[dmarc-ietf] Ticket #108 - Definition of NP
Douglas Foster <dougfoster.emailstandards@gmail.com> Fri, 30 April 2021 01:29 UTC
Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 892593A1BA1 for <dmarc@ietfa.amsl.com>; Thu, 29 Apr 2021 18:29:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qUEifj2eRyJ6 for <dmarc@ietfa.amsl.com>; Thu, 29 Apr 2021 18:28:59 -0700 (PDT)
Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F367E3A1BA0 for <dmarc@ietf.org>; Thu, 29 Apr 2021 18:28:58 -0700 (PDT)
Received: by mail-ot1-x336.google.com with SMTP id y14-20020a056830208eb02902a1c9fa4c64so26622837otq.9 for <dmarc@ietf.org>; Thu, 29 Apr 2021 18:28:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=PFoMP8J5KrW0k9Uhaf6ZHm85ZxpDT3n9Xzz3pux791U=; b=nGayQxuj3olaR6vtZdHr4HfcuuJPAcxE6ZsL8Hfp0EleXgxG1qcE24PgntcSb3i1MW oxlPngkX8BPUh2qR5wglEoU2oGWKnFEMhXITdfMjFFEYIkH0Nhlz//e5tQPyxmEfLXj2 Yil5+2oO4NrjZ97XIwFdVrPjFSGrdG1wtf0cXIuYwcjAQAn/U7EIcVT4Y1QmahbUff+4 FCwJKo/NuifB7Mo0i7V2UV0SiYcdVuFcEoFH1hyT1A25SjofaBfDwX54EZutB6yHMLZ8 ytk3hWrLfsdVu64cNy6zJUkb9/nFNNIDxRnLpFsDEBvjOBk20NGyMHb6rgk+lX3vuLZp bXjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=PFoMP8J5KrW0k9Uhaf6ZHm85ZxpDT3n9Xzz3pux791U=; b=kXt7xjr+mUPqbCncs5sKlG8Xj6dBzZ0ZkTMvp3E2nKgH2Sti53JnWjQewhYxo1fSLs bfwqdyClGSE3nnb/lafqq/xjGQL7lZFS97Dd3oW292WIK3kkso92arlu7t8HGbAWZ0z7 2YwaYfmXdpp66EhivbSHOx/JvnPJxqy7wLtFEPG5R8FgMZJn/IZ96aBHn2NUIb2RKCaS 5F+U/LkeqIDN1iQmRpVHkOGLWkcTp6tonAM0dfj/LVKPsFfh0U3FuGCL6yzwy5VR6lUE Pj7yFrdtHoj0mK/6Z4Kl5d+cOw5TLyCPtyutzEE43+TQKI6ExfEyw92Am7xEGlfRz4LQ isRA==
X-Gm-Message-State: AOAM530ECvq/EFsjd+g18HZKA72ff7HXAymKs4mD9L50YqaMETyoMJHZ IgmKqbqU1Xtw5HNDMq0gVam3Dx/Rt8GXx3x4/2aU4sqCWC8=
X-Google-Smtp-Source: ABdhPJxqCUclj0pkc1wBBiRx1JTQcOL0F2UbtczIhwq9unl5plrpoluzEExHHE2mhNRpGdaX7d0rib3xolDuksVWdjw=
X-Received: by 2002:a9d:666:: with SMTP id 93mr1735534otn.284.1619746136584; Thu, 29 Apr 2021 18:28:56 -0700 (PDT)
MIME-Version: 1.0
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Thu, 29 Apr 2021 21:28:47 -0400
Message-ID: <CAH48ZfwGsjOKOV2cREqad+5ER15oLnU1G7dbbPCUni27wLkP6g@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000018f41d05c126897c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/vCtsjUKpZFQe55pFg97-zg5RFpg>
Subject: [dmarc-ietf] Ticket #108 - Definition of NP
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2021 01:29:01 -0000
I suspected that the current language is the best that we have, but it is far from an algorithm. Below are the algorithm details that I would expect should be addressed. The dilemma - If we mandate more detailed checks, we add complexity which hurts throughput. - If we take no position, we hinder interoperability. - If we say MUST NOT check, we provide guidance about how to defeat the test with false positives. For MX lookup: Is the condition satisfied if at least one MX record exists, or do we need to examine contents? If we examine contents, do we only look at host name formats, or do we resolve it to an IP address? If we resolve to an IP address, do we check for non-routable addresses (loopback, private, multicast)? If we resolve to an IP address, and all of the returned addresses are in a different address space than the source IP, is the condition satisfactory or failed? If failed, do we proceed to the A lookup or stop? For A/AAAA lookup The A/AAAA test will generate a lot of false positives. Do we accept that DMARC-publishing domains will still be using Implicit MX, or do we create an expectation, for purposes of this test, that DMARC-publishing domains will use only MX records? Do we check just the address space that matches the source IP, or both IPv4 and IPv6? Do we check the returned IP for non-routable addresses? For an A record that is not equal to a DNS domain: Do we check the host name to determine whether it is a domain name or a host record within a parent domain? If the host name is determined to be a host record within a parent domain, is the domain DMARC policy determined by the host name (which will produce No Policy Found) or is the DMARC policy lookup applied to the parent domain of the host record?
- [dmarc-ietf] Ticket #108 - Definition of NP Douglas Foster