IETF Logo Mail Archive

Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-dmarcbis-30

Alessandro Vesely <vesely@tana.it> Sun, 31 March 2024 17:24 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 259A6C14F5FD for <dmarc@ietfa.amsl.com>; Sun, 31 Mar 2024 10:24:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rus13R4zhcBx for <dmarc@ietfa.amsl.com>; Sun, 31 Mar 2024 10:24:40 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [94.198.96.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92B4DC14F5E4 for <dmarc@ietf.org>; Sun, 31 Mar 2024 10:24:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1711905876; bh=AJmNrZFMTuUw6Oqfn2/dBFJzRQcwkHIGUIF5fUsgOvI=; h=Date:Subject:To:References:From:In-Reply-To; b=DA0hAPJAQCXmOz6fsK+8QWdzNW/P9pyuDbqPzf2GWLGDhojb67HYiFvvd8KATW5xP a92Jb40KKpgjpoSDVYJcTa+hfjjjA5CBF47GXobFDrl7dZd8rsGrLuJRppQZOy+VtP j53jrb6f4cP4TRQ9RhJBFM35pcS5QChqGZf1jPppDYiYg7kg0akA8iieHV3nM
Original-Subject: Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-dmarcbis-30
Author: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.120] (pcale.tana [::ffff:172.25.197.120]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC262.0000000066099C54.000036C7; Sun, 31 Mar 2024 19:24:36 +0200
Message-ID: <91b14df6-898e-4a0f-932c-aaa178220b59@tana.it>
Date: Sun, 31 Mar 2024 19:24:35 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: dmarc@ietf.org
References: <F5158C76-BD86-4540-965D-F0D8664B6CD9@bluepopcorn.net> <85761761-ad6a-2a19-da82-344ed52c2391@iecc.com> <B4365E6E-00DF-425E-9974-6EE1DE057319@bluepopcorn.net> <4d462513-6c1a-c1da-d62c-68d41bba6465@iecc.com> <CEC36155-584E-46FD-AE3E-AB511CBD843F@bluepopcorn.net> <EF69D6A7-F83F-4328-A304-A6A6C91B1E5F@kitterman.com>
Authentication-Results: tana.it; auth=pass (details omitted)
From: Alessandro Vesely <vesely@tana.it>
Content-Language: en-US, it-IT
In-Reply-To: <EF69D6A7-F83F-4328-A304-A6A6C91B1E5F@kitterman.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/wqwalFmWRjCDfReTi1_z_tN8z_k>
Subject: Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-dmarcbis-30
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Mar 2024 17:24:46 -0000

On Sun 31/Mar/2024 18:43:53 +0200 Scott Kitterman wrote:
> On March 31, 2024 3:20:41 PM UTC, Jim Fenton <fenton@bluepopcorn.net> wrote:
>>On 30 Mar 2024, at 17:22, John R. Levine wrote:
>>
>>
>>>> Mine wasn’t a good example. There are a few public suffixes that have more than 5 labels. Presumably that means there are registered domains that are 6 levels down, and my reading of the tree walk is that a policy published there would never be seen. But who knows if they’re actually sending email.
>>>
>>> There aren't any in the PSL.  That's where the limit of 5 came from. We've had people say there are deeper ones; if there are it wouldn't be hard to bump up the limit from 5 to whatever.
>>
>>Might be worth bumping up. Examples:
>>
>>execute-api.cn-north-1.amazonaws.com.cn
>>cn-northwest-1.eb.amazonaws.com.cn
>>
>>(Amazon seems to have most of the really long ones)
> 
> My recollection is that we concluded these types of PSL entries weren't relevant for DMARC.  In any case, since Amazon controls everything below .com.cn in these examples, if they were so inclined, they can put a psd=y record wherever they need to.
> 
> This is not a good example for raising the threshold.  If anything, it's an example of why getting away from the PSL is a good idea.


Yes, there are entries with 6 labels on the PSL.

$ sed -rn '/^[^/]/s/[^.]//gp' < public_suffix_list.dat| sort| uniq -c| sort -rn
    5100 .
    2459 ..
    1449
     449 ...
     208 ....
       7 .....
       1 ......

$ grep -E '^[^/.]([.][^.]+){6}' < public_suffix_list.dat
*.001.test.code-builder-stg.platform.salesforce.com

I'd leave "5" in the spec, but somewhere suggest that implementations make this parametric, as label trends might change in the future.


Best
Ale
--

v2.23.0 | Report a Bug | By Email