Re: [dmarc-ietf] Tree Walk Damage
Barry Leiba <barryleiba@computer.org> Wed, 03 May 2023 12:49 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D34BC151555 for <dmarc@ietfa.amsl.com>; Wed, 3 May 2023 05:49:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.55
X-Spam-Level:
X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.096, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id miNyNHmrnJno for <dmarc@ietfa.amsl.com>; Wed, 3 May 2023 05:49:38 -0700 (PDT)
Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCFFEC14CF09 for <dmarc@ietf.org>; Wed, 3 May 2023 05:49:38 -0700 (PDT)
Received: by mail-ed1-f41.google.com with SMTP id 4fb4d7f45d1cf-50bc0ced1d9so6723483a12.0 for <dmarc@ietf.org>; Wed, 03 May 2023 05:49:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683118177; x=1685710177; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Oj/bBNPaxwf9gx+pdeF4LwcXp33V0dnasObVXfEK3Cs=; b=ZlxIvVVNSG1I4qEWgw84Q0Eu4HiynQSAL9eemS9nTtO2R/KeAQhlDAidjg+/roR0UW W3pJqRV8sQLzoZKM9ddq2zG/1QDP9D43YIDKxFK89RsHEwvSjhQQVe6+tAVQAlzEjMgD Fb0KOpYaHUOICllRptx3XqjsSSPcLctxkhV9P1Q9vz9eyAwlLYFqo/BEL+LAfNnktIpJ tmK3gCRfz50hUkGvKy6vvPP6SALuoTNlsmMh9VtKuR615Agbn151Yy+e/Lolp0Q3qg0b G/uyzhH/GpdqSGglzhlXmqqcHt/z0Pf57oMwbt1n4P8h3pRqnT/oBDMZSIwI3zXm8ebx OvgQ==
X-Gm-Message-State: AC+VfDxjjZxBxIzDc1+gGRyxjPEV5w/QSk32GmugB8kkkaYYOlrxpIow sFdQzk27sJT9MC2xQssm04BHrmN8qrChTrygPgNVJIk8
X-Google-Smtp-Source: ACHHUZ5peG8qPQBDgnGoTZBcTe/FBTvoWjgCHIqnVneRZSKUI0p6/3ZWQnLdmOWE8Gb3OuBoH5az3b72LSlN3TO1WoE=
X-Received: by 2002:a17:907:368d:b0:94e:ea6d:fa98 with SMTP id bi13-20020a170907368d00b0094eea6dfa98mr2860095ejc.28.1683118176566; Wed, 03 May 2023 05:49:36 -0700 (PDT)
MIME-Version: 1.0
References: <CAH48ZfzG5RYXet=EP2Gazcf+e0dJiNTOA_-XD8khk=t2=B2DWw@mail.gmail.com>
In-Reply-To: <CAH48ZfzG5RYXet=EP2Gazcf+e0dJiNTOA_-XD8khk=t2=B2DWw@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Wed, 03 May 2023 08:49:24 -0400
Message-ID: <CALaySJJ-j3L3jneTU-s6Aw1ucm8q_cFQhXtgq0Kzcux6NDLqnQ@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/i4lnhbSpXplr2parANkzSxfMaMc>
Subject: Re: [dmarc-ietf] Tree Walk Damage
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 May 2023 12:49:42 -0000
As a participant, I fully disagree with the second paragraph of this. The justification for changing the mechanism is that in cases where the mechanisms differ, the tree walk produces results that are more likely to represent the intent of the sending side than consulting the PSL does. This has been borne out by cases we have actually seen, which says to me that the change is the right thing to do. It is certainly possible that we will find cases where the PSL gives a better answer than the tree walk does. We can construct such cases in theory, but haven't found real-world ones yet, and that's telling. Moreover, if, as I think we have done, we have made the situation better overall, we have done the right thing, and we simply need to document what organizations can do with their DMARC policies to fix things if they fall into such a tiny corner case. Barry On Wed, May 3, 2023 at 6:46 AM Douglas Foster <dougfoster.emailstandards@gmail.com> wrote: > > I have opened issue 113 to formally document my strong objections to the current tree walk: > > Current DMARC policies are configured based on RFC7489 and the PSL, and evaluators obtain results based on those implementation decisions. Domain owners may have many reasons to want an alternative to the PSL: (1) The PSL may contain errors that impact the domain owner's mail flow. (2) The PSL is implemented in different iterations by different evaluators. (3) The RFC7489 / PSL algorithm does not allow for partitioned alignment within an organization. > > Nonetheless, an evaluator has no justification for implementing an algorithm which produces different results unless the domain owner indicates that he prefers usage of that different algorithm. This can be accomplished by tagging his DMARC policies to indicate which of the four possible roles applies to a particular policy: Org Top, Subdomain, Org Top-and-Bottom (single label registry), and Org Bottom (bottom layer of a multiple-layer private registry), and DMARCbis should define those tags The current upward-walk proposal will cause damage by directing evaluators to apply an undesired and often incorrect re-interpretation of domain owner intent and associated alignment boundaries. > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc
- [dmarc-ietf] Tree Walk Damage Douglas Foster
- Re: [dmarc-ietf] Tree Walk Damage Barry Leiba
- Re: [dmarc-ietf] Tree Walk Damage Barry Leiba
- Re: [dmarc-ietf] Tree Walk Damage Todd Herr