IETF Logo Mail Archive

[dmarc-ietf] Tree Walk + CNAME

"Brotman, Alex" <Alex_Brotman@comcast.com> Wed, 30 March 2022 12:49 UTC

Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2102B3A1606 for <dmarc@ietfa.amsl.com>; Wed, 30 Mar 2022 05:49:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O6Y8myn0rr8q for <dmarc@ietfa.amsl.com>; Wed, 30 Mar 2022 05:49:52 -0700 (PDT)
Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C26363A15FE for <dmarc@ietf.org>; Wed, 30 Mar 2022 05:49:52 -0700 (PDT)
Received: from pps.filterd (m0184894.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 22UCkN78008472 for <dmarc@ietf.org>; Wed, 30 Mar 2022 08:49:51 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=20190412; bh=To541MU7m7kc2cKNVmoIWrHy+Ym5314+mBO8m2x3nZo=; b=Nrv3XQ3ILsNBkHBcWJY786SY9pTNEngqA9Dwl4ZdiXyTqPeSRYwRSjlCsHnF9bFyb1LI uJXypgEsm2aOokT0+ikOj5XTmLfGeVGAkCjfzct/xEHHoXKl1uVF9Hpniy0F1M7RcyPa sfBUtwkRIV/PDuM/Z2sG5XUmG92zoeGb2m2i+WDIYsX0EzvTwSQHOojdPlzmGATn3n07 ffO/zmdln3o5H1UCexEUWnOWeQP2j0RlHLn8/TKpCLOr1LN47Uh3R8nl+5rgSD1i1E3r PwDIHzNhaVNnDEHo+lp783ykn8EbbqA/m3e1JqkapjI1gFKtJKJZAQMZRQjYY/ocbZM5 Vg==
Received: from copdcexop03.cable.comcast.com (dlppfpt-as-1p.slb.comcast.com [96.99.226.135]) by mx0a-00143702.pphosted.com (PPS) with ESMTPS id 3f3j0tpt6v-7 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <dmarc@ietf.org>; Wed, 30 Mar 2022 08:49:50 -0400
Received: from COPDCEXOP01.cable.comcast.com (147.191.124.156) by COPDCEXOP03.cable.comcast.com (147.191.124.158) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Wed, 30 Mar 2022 05:49:21 -0700
Received: from COPDCEXEDGE02.resource.comcast.net (76.96.35.199) by COPDCEXOP01.cable.comcast.com (147.191.124.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22 via Frontend Transport; Wed, 30 Mar 2022 05:49:21 -0700
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.43) by webmail.comcast.com (76.96.35.199) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Wed, 30 Mar 2022 05:49:21 -0700
Received: from CH2PR11MB4342.namprd11.prod.outlook.com (2603:10b6:610:3b::19) by DM5PR11MB1674.namprd11.prod.outlook.com (2603:10b6:4:b::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.19; Wed, 30 Mar 2022 12:49:19 +0000
Received: from CH2PR11MB4342.namprd11.prod.outlook.com ([fe80::6d23:7728:fde6:87ac]) by CH2PR11MB4342.namprd11.prod.outlook.com ([fe80::6d23:7728:fde6:87ac%7]) with mapi id 15.20.5102.023; Wed, 30 Mar 2022 12:49:18 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: Tree Walk + CNAME
Thread-Index: AdhEMJtScbEjw3iCRuGyMrKFvpV6xA==
Date: Wed, 30 Mar 2022 12:49:18 +0000
Message-ID: <CH2PR11MB4342CCC64C5B6D6F9F7DB01DF71F9@CH2PR11MB4342.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9de8767c-3a48-400f-6235-08da124bb4a6
x-ms-traffictypediagnostic: DM5PR11MB1674:EE_
