Re: [dmarc-ietf] Domains and tree walk

Todd Herr <> Wed, 02 December 2020 16:22 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E31F13A1391 for <>; Wed, 2 Dec 2020 08:22:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XtRAgvh7_eAO for <>; Wed, 2 Dec 2020 08:22:39 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EC2433A146E for <>; Wed, 2 Dec 2020 08:22:13 -0800 (PST)
Received: by with SMTP id k4so1402478qtj.10 for <>; Wed, 02 Dec 2020 08:22:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=EVFLOiK00CdzLS7m3e7qQUf/j728An/XGQ8igoUeklI=; b=Ty1SPQTztib718kUPn+Uc1PG6DVCP6yV/NbwMSI+GOGggX8ZNWp8tMyaEJkMAOByBT i7Tt4Sq9JRVZ5jYPoO5oJ5EcR64Itjn0aAN4XCJeojnY0leQC77QRd4eAdD+83VsvkWX olnR5CG+W1uAbVxIi5dfYen2yHSjLVBN8c+B35WbYDDNWL/wpPPqmjymw5Pj4MXJod8m ua5v9B/rc3rJRJUoD3sl/YonfI4f0uPICkM+w0Gr55LDTlyrDqKFWiRmsFOYWP/oEB7p G9G0obMhoVld/4QySTdLjeS7BsyivVTfFe/CLpMC1dOMVU9jYtly/zJ3ZgjeyGPs134T USBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=EVFLOiK00CdzLS7m3e7qQUf/j728An/XGQ8igoUeklI=; b=X5rz/jGI7xLU/ZZT6Lsz1X25hdgDZO2Qc9u+F51A5ftWX1XtvJdjKxzeNqGgtZNSSM Y7YgEXChA46KlxplvZmY6LsZbens8u6AkdsZzIQGxB+Cuca9xQ0WqvxFP/YBl7Gwf7R8 7/pEMWXE19ZTU39mDVj12OLty05CzGxt4q+8ghVN4JKYMqpY8lOz/+90IfwKgzMw6huY N0GfbntCPWwKkxp8HwE4DZbAW6L3N1Q35boqomka4hisf92lm8ldbFHXNfXfoW5J2mjy LsSMVO+F2VkMj/B5RGfovmY6vtzAS+PjGUicWn3qCGLTuy1McKup9tHeTS4GcKvMowBk IBsA==
X-Gm-Message-State: AOAM532i88EPKu+bsKpP46pZVT2Vpa5MNoN02jXCtcfGyUI/CcsRuHes pqZXGMohtGIai/f2C46xfeV6IkjxmUIOubzuR77dpMfsgtQ=
X-Google-Smtp-Source: ABdhPJyzbFN00sXIUG318H2LzY4dDRCN2gviQe98ZQnSVPlEM24cc966mohihcjeBlj/3qMxvGHzNRrdq3ccpQUmmWU=
X-Received: by 2002:a05:622a:14e:: with SMTP id v14mr3314191qtw.298.1606926132685; Wed, 02 Dec 2020 08:22:12 -0800 (PST)
MIME-Version: 1.0
References: <> <20201202025026.F16E128C5FDE@ary.qy>
In-Reply-To: <20201202025026.F16E128C5FDE@ary.qy>
From: Todd Herr <>
Date: Wed, 2 Dec 2020 11:21:57 -0500
Message-ID: <>
Content-Type: multipart/alternative; boundary="00000000000051c32c05b57da576"
Archived-At: <>
Subject: Re: [dmarc-ietf] Domains and tree walk
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 02 Dec 2020 16:22:41 -0000

On Tue, Dec 1, 2020 at 9:50 PM John Levine <> wrote:

>  In organizations that are not universities, the entity that
> is responsible for the registered domain generally sets policies for
> the whole organization, and a good deal of the DMARC design is there
> to let them figure out who is sending mail with their name on it from
> any of their subdomains and identify and adjust senders whose mail
> doesn't match the policy.
This is, I think, one of the most underappreciated features of DMARC. With
p=none, a proper rua= value, and enough time, one can collect all the
information needed to address any authentication shortcomings within a
designated portion of the DNS namespace before moving forward to p=reject,
assuming that that is one's goal with a DMARC implementation. Even for less
lofty goals such as ensuring that all mail is properly DKIM signed, or that
the SPF record properly enumerates all mail sources, I can't think of a
better tool than DMARC aggregate reports for ferreting out that third party
that the Marketing department hired to send mail on the company's behalf,
or locating that one mail stream emanating from the "server" sitting at the
side of Eddie the Engineer's desk.


*Todd Herr* | Sr. Technical Program Manager
*p:* 703.220.4153

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.