Re: [dmarc-ietf] Nonexistent Domain Policy was: Re: Working Group Last Call: draft-ietf-dmarc-psd
Scott Kitterman <sklist@kitterman.com> Sun, 21 July 2019 19:42 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF5F4120110 for <dmarc@ietfa.amsl.com>; Sun, 21 Jul 2019 12:42:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=QlePSHzt; dkim=pass (2048-bit key) header.d=kitterman.com header.b=bQ1lvJqx
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YvJZmNlGC8x7 for <dmarc@ietfa.amsl.com>; Sun, 21 Jul 2019 12:42:32 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF0CE1200CE for <dmarc@ietf.org>; Sun, 21 Jul 2019 12:42:31 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id C6F34F80721; Sun, 21 Jul 2019 15:42:00 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1563738120; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : from; bh=MeyEid982M8p9udna0INjQR2tBtwyyMVXVlZy8dWdqI=; b=QlePSHzt6fNk0KnkgyJLG6eFCiXA+uG9kXE6/bxza3fVa/314/Y0c4ka 2PCnY6tH/YlA44lbz7fEgiJLZ1cAAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1563738120; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : from; bh=MeyEid982M8p9udna0INjQR2tBtwyyMVXVlZy8dWdqI=; b=bQ1lvJqxBHwY/CuTVdZ/lgO2l5bNt271mXt4rb0mh/I8fNHZuUl/7Yjj agJR0h9Q/+Du/0GjWq7Hngti0tCLa62rHzmZEGCbCfncP0mQKomRCLVSwE 9k/Um5H5jF6qGacRoReXTF1K/JVoGW+1H1tm83BOmBllzWoPVq53DhGpfZ 7j5W1jDdZ9i/3bPrSAARhM21d4lDwSoixq3OtbUyXPMl3xNg4KuRYyF7vC /wC49u8VV0uE3quLEpqClOho/r3HG7RXX2HjmrbcxSDlW8u9SkT5NgygVv 6fqCGq6k7YWh5sD3vuzACUs/MiOTsRO4PdPZy/RrQGQjC4OHG+pEGA==
Received: from [192.168.1.184] (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id 93178F804B2; Sun, 21 Jul 2019 15:42:00 -0400 (EDT)
Date: Sun, 21 Jul 2019 19:41:59 +0000
In-Reply-To: <855283a4-ece7-019b-f075-04eee82b0614@tana.it>
References: <CAL0qLwbbz_UhBLsURg=eXhRBC2g9OghiN==T9Uq9pFuLtd=b7w@mail.gmail.com> <1808303.aIhlromXIS@l5580> <CAD2i3WN42v0RHzu+2=+_mjX5kmxw6B-0F3-=bY-bTEsJM1qLvA@mail.gmail.com> <1692123.ljdY5SVR4M@l5580> <CAD2i3WPGWe8Z3av1Jua6sazsoStc7VTOLBve7psVo=K4VGTgig@mail.gmail.com> <D42C419C-F02E-4B5A-BB10-E8D49000349B@kitterman.com> <659dfb1f-dcb2-86ca-55a1-b3af6ce7ed1c@tana.it> <5949BCE3-52DA-41D0-8DCA-E2D06973F798@kitterman.com> <855283a4-ece7-019b-f075-04eee82b0614@tana.it>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To: dmarc@ietf.org
From: Scott Kitterman <sklist@kitterman.com>
Message-ID: <D8DE9BD3-48FF-4C28-B78C-984C2A26D17C@kitterman.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/uD2fSAauYU2otAnV7lj4gK8P6jU>
Subject: Re: [dmarc-ietf] Nonexistent Domain Policy was: Re: Working Group Last Call: draft-ietf-dmarc-psd
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Jul 2019 19:42:35 -0000
On July 21, 2019 6:01:05 PM UTC, Alessandro Vesely <vesely@tana.it> wrote: >On Sun 21/Jul/2019 18:53:35 +0200 Scott Kitterman wrote: >>> >>>> Keep in mind that senders do send from what we call non-existent >domains for >>>> reasons that seem good and sufficient to them. Let's take that as >a fact, >>>> whether it makes sense to us or not. >>> >>> >>> Fair enough. Let me quote the current spec: >>> >>> A.4. Domain Existence Test >>> >>> A common practice among MTA operators, and indeed one documented >in >>> [ADSP], is a test to determine domain existence prior to any more >>> expensive processing. This is typically done by querying the DNS >for >>> MX, A, or AAAA resource records for the name being evaluated and >>> assuming that the domain is nonexistent if it could be determined >>> that no such records were published for that domain name. >>> >>> The original pre-standardization version of this protocol included >a >>> mandatory check of this nature. It was ultimately removed, as the >>> method's error rate was too high without substantial manual tuning >>> and heuristic work. There are indeed use cases this work needs to >>> address where such a method would return a negative result about a >>> domain for which reporting is desired, such as a registered domain >>> name that never sends legitimate mail and thus has none of these >>> records present in the DNS. >> >> Yes, but that was for a different use case. It was , AIUI, >considered that >> reporting could be skipped on such 'non-existant' domains, but that >proved >> problematic since such domains as these are used in mail. > >Wasn't it for rejecting non-existent domains? That is, IIRC, ><sciencefiction> >as if there were a root DMARC record (_dmarc.) with >np=reject.</sciencefiction> I think no. I think it was about skipping reporting on 'non-existant' domains. Perhaps someone who was more involved at that point can clarify. >> 'np' doesn't have the same issue. It uses non-existence in a >positive (do >> some processing) not a negative sense (reporting can be skipped for >these), >> so the problems described in that paragraph are not only not >relevant, the >> paragraph supports the case for 'np'. > > >Uh? (I don't understand your parenthesized phrase...) > > >At any rate, the first paragraph gives a definition of non-existence >equal to >the one we've been discussing these days, doesn't it? > Yes, but since we're using it for a different, opt-in, purpose, the caution doesn't apply. Scott K