x-microsoft-antispam-prvs: <DM5PR11MB1674E253D8C317D3335C1C83F71F9@DM5PR11MB1674.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zEU5fURR/8h+RSiQxR7z4OQn0heNOufanopWs5du2AT1c7LkGkOXOeUcmx3uLapZwZhS2nJUWBeqklVyOCKH+hKZbSDqaE+hkXQe5uAVuQXmFVYZ4X2MvKhFbCQBXi4+U/tI5feHw+oSVAFE5YMvGphsoVVbxgLb97bUZj8hGBmxHj+q1ZcA0incqPC1lJHSzSMeVfv16gpxc7qEu/JciPozLXT+hKHSsdGacsUYlaf3+jpfz4YzJRKaKAK/sXy2WoWHeRqoy9cYM8abpG1PA9Cnu3I0G9QRU4ZQWYS8Nip7IcvWRCh4WUsfPT+28IYBwyr0PLhg3RJyS2zek5ZFpJFuPpUwUZMLpCLDCYR8AWrfIKW6XC5osodv33WFIoXmQW0wY/s23biVHbp1OI2rJDxu1N6bujGofIMTk2N+C7e+HlbOZI1cu0dnwShF3KWb7zl7RU7KoNPzhZM8zKVbGJRZrNf82EtGlVfqq2tD9QOfkAGFqAWXrcQ2rCbnXeJQwnZaO4gYLJ/cItEd15/7lErXs5JD8jey3zj7tTa3KoGOMwX23CcrOsk7IGQc6lJ6SyaMJNmcP/lsHM3/ZpjawnU1dYK6JOln6g4L2Q61iruG/tU+1xwmUfjt/smQOnL9hXA+6G5aqznBVLubPfLYZ8zL0DRxFITk0eQI98AgbMzp0wY9AixANP1Di+ArRjSYxbbg3PTFU1O+5gkzvLsGPQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR11MB4342.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(4744005)(8936002)(38100700002)(38070700005)(122000001)(82960400001)(5660300002)(186003)(9686003)(316002)(52536014)(508600001)(71200400001)(6916009)(33656002)(6506007)(7696005)(8676002)(83380400001)(76116006)(64756008)(66446008)(66556008)(66946007)(66476007)(2906002)(86362001)(55016003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?1M9AnPPtTsX1xvPaAydMMklIleHc+i9pN/ZoL8YFPR79lfLaTSg9mtDH/7c+?= =?us-ascii?Q?kX1ON25yPnzTvF/UugW+x/vnuZtMX37Kg8vQD6eSloqOTpZUVBKRtASXlmIq?= =?us-ascii?Q?8qQT5cKh3ohLJ4r0siY01GC+S0wrox0kBeQcmc8F78QABnXTBUmw2Vdj5PJD?= =?us-ascii?Q?oqnQlvF43sZf7VNXrr7zmlG6N1lR1oWQ4Oj6C3JdtTLTs1BTYjpyLXN93Ho0?= =?us-ascii?Q?kvnVHPfi5mrieimcF3XWQKTT5G9KwFDOkXAjoFDJC6IQv9YX7Hgh/Q7rre0A?= =?us-ascii?Q?Wo2PWtZP1x6TVTb4PiNp2SnKivKUU8A3XLSmhSaM8RkcmEnw/sWN24JB2xn0?= =?us-ascii?Q?ntv99qSuYvgoYOZL4+c7oAJdvZI4ARFgk4aQAHpcWDgPcisMmSPDJB0i1kJu?= =?us-ascii?Q?O9tielMjmiQC7dNKkdAMSH+GwRHZ1sMFi94FUJdmixNkE33lKMjNgERWT4We?= =?us-ascii?Q?M4tqhDaER0nQxyzOwtx9VG4TZ+16pS9aH4tqoUUvNV/mauS3d/L0a2/yaEl7?= =?us-ascii?Q?GMDL00QC1pApopOaeAelaARSLqo1gIvTI7VF2rCLaY6p9Ii/QgWj5OpZYW+W?= =?us-ascii?Q?lEiKQXnAGMejude3sLDxv/tq5lVCsN8jC90el7OqNNKWRKZukcEcTOZ56LHp?= =?us-ascii?Q?kVgLms6/WTOZFu3pczwqHbg11EYKBohdBuPpTHMzGtSHKBwGYmvWChPMApvW?= =?us-ascii?Q?CJd+o+vfzXeZI8/Zr8ZxZOvYwttrfHVmhMok/fY4nbVoBcZUnVnZAls9TeEL?= =?us-ascii?Q?qBiRKwSx5rQN9hOPEWHIvrXYj+YlccKaGkL7fiAQ7zEuj2onXU1kWOmvc1Q1?= =?us-ascii?Q?UG8n8ExfZKDSJ5myJA224Jj+lzRfzhxxBwWyCGXfa1z4XwEHnXi64MrWilJn?= =?us-ascii?Q?+9hJ7LUqtnwmW1U1yVJPL+O+s+h94qkLXpt12gRGXu2QTj5Z0oBUroTPnISi?= =?us-ascii?Q?JrvW0xTj6/pZwwCmtR9ncRY1iYZqh8nsMqG4sGZDFU3NN53puhtddAc2cGOn?= =?us-ascii?Q?OgadfskZ7rYsj70QmxnL0/4zjojw7F64HgBiw6YMw3KT4TMM+Eu/pDXiT8nD?= =?us-ascii?Q?4E4XkDmUJifnXMtdrj8gIb/PkOqS552ypqIgPfaRj/CBZryscBEHsukJBZt5?= =?us-ascii?Q?IEsXInH8rXBfxAZsJBvyD2BB+HzV2A/CdnJi7EYV1IX3p6FJCksB6Q+VPVAc?= =?us-ascii?Q?ANLUB+IK0glu5CJjJhB8CZ3wvfjsFTokWJV43ZhBmZXmwwxpY8Hd2m5W6T06?= =?us-ascii?Q?O/XVn+kRmwvtBLHVgC7LT7+dZVbX1ZFoJMfmjxd8/67zC6yvVA2dJRWdg+oO?= =?us-ascii?Q?FqP7Gi6cxLjXFTp24d77fQAeLIQ5H9xDJq+iXpF9azcgmLt3rS1I8Wf6FpzG?= =?us-ascii?Q?9ZOT8uJNY3hqXaroEwcx2Boh1nzBKQRdxvYukzwFgHoNf3tJzSI3Le59F6FA?= =?us-ascii?Q?5DMh/YDSleM4VI5iXF7paJTzy2prUyvVUc0u94LpHtYe08lpAmOCxhnhVBdJ?= =?us-ascii?Q?0583T914aVRP4LRRwxe/Jse5zkXrbWPIZblELXFvIDb94n1teTbfv2xXj/nA?= =?us-ascii?Q?+wG9RpA+Ae7mYzAibwRw1uvRpvXOMfdJDO996SpDsmNIQS4jVlg5YlFs78W4?= =?us-ascii?Q?4X7yaWyAhQ0weB7PmJ6X9lkycSwVUKfW6g2nNWm6s3waUoYqhs2vJ3A3CXoo?= =?us-ascii?Q?N+Biuxtam1OVz+tJ/kWU96b33T111AZ4VDhhUUs2pBXztpNhnWGAgqf/JmSO?= =?us-ascii?Q?ZIzq311HAv3pOJoQeF9IXVZCcdPYlEYGoHAFTi8MmrEc5Urgu9hfBJbpwDlk?=
