Re: [dmarc-ietf] Ticket #111 - MX/A/AAAA test needs justification

Todd Herr <> Fri, 07 May 2021 14:55 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 33ED93A24F2 for <>; Fri, 7 May 2021 07:55:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id w4ON_N9RL7Zl for <>; Fri, 7 May 2021 07:55:09 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::731]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D20B93A24EB for <>; Fri, 7 May 2021 07:55:08 -0700 (PDT)
Received: by with SMTP id q10so4508814qkc.5 for <>; Fri, 07 May 2021 07:55:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Cxawe8g+h7XLLTwb5e3xxOD5MHWfGMYqGFo5agKsHJ0=; b=CJcO+t3mZJ/9574UwOxQtGl2hjefiY5m9S9EDNETCkFxGqti9PLostYX7mBaZACyBI jj1wA/0OO/yK4cUKDhDWP7S0iq0IFyVb9GuvjZQVlwAqDwG5XaYLNcddwPKqvg691LH1 M+S0tsjrGgSCXiTfJhoizq9rJRWXJDqrJkYzk7Dl2hqCJH+7v12zc1sBWbQ8odo0VTRF Mu5jzLTlCU/LxhzAjlHfTtjkr2u/fkUTVoowGsN0069e6gzzm+j8tuoqjAxG7we8a9Wi +n6AzAXt/8FOaXYp2LtEVJ3bh4t4XHkOMrtjoptTXNE9ewiYVUmslMUC18Mb91AwoUND Pkrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Cxawe8g+h7XLLTwb5e3xxOD5MHWfGMYqGFo5agKsHJ0=; b=kVHeWr07H5ineVi+V9/jCQKgbIn3WZo6FPlNQ1k8H31hn2+dbiQEmnN9UBwBZKICLa q49d5PdO7alodGbWlDyB8W+d6sTzNZZydhNfWqMpScjEPcZF0zvgWoo7dFW2fkyYDGDt j67Zn6hAdFjKxLD/eAkX0s09Iq3gm6ZnhQVUOb9PcjUs2M9frFnflQbfJHTPN9+081YR nvkSKNOLlIiHjFuWeqqePcIlahH/s2WaP0/ylobLKLY2N/G8AO/u2OKnoFd5p+s+/JWM 0bbZoMESfGE0rmXT5+fwJQJPIPOR+qxmVBTlxMC8VvrTaUfjJenac+r3EFNTRllF7GuJ stfw==
X-Gm-Message-State: AOAM530ON/4WupRWAOF2dKUdPRt5G4e6lP+BMqDIUecpiVx37359+HeF 7bvU3nYVvVPzj7hdXH46/D/hsG6d+3jM+fNAPGCUfgem004y6Q==
X-Google-Smtp-Source: ABdhPJzCllONih39ZoCb07Vui3Q18jnKmbZW0XlE8YhqADuKk6ZSK7Xd339vgSawAjbq309VphY3ZKUIpEQCV+xkVRM=
X-Received: by 2002:a05:620a:1265:: with SMTP id b5mr10170229qkl.208.1620399306037; Fri, 07 May 2021 07:55:06 -0700 (PDT)
MIME-Version: 1.0
References: <> <20210507014508.78064719D42@ary.qy> <> <>
In-Reply-To: <>
From: Todd Herr <>
Date: Fri, 7 May 2021 10:54:50 -0400
Message-ID: <>
Content-Type: multipart/alternative; boundary="00000000000007edbd05c1be9d73"
Archived-At: <>
Subject: Re: [dmarc-ietf] Ticket #111 - MX/A/AAAA test needs justification
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 07 May 2021 14:55:13 -0000

On Thu, May 6, 2021 at 11:13 PM Douglas Foster <> wrote:

> This is about
> Section 3.8. Non-existent Domains
>    For DMARC purposes, a non-existent domain is a domain for which there
>    is an NXDOMAIN or NODATA response for A, AAAA, and MX records.  This
>    is a broader definition than that in [RFC8020].
> My argument is that that A/AAAA/MX has no useful relevance to determining whether the RFC5322.FROM address of a message should be evaluated based on SP or NP.  NP is described as testing "non-existent", rather than "possibly able to receive mail".   We need a test that evaluates whether the domain exists or not, and is maximally protected from false positives caused by host names and wildcards.
> If this group is convinced that A/AAAA/MX is meaningful for the distinction between SP and NP, I am asking someone to provide the justification and define the algorithm.  Right now I have seen neither.
For what it's worth, the text in question was copied directly from
<>  (Section 2.7 of
that document, to be precise). As I understand it, draft-ietf-dmarc-psd
imposes some requirements on the text in DMARCbis, and so to support
satisfying those requirements, other bits of text were imported, too.

*Todd Herr* | Sr. Technical Program Manager
*m:* 703.220.4153

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.