrrn7j69IwLFpoLQ==
Received: from [127.0.0.1] (mobile-107-107-63-226.mycingular.net [107.107.63.226]) by interserver.kitterman.com (Postfix) with ESMTPSA id 5CDA4F8026E; Mon, 9 Oct 2023 18:48:34 -0400 (EDT)
Date: Mon, 09 Oct 2023 22:48:28 +0000
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
In-Reply-To: <CAH48ZfyV_qBd_aEimU_TVfCw_Cra0fOFVkDQX2gsJiRwhLZ=9Q@mail.gmail.com>
References: <2$gO5vBMRZIlFAqX@highwayman.com> <20231007194547.2C45A35A9CEE@ary.local> <CAH48ZfwRVa9sjA3ZFxujbraRrVj9WJ7ZpSL6L1+ZXaWgd7bd+w@mail.gmail.com> <3498ed9e-2338-e90c-03f6-168f4720e463@tana.it> <CAH48ZfzoH54ss5qguh+qZKy2qJbGfJAEM-xhwZVMru9YwwZahw@mail.gmail.com> <9255ED77-2E7F-487E-AAC2-FA0FE69D2331@kitterman.com> <CAH48ZfyV_qBd_aEimU_TVfCw_Cra0fOFVkDQX2gsJiRwhLZ=9Q@mail.gmail.com>
Message-ID: <6637806B-5FDB-46C8-8672-784A8DA863A3@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/cIbN9wlXe6pLY24pv-fdhbcb7Eo>
Subject: Re: [dmarc-ietf] Tree Walk impact
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Oct 2023 22:49:05 -0000

Thanks for confirming that your list of "problem domains" was not based on the tree walk design in the draft.

There's been no discussion of the how and the why of the design the design other than on the list.  I'm also mystified how it's possible you don't know.

Scott K

On October 9, 2023 10:19:56 PM UTC, Douglas Foster <dougfoster.emailstandards@gmail.com> wrote:
>Great question.   On Feb 23rd, I had this exchange which John settled:
>It appears that Douglas Foster  <dougfoster.emailstandards@gmail.com> said:
>
>>-=-=-=-=-=-
>>
>>I seem to have missed this redesign.   I thought the plan had always been
>>to take the top-most policy not flagged as PSD=Y.
>
>
>The current design has been in the draft since October, and we discussed
>it on this list at great length.
>
>
>R's,
>John
>
>Today, re-reading draft version 28, it says to use the top version.   I
>missed when stop-first was chosen "after discussion at great length", and I
>also seem to have missed the decision to switch back, presumably after
>equally vigorous discussion?
>
>Both approaches have problems.   Stop-at-last enables the walk to exit the
>current organization and stop on a private registry, for both alignment
>evaluation and for aggregate report transmission.   This is not a minor
>problem, even if it is arguably infrequent.
>
>Given that the problem with PSL is imperfect data, the solution is better
>data.   Instead we have chosen a heuristic, and consequently we can be
>certain of heuristic-induced harm.   We should give domain owners full
>control over their organizational boundary, and stop guessing.
>
>Doug Foster
>
>
>
>
>
>On Mon, Oct 9, 2023 at 9:00 AM Scott Kitterman <sklist@kitterman.com> wrote:
>
>> Where does it say to stop at the first policy found?
>>
>> Scott K
>>
>> On October 9, 2023 12:51:33 PM UTC, Douglas Foster <
>> dougfoster.emailstandards@gmail.com> wrote:
>> >Right, but we walk up from both domains separately, and each walk stops at
>> >the first policy found.  Since the two walks stop at different policies,
>> >they are presuned to be different organizations.
>> >
>> >Doug
>> >
>> >
>> >On Mon, Oct 9, 2023, 5:35 AM Alessandro Vesely <vesely@tana.it> wrote:
>> >
>> >> On Sun 08/Oct/2023 04:00:31 +0200 Douglas Foster wrote:
>> >> > Attached it is a spreadsheet with the problems from my data set.
>> >>
>> >> I see no blocking.  For example, the list shows From: bayer.com,
>> >> d=crm.bayer.com, the latter deemed blocking.  Both domains feature a
>> >> DMARC
>> >> record and (unsurprisingly) none has a psd= tag.
>> >>
>> >> According to the spec, one should look up:
>> >> _dmarc.bayer.com
>> >> _dmarc.com
>> >>
>> >> And then
>> >> _dmarc.crm.bayer.com
>> >> _dmarc.bayer.com
>> >> _dmarc.com
>> >>
>> >> The organizational domain is bayer.com and they are aligned.  No
>> blocking.
>> >>
>> >> Best
>> >> Ale
>> >> --
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> dmarc mailing list
>> >> dmarc@ietf.org
>> >> https://www.ietf.org/mailman/listinfo/dmarc
>> >>
>>
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>>

v2.23.0 | Report a Bug | By Email