Re: [dmarc-ietf] Domains

"Murray S. Kucherawy" <superuser@gmail.com> Wed, 02 December 2020 19:48 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C63F43A1766 for <dmarc@ietfa.amsl.com>; Wed, 2 Dec 2020 11:48:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aeEE1KCDd2-I for <dmarc@ietfa.amsl.com>; Wed, 2 Dec 2020 11:48:45 -0800 (PST)
Received: from mail-ua1-x92e.google.com (mail-ua1-x92e.google.com [IPv6:2607:f8b0:4864:20::92e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A8573A15DD for <dmarc@ietf.org>; Wed, 2 Dec 2020 11:48:14 -0800 (PST)
Received: by mail-ua1-x92e.google.com with SMTP id y21so588229uag.2 for <dmarc@ietf.org>; Wed, 02 Dec 2020 11:48:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9qt76ysejWl7nq2ZYAbXrYIqZeMzbFwQrh93/6hE1n8=; b=Ue26aYeYxKXQ5O1ENShCeqS4YxvKQZ4zF4PdsgZ2cXcWdA2Sxg1ECu9o2QV7fDnolx JdMHj0XhguUWRy9IgCRy6UcZQVpSK0AGW5a2tlNUyRfkBxdTMoX57LDq/h3mKdO5zoas Kelu6lrg/xfcDBZiciJidFH2Eqsjf20zTdPa6ZwUp3ECLOrygLk+6zCm2/Z8ZULhmEKP NH2UJ0UxgUvjmZvIMQp6v3gcJHTiZwWtEX2DBfGIfDO4PVXTCbfb6KypIM6cvyurqOjj N/R3ggIw4yhA7RODXRlY7ABqoFiHSHE1r3uxuO5sKCIzylHIzMFK2sLNQZYpS/z8t1rj amSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9qt76ysejWl7nq2ZYAbXrYIqZeMzbFwQrh93/6hE1n8=; b=EH9b+sS3q1jgu91FFVH0sDwifwB/3I2MDGsIODMzZsUlOgSCEdkAIwo8waLlyBSu62 eSX7xm0S3O1N9kTNGQDojsynH5/m23hjtmkpZ0q+hX/cSaBn4leHCqTbbZHyxCTkphbY NiJipvaqebXeSApctSSOO2qm6xqVgcXHPUZPC4v/weGQIjMmpy+FlKaUiembFbW4z+zm NwlmmAecgjwhdmRV4YT8zS768ZsfIvwItP7VxriBdcDpZu8vqsBppkM/DnzCORmYSVi5 AV+736F11miM31s7SR4d4sO36LFrhxSV6uZcSD2cZRfUVdOqTDbU49SlsW+bKIsXHHFB gkNA==
X-Gm-Message-State: AOAM531X9oBls1XBYQf3FErasw9y2drh9fn9DkOZEhIPHBMQFAgB5DkC pUMLTGHynJcCBe9ohvcQFfk2rt/MUaJBV0mWmOs=
X-Google-Smtp-Source: ABdhPJyllX9Cat9oWFJauu8X6FFPlopdXsQE8QpfWuZANvxIiqTFlsd4lGwehS4rg2z4KEwesUw78qe/qwbAPFq9tCE=
X-Received: by 2002:ab0:2e9:: with SMTP id 96mr2859099uah.87.1606938493461; Wed, 02 Dec 2020 11:48:13 -0800 (PST)
MIME-Version: 1.0
References: <CAMSGcLDDQfKPgQDECy-SiRDuJ2s5LmO665V28Y0VrXUvokrKMw@mail.gmail.com>
In-Reply-To: <CAMSGcLDDQfKPgQDECy-SiRDuJ2s5LmO665V28Y0VrXUvokrKMw@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Wed, 2 Dec 2020 11:48:02 -0800
Message-ID: <CAL0qLwZFfRePDg28Ttio-dyw8+kUK+1t1xjyQjzcVEDxiRRpsw@mail.gmail.com>
To: Joseph Brennan <brennan@columbia.edu>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000142b4005b58086bb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/i7JVAEekLNnSrcIJWOsEzt2vsMY>
Subject: Re: [dmarc-ietf] Domains
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 19:48:54 -0000

On Tue, Dec 1, 2020 at 5:44 PM Joseph Brennan <brennan@columbia.edu> wrote:

> I want to ask again why DMARC should consider any domain other than
> the one in the Header From. The purpose of DMARC should be stated
> right at the top of the proposed standard. It is intended to control
> use of a domain in the Header From. If the Header From has
> blabla@example.com, the DMARC record for _dmarc.example.com should
> apply.
>
> It does not make sense to me to say that if the Header From is
> user@alpha.example.com, and there is no _dmarc.alpha.example.com
> record, then recipient systems should continue to look for
> _dmarc.example.com and apply the dmarc rule there. I know of no other
> standard that requires this type of relationship. This is something
> new. It will require administrators to continually check what their
> sub- and supra-domains are doing in order to escape interference by
> DMARC records they did not create. I think this is unreasonable. Only
> domains interested in applying DMARC should be involved with DMARC.
> Others should be able to do what they want. I know that otherwise will
> out rule out DMARC for the "columbia.edu" domain that I administer.
>

If DMARC is thus constrained and you have a "p=reject" on "columbia.edu"
only, then nothing stops me from generating unauthenticated email with a
>From field indicating "foobar.columbia.edu" for any subdomain "foobar",
whether or not it actually exists in the DNS.

-MSK