IETF Logo Mail Archive

Re: [dmarc-ietf] "psd=" tag early assignment

"Murray S. Kucherawy" <superuser@gmail.com> Wed, 13 July 2022 05:28 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30F11C14CF09 for <dmarc@ietfa.amsl.com>; Tue, 12 Jul 2022 22:28:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DYN6t7D41Vxt for <dmarc@ietfa.amsl.com>; Tue, 12 Jul 2022 22:28:38 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5885C14F732 for <dmarc@ietf.org>; Tue, 12 Jul 2022 22:28:38 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id u14so12266299ljh.2 for <dmarc@ietf.org>; Tue, 12 Jul 2022 22:28:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ou49lTzVwxvcmJw0fOp3ayYP4outJW3Hn4tmCy0IX3Q=; b=RXVNVdaXswzVbLfgpwRmRHlGmuKg6b3SOPJ4tkhisXQIhL33GVOWy0RV9U+MSqSMRc ht4hJriFaXbnUgpUioImHwBQDwYMn9GTLyqHLIRA0yRAdV/o6o90TTU5oA2a6N02C8uR Pw1phOTrOuZ6X5tY4Obkj2TdgazcwthzQZUjA2NWNuDNACNo840t4yiC0CqjOT0atO2P LI5siwjq4IRy13nNk8V/fHuNLNM6hDromVtErAYhTdVmNQn8HoKC+oXkjRtqS6CV1TFO 2RE1aYBIJCsbklSea02Nspky88zE32emjGfzXnjIQYyPVhYaUSkr6Awesyxx+OE4SCKU HQpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ou49lTzVwxvcmJw0fOp3ayYP4outJW3Hn4tmCy0IX3Q=; b=eRYWCRbMDhfXQuzXxvnxS0ITJvAzQvGxObVjvhje9hdDD7ncPm8DK3MdgcNITJH032 I0Kh1x0IszZ1pUMKlwvxf4g4cbmEkyxfdKa6bCiinc5CXM+W0v4vC9ofJxZ4+6uyBaUZ A9WDbmIKj0RfHZZuRp8QZsIEXWf6QVfsMEJbIyrWTNcu6fKqcCmzyn7lmJMZkotYtKZE ai2Vw16dR5zgRXwJAIm5MQmkbFFI/Y/ExzyN9ZrPX9ypaJsJEHqCUSXwZ66Xxer8geE4 dfz/afBWx9zfyjDKxga4LI1F9Zv2EkfJKLp830E6TflA+VXIxSJVkJN7kO3yTEvD0xm0 /nYQ==
X-Gm-Message-State: AJIora+3P2wvRbVxonK/n/XgwQCvvMtPg8KJHwsopCHwQ1neInOBiXJN d/OCVM9Yc9tcqXugLibB0I4VWCEFwgnROaovW+3dHjC/9i4p8w==
X-Google-Smtp-Source: AGRyM1vkd/NBA7Qc7j5uwG0l8IixLb3QKdSkRxWqMylUeMkNzQiD9iM+8svayKQlyezfkEdQGx5LJ58x84Q9AA9aXa4=
X-Received: by 2002:a05:651c:224:b0:25d:6ddd:7770 with SMTP id z4-20020a05651c022400b0025d6ddd7770mr748683ljn.104.1657690116602; Tue, 12 Jul 2022 22:28:36 -0700 (PDT)
MIME-Version: 1.0
References: <20220710010547.DB3B04532F40@ary.qy> <d8716435-8a52-dac4-ede2-6c27fced7f0f@tana.it> <84DDA91C-26E2-4803-8C6C-0369ED67298F@kitterman.com> <c4a7fd03-eae8-497f-3133-73523a9c1ca2@tana.it> <CAH48ZfxnAyD6dBoT7kuX9TL0q0i+y3=UNxao0f506vurACnhLg@mail.gmail.com>
In-Reply-To: <CAH48ZfxnAyD6dBoT7kuX9TL0q0i+y3=UNxao0f506vurACnhLg@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Tue, 12 Jul 2022 22:28:25 -0700
Message-ID: <CAL0qLwZD85MM4Fn0Lij0zMqOFav718S6vzs_bLFgcunVpdhr6w@mail.gmail.com>
To: Douglas Foster <dougfoster.emailstandards@gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008c3ed005e3a90ea6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/hpZ2sy0mK4l_pGSdmdfHN_X3gc4>
Subject: Re: [dmarc-ietf] "psd=" tag early assignment
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2022 05:28:39 -0000

On Mon, Jul 11, 2022 at 5:57 PM Douglas Foster <
dougfoster.emailstandards@gmail.com> wrote:

> We should talk about "correct results".
>
> The PSL gets the correct results in 99-dot-something percent of messages,
> but we are proposing a new algorithm because it is wrong on some fraction
> of a percent.   The size of the fraction is not a reason to ignore a
> problem.   I support a change.  But is the proposed change an improvement?
>

You had me up until "because".  I don't think the fact that the PSL is
wrong in some cases is the single impetus to replace it.  I mentioned in
another message just now what I think the reasons are for pursuing a DNS
solution.


> We also think the proposed tree walk will also return a correct result in
> 99-dot-something percent.  But are they better answers?  On what basis
> would we answer that question?
>

I think it's hard to measure that until it's fully deployed, but I'm more
drawn to the solution whose engineering and operation is easier to describe
and justify, even if it's occasionally wrong (because it's easier to fix).

What matters is whether the new algorithm produces correct answers when the
> PSL produces wrong ones, and whether it does this without introducing new
> errors that are not present in the PSL solution.  On that question, the
> answer is at best uncertain.   When the PSL and Tree Walk produce different
> results, we simply have no basis for choosing between the two, because the
> proposed Tree Walk is sourced on no new information.
>

Suppose they do give different answers.  Irrespective of which one is
actually right, I think it's easier for me to explain the DNS answer and
why it might be wrong than have to explain in full why the PSL got it
wrong, or why fixing it is not a matter of editing my own DNS records.


> However, when the Tree Walk result is based on explicit tagging
> provided by the domain owner, then we do have a better answer than the PSL,
> because the domain owner knows more about his organizational structure than
> the PSL volunteers, and we have every reason to trust the domain
> owner's assertions.
>
> [...]
>

Right.

Note this, too, from the PSL's own web site, emphasis theirs:

-- snip --

Some use the PSL to determine what is a valid domain name and what isn't. *This
is dangerous*. gTLDs and ccTLDs are constantly updating, coming and going -
and certainly not static. If the PSL is incorporated in a static manner,
and your software does not regularly receive PSL updates, it will
erroneously think that valid TLDs are not valid, or conversely treat
decommissioned TLDs that should be invalid as valid. The DNS should be the
proper source for this information, despite the performance benefits of
some local source to pre-empt network latency. If you must use the PSL for
this purpose, please do not bake static copies of the PSL into your
software without update mechanisms that are frequently checking for its
frequent updates and incorporating them.

-- snip --

If I'm a serious email receiver (and currently I am not employed by one),
this would scare me off of using the PSL completely, and I would seek to
develop or subscribe to some kind of DNS solution.

-MSK

v2.23.0 | Report a Bug | By Email