IETF Logo Mail Archive

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dmarcbis-07.txt

Scott Kitterman <sklist@kitterman.com> Fri, 22 April 2022 13:14 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE2883A156B for <dmarc@ietfa.amsl.com>; Fri, 22 Apr 2022 06:14:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.11
X-Spam-Level:
X-Spam-Status: No, score=-2.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=p3jWH7hi; dkim=pass (2048-bit key) header.d=kitterman.com header.b=nSsx9XVm
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QDdY-cKycZH6 for <dmarc@ietfa.amsl.com>; Fri, 22 Apr 2022 06:14:52 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9DB83A1569 for <dmarc@ietf.org>; Fri, 22 Apr 2022 06:14:51 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id 2CDE2F8023F; Fri, 22 Apr 2022 09:14:47 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1650633287; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=MQ1IEZ5g+x5DxamZiJGlWO2uS73jasLCWWnt79kNUSM=; b=p3jWH7hiijCKT5tp70LZYdzupDEq1yPHPy5c2OGnBLagKib2tF4qgrAsUTrDfcSNjQEk7 0zzpvoPUAHku1usAg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1650633287; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=MQ1IEZ5g+x5DxamZiJGlWO2uS73jasLCWWnt79kNUSM=; b=nSsx9XVmIpM01L6bD01PJqN589+8gi6EN6UP8FHt+6d1nia9juI4FS7USp8U750sJUjVj K+RJbZXxhCkIVtTQl7DMOM2e3xy/DB80/OGINWBxy3EO82g8HOBspZQzcaheVwXloJrwhYI FZUj/lIbthN4hd9Eyf/EWFQ7u47ercJTdIK/DaJNkCF12MZSVNts69elN2eSvjfK00ZXUT+ 9fMOEwnMIB7KagtSim90a+kbTo2qeB0fKUvqZGTQqFfCux08i6t3He74Nq+qYewXxIy4LdN /xLZjuOxWeg7Ff/bHQW9RBYZE8gsgNMEd7yTlr19LflgIsSZ2PodP5enyAFw==
Received: from [127.0.0.1] (mobile-166-170-33-136.mycingular.net [166.170.33.136]) by interserver.kitterman.com (Postfix) with ESMTPSA id D9715F80234; Fri, 22 Apr 2022 09:14:46 -0400 (EDT)
Date: Fri, 22 Apr 2022 13:14:46 +0000
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
In-Reply-To: <CAKFywTKC3HUz=G2O+YvnbqZ0sqMM9XfUiw=jZMu1PSVqMtPcTQ@mail.gmail.com>
References: <164925666278.4445.13789431014958416691@ietfa.amsl.com> <CAKFywTKC3HUz=G2O+YvnbqZ0sqMM9XfUiw=jZMu1PSVqMtPcTQ@mail.gmail.com>
Message-ID: <30789809-B1ED-4757-86CC-0E3C571B1299@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/e4i3eWdg-TJFFpADXaBvecc_d3w>
Subject: Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dmarcbis-07.txt
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Apr 2022 13:14:57 -0000


On April 22, 2022 7:35:29 AM UTC, Robert <aradesh@gmail.com> wrote:
>In section 4.8. Organizational Domain Discovery, we have:
>
>   Note: There is no need to perform Tree Walk searches for
>   Organizational Domains under any of the following conditions:
>...
>   *  There is no SPF pass result and no DKIM pass result for the
>      message.  In this case, there can be no DMARC pass result, and so
>      the Organizational Domain of any domain is not required to be
>      discovered.
>
>---
>We would still want to find a record to know who to send failure
>reports to no? And this would involve some sort of tree walk if the
>MAIL FROM doesn't have a record. Should it be changed to something it
>like:
>
>   *  There is a DMARC record at the RFC5321.MailFrom domain and there
>      is no SPF pass result and no DKIM pass result for the
>      message.  In this case, there can be no DMARC pass result, and so
>      the Organizational Domain of any domain is not required to be
>      discovered.

I agree the current text is a problem.

This case is guaranteed not to pass, so you would need to know what policy to apply.  There's another item in the note that addresses the portion of this case where the 5322.From domain has a DMARC record.  If the 5322.From domain doesn't have a DMARC record then we do need to find the org domain to determine the policy to apply.  I think this should be deleted, not modified.

Scott K

v2.23.0 | Report a Bug | By Email