Re: [dmarc-ietf] Nonexistent Domain Policy was: Re: Working GroupLast Call: draft-ietf-dmarc-psd

"Douglas E. Foster" <fosterd@bayviewphysicians.com> Mon, 22 July 2019 04:31 UTC

Return-Path: <btv1==1063ccfea48==fosterd@bayviewphysicians.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C11E1201B4 for <dmarc@ietfa.amsl.com>; Sun, 21 Jul 2019 21:31:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bayviewphysicians.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LnFB6rI14stS for <dmarc@ietfa.amsl.com>; Sun, 21 Jul 2019 21:31:50 -0700 (PDT)
Received: from mail.bayviewphysicians.com (mail.bayviewphysicians.com [216.54.111.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15C61120186 for <dmarc@ietf.org>; Sun, 21 Jul 2019 21:31:50 -0700 (PDT)
X-ASG-Debug-ID: 1563769908-11fa3101dd2fcbe0001-K2EkT1
Received: from webmail.bayviewphysicians.com (smartermail4.bayviewphysicians.com [192.168.1.49]) by mail.bayviewphysicians.com with ESMTP id t1lMJHiyEOVi9B33 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO); Mon, 22 Jul 2019 00:31:48 -0400 (EDT)
X-Barracuda-Envelope-From: fosterd@bayviewphysicians.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.1.49
X-ASG-Whitelist: Client
X-SmarterMail-Authenticated-As: fosterd@bayviewphysicians.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bayviewphysicians.com; s=s1025; h=message-id:reply-to:subject:to:from; bh=/fiWL8GR5wdZ5qYr/mzyEXQVCTWfi2BhBEik/X42n5c=; b=gm1r7L2k3O3G2jtofZ0gb2/y1TgZF7uqPlkfY0JQNMZddwYUTOdVSGiNBO31rk1p9 X9NVjGrUwvGk9etNerpckznXAHpH8mLsE23STNaR7fiOsbTr3d0pFEQ+USYOzYUl1 WK4gpRpxbsZzFF0PBjcLPq1+rG1cxJ8yDaI2bjiBg=
Received: by webmail.bayviewphysicians.com via HTTP; Mon, 22 Jul 2019 00:31:40 -0400
From: "Douglas E. Foster" <fosterd@bayviewphysicians.com>
To: <dmarc@ietf.org>, "Alessandro Vesely" <vesely@tana.it>
Date: Mon, 22 Jul 2019 00:31:40 -0400
X-ASG-Orig-Subj: Re: [dmarc-ietf] Nonexistent Domain Policy was: Re: Working GroupLast Call: draft-ietf-dmarc-psd
Reply-To: fosterd@bayviewphysicians.com
Message-ID: <83f0b1ffbf0c466eb3bc66e3510738f0@bayviewphysicians.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=0da137096a8a416aa2e413e6162d3b65
X-Originating-IP: [192.168.72.10]
In-Reply-To: <659dfb1f-dcb2-86ca-55a1-b3af6ce7ed1c@tana.it>
References: <CAL0qLwbbz_UhBLsURg=eXhRBC2g9OghiN==T9Uq9pFuLtd=b7w@mail.gmail.com> <1808303.aIhlromXIS@l5580> <CAD2i3WN42v0RHzu+2=+_mjX5kmxw6B-0F3-=bY-bTEsJM1qLvA@mail.gmail.com> <1692123.ljdY5SVR4M@l5580> <CAD2i3WPGWe8Z3av1Jua6sazsoStc7VTOLBve7psVo=K4VGTgig@mail.gmail.com> <D42C419C-F02E-4B5A-BB10-E8D49000349B@kitterman.com> <659dfb1f-dcb2-86ca-55a1-b3af6ce7ed1c@tana.it>
X-Exim-Id: 83f0b1ffbf0c466eb3bc66e3510738f0
X-Barracuda-Connect: smartermail4.bayviewphysicians.com[192.168.1.49]
X-Barracuda-Start-Time: 1563769908
X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384
X-Barracuda-URL: https://mail.bayviewphysicians.com:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at bayviewphysicians.com
X-Barracuda-Scan-Msg-Size: 3610
X-Barracuda-BRTS-Status: 1
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/gpHwwppPjYh7FYb7pKEw6F9PQkg>
Subject: Re: [dmarc-ietf] Nonexistent Domain Policy was: Re: Working GroupLast Call: draft-ietf-dmarc-psd
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2019 10:30:58 -0000

About this paragraph:
  
 >> The original pre-standardization version of this protocol included a
  >> mandatory check of this nature. It was ultimately removed, as the
>> method's error rate was too high without substantial manual tuning
>> and heuristic work. There are indeed use cases this work needs to
>> address where such a method would return a negative result about a
>> domain for which reporting is desired, such as a registered domain
>> name that never sends legitimate mail and thus has none of these
>> records present in the DNS.
  
  This section seems to give a free pass to senders who use non-existent 
domains, as if such behavior had no impact on the risk posture of the 
recipient. 
 It seems to say, "You can keep doing this, because so is everyone else."
  
 I would think better language would be along the following lines:

  

 "Senders SHOULD register all domains in DNS, as MTA operators MAY block 
messages that appear to come from non-existent domains.
 Developers of MTA filtering software SHOULD provide MTA operators with the 
ability to block non-existent domains.
 If such ability is provided, the MTA filtering system MUST provide a 
mechanism for overriding the filter rule for messages that are acceptable 
to the recipient organization."
  
 In short, the evaluation of whether manual tuning is worthwhile should be 
left to the discretion of the MTA operator, based on his organization's 
risk tolerance and message characteristics.