Re: [dmarc-ietf] Lookup Limitations For Public Suffix Domains

"Kurt Andersen (b)" <> Fri, 30 November 2018 22:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1735C130E30 for <>; Fri, 30 Nov 2018 14:52:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id A1fIB3IBE0_N for <>; Fri, 30 Nov 2018 14:52:17 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 066AD1274D0 for <>; Fri, 30 Nov 2018 14:52:17 -0800 (PST)
Received: by with SMTP id c9so869041itj.1 for <>; Fri, 30 Nov 2018 14:52:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130612; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ywWT/qc6Brudw6s6GAQfKTEGfPE0jXBlwh6Dg8hVEn8=; b=TR8kpVjdZfYKSaEwdOt3w2Xmw1tQoYNOJRQ+TlznN9C3bVLs84fc1B3AC9ApMcoZn3 mmEK6jCOZBujoaWfyF5/yI9xbz16NmQ7tlerBssaIXbSInmcwSjcEn43UWV71y/+Eb6w 5C08GvgO/SFt8R07VrMn59OxHmuWjeoJ2aeCE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ywWT/qc6Brudw6s6GAQfKTEGfPE0jXBlwh6Dg8hVEn8=; b=Qj6i/XSoIyn6ND9UIeRpLwGsp7PSPnh7FoHI1RgFsCdX1j8IMlavL7nrl/uZ22u7US IpmpGexcF5tujMc71MR+W8DDk8Khswj7IM8Kd+6aPPKopCbmY3PGB+sqrXixT03nM077 6cSNJZ8YQspzbcfytqPm16AXnLbbF2zWRuk40Lre+lsc30DXfNEGzCBB2q9MwqzWSdpM bWKObD+wJEtpk1bXrsi8AtdzPPnF3BJ7crwC44/Elct2lqwU7NZedfy+Gq4R0IsBTw7u TDV//iEsw/T5tSkjzgnD4GpOnrDb/OThMeDTL/q4OXaPxOzzDnVRMyRvTUmr3QR120ky glLA==
X-Gm-Message-State: AA+aEWaUsx8tGvPwq2ldClcxJvVL1MxUN/NV6s6xdllD4eu2ktZfYZlC 3ywTobMBtng33V9240XZBsNUSXj1/7rJ8FiLDHbewQ==
X-Google-Smtp-Source: AFSGD/XAGwRtBr8tuBwmcM92/vNOmJxwFG6Pt+hTgMAMUCsjHXCu9SZZ2tcNuNoswKSRxg5oNQ+aVtiQOkm0vG+Ld5A=
X-Received: by 2002:a24:8302:: with SMTP id d2mr682549ite.78.1543618336199; Fri, 30 Nov 2018 14:52:16 -0800 (PST)
MIME-Version: 1.0
References: <3881693.rR9BVk4Dlq@kitterma-e6430> <>
In-Reply-To: <>
From: "Kurt Andersen (b)" <>
Date: Fri, 30 Nov 2018 14:52:04 -0800
Message-ID: <>
Cc: "" <>
Content-Type: multipart/alternative; boundary="000000000000993489057be9a671"
Archived-At: <>
Subject: Re: [dmarc-ietf] Lookup Limitations For Public Suffix Domains
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 30 Nov 2018 22:52:19 -0000

On Fri, Nov 30, 2018 at 1:40 PM Zeke Hendrickson <> wrote:

> I feel that restricting the additional PSD check to nonexistent
> organizational domains is the best approach,

I disagree...see below

> as it preserves the opt-in nature of DMARC,


> limits privacy concerns,

No - this is the very essence of the need for a controlled registry of LPS
(longest public suffix) to be checked. It's
easy for a human to mistype a domain name and that could result in a report
to the LPS's RUA.

> remains very straightforward to implement as a verifier, and does not rely
> on an
> additional list.

Agreed, but the downside is high.

> draft-ietf-dmarc-psd-00 addresses a slightly broader problem space

Yes, and it is an important additional area to cover IMO

--Kurt Andersen