Re: [dmarc-ietf] Tree Walk + CNAME
John Levine <johnl@taugh.com> Wed, 30 March 2022 17:06 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id A37CD3A1534
for <dmarc@ietfa.amsl.com>; Wed, 30 Mar 2022 10:06:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.862
X-Spam-Level:
X-Spam-Status: No, score=-1.862 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
HEADER_FROM_DIFFERENT_DOMAINS=0.248, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=iecc.com header.b=gO4eobsM;
dkim=pass (2048-bit key)
header.d=taugh.com header.b=gQfhp53i
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Euc6zortUH6s for <dmarc@ietfa.amsl.com>;
Wed, 30 Mar 2022 10:06:29 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com
[IPv6:2001:470:1f07:1126:0:43:6f73:7461])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id C5D6A3A15B0
for <dmarc@ietf.org>; Wed, 30 Mar 2022 10:06:28 -0700 (PDT)
Received: (qmail 98609 invoked from network); 30 Mar 2022 17:06:26 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com;
h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness;
s=1812d.62448e12.k2203; bh=y8O3FMfIwTO6X8Sv8fNnBgfdASX2vqSP/XB7E0u31f8=;
b=gO4eobsMHM7BhyRehBbwg7N/Qxte+OIBVMwrfQMWID7nz/ecthe9qKUtRl3dcjpocmTkfRvhYMUeVDwYtmR+mI9zjHB+G/8Xyr9Wx10MtxKUn7PDdGh6l0p56uqZPUUiemVKOgzePgAyEkAMXNcb2k6lVROCBcaUChAiZWnH9NEWkjvzNhqvqfDgN4CWiXewDjfsjLpNtqDMvWE/P9n1BcdN226vgcP4519ns57IWM89TJ23kvyCpxba7ag/Imk/yXHfvk5rmtxl5U138FCRHUVoSQvzupZolFVCr/JiV5JzTTsAOvUhwo6V3Kso/T1kW/a6nfyAbuwN1CxxhaYReg==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com;
h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness;
s=1812d.62448e12.k2203; bh=y8O3FMfIwTO6X8Sv8fNnBgfdASX2vqSP/XB7E0u31f8=;
b=gQfhp53iBrz0YkMCnyTPFWTN8cJo6SjNvqjYOnetEuYzGR0B8pMlwgopRgNC7JpJolerbYnEFyoSfCdvs/Ahrg0NvkGbTGhsMeTqOQokR+9uqDVWvkcx6ILJp3gZATS5Nd4D81YVtL/PcnbhCcrd0R69HwaYIayuO5vF24IDKFo0hXk4HztUslbyKNYVZIWPyP7vl6qTnYF9fXWxuDi2qiiw0Cpo85mqc4XYkBaPQwG6x+JGiMYnACpgewBXlMjpVADWe0QeYdZ0NzK4F6kmEcBE9bGKBXcRJmrX8XHYP/iLBJHFZqOItmEiOUar/6KBomuoOk72v/KnWd6EqrYttg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170])
by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170])
with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6;
30 Mar 2022 17:06:26 -0000
Received: by ary.qy (Postfix, from userid 501)
id 7F12E3A0DB16; Wed, 30 Mar 2022 13:06:25 -0400 (EDT)
Date: 30 Mar 2022 13:06:25 -0400
Message-Id: <20220330170625.7F12E3A0DB16@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: tjw.ietf@gmail.com
In-Reply-To: <CADyWQ+Gdd1=3wmFH8+Jiyu25M8ARw_0qfYV1TuRRqtuvrk-ihA@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/hbCbQFymKUA-w6ug3wvX0Ybg7vg>
Subject: Re: [dmarc-ietf] Tree Walk + CNAME
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting,
and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>,
<mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>,
<mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Mar 2022 17:06:34 -0000
It appears that Tim Wicinski <tjw.ietf@gmail.com> said: >> What should the evaluator do if one of these results in a CNAME that >> either: >> >> a) points outside of the tree >> > >I would say "Follow the CNAME" - consider LargeCo which points many DMARC >records >of domains in their portfolio to a record in their main domain. Or >outsourced DMARC to third party. > > b) results in a loop pointing at a previously evaluated record > >CNAME loops are usually detected in resolvers, but loops should return no >record found Agreed. There is no need to treat CNAMEs here any differently than they are treated anywhere else. Like Tim, I can easily see practical uses for a CNAME pointing at a shared DMARC record. R's, John
- [dmarc-ietf] Tree Walk + CNAME Brotman, Alex
- Re: [dmarc-ietf] Tree Walk + CNAME Tim Wicinski
- Re: [dmarc-ietf] Tree Walk + CNAME John Levine
- Re: [dmarc-ietf] Tree Walk + CNAME Scott Kitterman