- [dmarc-ietf] Working Group Last Call: draft-ietf-… Murray S. Kucherawy
- Re: [dmarc-ietf] Working Group Last Call: draft-i… Seth Blank
- Re: [dmarc-ietf] Working Group Last Call: draft-i… Seth Blank
- Re: [dmarc-ietf] Working Group Last Call: draft-i… Kurt Andersen (b)
- Re: [dmarc-ietf] Working Group Last Call: draft-i… Scott Kitterman
- Re: [dmarc-ietf] Working Group Last Call: draft-i… Alessandro Vesely
- Re: [dmarc-ietf] Working Group Last Call: draft-i… Hollenbeck, Scott
- Re: [dmarc-ietf] Working Group Last Call: draft-i… John Levine
- Re: [dmarc-ietf] Working Group Last Call: draft-i… Scott Kitterman
- [dmarc-ietf] Introduction context was: Re: Workin… Scott Kitterman
- Re: [dmarc-ietf] Working Group Last Call: draft-i… Scott Kitterman
- Re: [dmarc-ietf] Introduction context was: Re: Wo… Hollenbeck, Scott
- Re: [dmarc-ietf] Introduction context was: Re: Wo… Scott Kitterman
- [dmarc-ietf] Mention ICANN/operational limitation… Scott Kitterman
- [dmarc-ietf] Nonexistent Domain Policy was: Re: W… Scott Kitterman
- [dmarc-ietf] Implemnetations was: Re: Working Gro… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Kurt Andersen (b)
- Re: [dmarc-ietf] Mention ICANN/operational limita… Stan Kalisch
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Seth Blank
- Re: [dmarc-ietf] Mention ICANN/operational limita… Dotzero
- Re: [dmarc-ietf] Mention ICANN/operational limita… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Mention ICANN/operational limita… Hollenbeck, Scott
- Re: [dmarc-ietf] Mention ICANN/operational limita… Stan Kalisch
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… John Levine
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Dotzero
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Introduction context was: Re: Wo… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… John Levine
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Mention ICANN/operational limita… Alessandro Vesely
- Re: [dmarc-ietf] Working Group Last Call: draft-i… Alessandro Vesely
- Re: [dmarc-ietf] Mention ICANN/operational limita… Scott Kitterman
- Re: [dmarc-ietf] Working Group Last Call: draft-i… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Mention ICANN/operational limita… Alessandro Vesely
- Re: [dmarc-ietf] Working Group Last Call: draft-i… Alessandro Vesely
- Re: [dmarc-ietf] Mention ICANN/operational limita… Tim Wicinski
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Ian Levy
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Tim Wicinski
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Richard C
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Alessandro Vesely
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Chudow, Eric B CIV NSA DSAW (USA)
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Ian Levy
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Working Group Last Call: draft-i… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Seth Blank
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Seth Blank
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Working Group Last Call: draft-i… Murray S. Kucherawy
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Tim Wicinski
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Chudow, Eric B CIV NSA DSAW (USA)
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Kurt Andersen (b)
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… John Levine
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Kurt Andersen (b)
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Kurt Andersen (b)
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Ian Levy
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Dotzero
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Kurt Andersen (b)
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Kurt Andersen (b)
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Tim Wicinski
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… John Levine
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Ian Levy
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Alessandro Vesely
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Alessandro Vesely
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Douglas E. Foster
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Scott Kitterman
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Dotzero
- Re: [dmarc-ietf] Nonexistent Domain Policy was: R… Kurt Andersen