x-ms-exchange-antispam-messagedata-1: dfdkdEUyp75JHaEplerr93LVrSL/4Iy29sk=
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kloz78wlZ1sazUBKXVsAA1jgy/1fsGU61sX+hX0vp5qYnrVdRG9QhJvKCuQv9R4gBbF9Lok24d9yOqRnRjPBavDIXI/iNCN04JhEtTTRxTb0NBIo7RoDeKWQV2FZ0PsunciljwiWq/KTkoP5n1pKZnRJOa8HRjNmyKMdGtj/X+6U3E2xYIN2oPbW62P7gXIHqEGZpVBAZni940ofA9qLk0AHIRZVlTGQH7LBTGNn5jdc2Othne0c2s5koWsm3vORoK1D/IZwhIkfowVdQgpiNAsWhaXC1wq4gq8V3yp6bGB6MpxU/9H1l1zqjyXp0hlFitTTYPyrLb/n8cpEOdOKvg==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MM0R3sfouP43jPsR/qWkub0Z7BXscHBnt9p0YPZxriY=; b=bLQ8m4g8v0LUEIONKsfoUBKDgaVnllPiifYWrMaEKWdoBqbrh8P2h4eFtXtXh3oMiH8WqqyP9VzbW899DG4gMla7RYYaB6s7fPT+ZDsTRsaEdCplWrTQYuhrc6kOOtaObHOglzb6IxXsHVO5OrIcgPJ8RtBMxbG8nqjdRWLHKi+DU8cI8QWvHA2LnkM6u3qTSFDOLatditAYYCdGRB1dpRtxjqfuGXumefR52mhsjHtv8R4f9kIYyzz3ZSopKitEUWBr1Y3Q9XpJsVr/FzWPC9y5xDbLH43GVgQYI30Qd84yLYbaF/gXn+QG4FNR9E93S85A5ody6nRONvdHqT/96A==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: CH2PR11MB4342.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 9de8767c-3a48-400f-6235-08da124bb4a6
x-ms-exchange-crosstenant-originalarrivaltime: 30 Mar 2022 12:49:18.8527 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: O1HE3bJrFWRDHQTYw63PeoDAFbCUsFRC8+hy4qk0icaicJ5gGyhswaFtOJeZpvh04vuQU9c5tEygPzmWbm/EBUUDUC0ojVUtsDiE+6E+HeI=
x-ms-exchange-transport-crosstenantheadersstamped: DM5PR11MB1674
x-originatororg: comcast.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWV
X-Proofpoint-GUID: 3cNs7NaDnt6lUPP0tIGQSseVhDF9_9_W
X-Proofpoint-ORIG-GUID: 3cNs7NaDnt6lUPP0tIGQSseVhDF9_9_W
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.850,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-03-30_04,2022-03-30_01,2022-02-23_01
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/g99KQ7Q8zltDEg0KiGBIdzgQRXs>
Subject: [dmarc-ietf] Tree Walk + CNAME
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Mar 2022 12:49:57 -0000

>From section 4.6:

To illustrate, for a message with the arbitrary RFC5322.From domain
   of "a.b.c.d.e.mail.example.com", a full DNS Tree Walk would require
   the following five queries, in order to locate the policy or
   Organizational Domain:

   *  _dmarc.a.b.c.d.e.mail.example.com

   *  _dmarc.e.mail.example.com

   *  _dmarc.mail.example.com

   *  _dmarc.example.com

   *  _dmarc.com


What should the evaluator do if one of these results in a CNAME that either:

        a) points outside of the tree
        b) results in a loop pointing at a previously evaluated record


--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

v2.8.7 | Report a Bug | By Email