Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

John Levine <johnl@taugh.com> Mon, 23 November 2020 21:38 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D5C33A12DA for <dmarc@ietfa.amsl.com>; Mon, 23 Nov 2020 13:38:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.049
X-Spam-Level:
X-Spam-Status: No, score=0.049 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=Q8v2GQuu; dkim=pass (2048-bit key) header.d=taugh.com header.b=lVuXAcZA
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3WNlTLue1j5A for <dmarc@ietfa.amsl.com>; Mon, 23 Nov 2020 13:38:49 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D34D93A12D9 for <dmarc@ietf.org>; Mon, 23 Nov 2020 13:38:48 -0800 (PST)
Received: (qmail 91308 invoked from network); 23 Nov 2020 21:38:47 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=164a9.5fbc2be7.k2011; bh=4ixHYdck6oYF/rk4LBRPd5UQienYG00A5kCb0OfMToo=; b=Q8v2GQuue7UQk0yJejirmLcZjoJQzFPsXqHgRxRG3F1sfaAtntcjA00VB4sQA5XjEs91P79KVojfO9uXJTJWLlTGPBJwCOMkGZWhZxTURIORDfvLim+3jqaohL1cAzHM98vprym0q5nj6GQATMIjiyABDBx6X1bFw8wi065gikBb1Snz6WoEYndO9w2D5Lqx2fmnjdUXL8BqhazpmxDpVQefomc4n2uxmHvlZjGvJiDzOkLLAacpQeC9Wo9czwwKM8GIUw1lTgeSwr+haJZJ4vZ2Zx4rU1VkSNTuqg6qKlz5xRITidORZimOSy0uYkluiMXi02LPMS1CrXPiAqc9AA==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=164a9.5fbc2be7.k2011; bh=4ixHYdck6oYF/rk4LBRPd5UQienYG00A5kCb0OfMToo=; b=lVuXAcZAxD6xZWsGTEOcjGLGtQ601LUTWKG0vg/6DtzYeuuXYnAwM4NXKah2p1v6Xqy4IQz4KlBzhxclF9U2rVrHcnpV7RLl+V2hTM7RlTpU2jGa4c+SrYUddSawRfHAADLb4ynI49dzDy4mh55dvrtNX0nCr5YHqBMVwdaFVt9dKwVwXROygq31SAiHVBTU0RaQIUOEiLmddr4EXKEAXFIV7LM1pLwsrk8YPCIhmQp/aiJXU9Q3N8tvpRGL5IMRbdwR8kaCTjy21Fr1j1EuxNWCWJv4KQo7SS8Wm1QkHExL4mtqFFyhqoatg5P2sBf9y5Z5vkGNnddOB6EEVqo1KQ==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 23 Nov 2020 21:38:47 -0000
Received: by ary.qy (Postfix, from userid 501) id EB14127C8160; Mon, 23 Nov 2020 16:38:46 -0500 (EST)
Date: 23 Nov 2020 16:38:46 -0500
Message-Id: <20201123213846.EB14127C8160@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: dcrocker@gmail.com
In-Reply-To: <9f388e33-c15d-9fcc-e9d3-d7719288fb98@gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/q74WgiNeviFWlHfmczEZDo5jKEg>
Subject: Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Nov 2020 21:38:51 -0000

In article <9f388e33-c15d-9fcc-e9d3-d7719288fb98@gmail.com> you write:
>On 11/23/2020 1:04 PM, Jesse Thompson wrote:
>> I meant to suggest that the requirement for a tree walk would be that the Organizational Domain would need to have that in its policy. 
>It seems like a decent compromise for the people worried about unnecessary DNS lookup overhead.

If I'm going to go to the effort to download and decode a PSL and find the OD, I'll just use the OD.

One of the points of the tree walk is to get rid of the PSL processing.

It looks to me that a tree walk limited to some modest number of
levels like 7 or 10 would handle close enough to 100% of real mail.
When I brought this up in dnsop last week there was some concern about
super long tree walks but I didn't get the NO NO NO that we got in the
old days. DNS operators now realize that an amazingly large fraction
of DNS traffic is garbage, and a little extra noise from the
occasional tree walk is not a big deal.

In normal mail, the number of labels is usually quite low, here's my distribution by
number of dots:

2404 .
1215 ..
 152 ...
  10 ....

R's,
John