Re: [dmarc-ietf] [Gen-art] [Last-Call] Genart last call review of draft-ietf-dmarc-psd-08

"Murray S. Kucherawy" <> Tue, 19 January 2021 14:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8ACD73A1369 for <>; Tue, 19 Jan 2021 06:23:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id c6QGKa8oWrrp for <>; Tue, 19 Jan 2021 06:23:57 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::e32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E87FF3A1368 for <>; Tue, 19 Jan 2021 06:23:56 -0800 (PST)
Received: by with SMTP id w187so10145420vsw.5 for <>; Tue, 19 Jan 2021 06:23:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=go2s4LxCou9DlB6AqDaK+1RHTUeFtCAqQ5BKz3C2rm0=; b=foRx5M/VGgOnzf1OtL/sPGsKuw4tmklIAtbRl0eHRSthHHNa6nNiuT1M/vhE9OtBTz 5c8rwr2ET+zk+1geL5NAukxrRU8XguxGYRY7A9pp5H/WAdjY832SBannmwXAqdbA1S72 OWD55KxyCkJVdp/0d7PVFwQnPSN3btFFYc0rh85y+7hh2wCTyyIesTWy7aGtEBOad2rk ynh1mCw+ZYPgOKbIUiFwp7n4EQg2qIiRzIw90Vvob3ZOOaMoVv9qUabtJWfXGhgl2ECC 6s4r33QRikrrSM1BL4ELc3lIbIYcz2UAMVTNUpt4GPVhAUHzAzkgI/UZQblD1DSrkKmC KoHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=go2s4LxCou9DlB6AqDaK+1RHTUeFtCAqQ5BKz3C2rm0=; b=cughVsyHrqvBWHSpS+wfbp4g8kAfsjvp9Xq4S3zzyCWci705p4RlnkIUnNSp5TQXNB TyeD+GSXtHTMK3IcN3V6XDKMeAJ1oDaDtSUt1YbvYOSYliS7B+ulMMsNHz78tV7NVouC n5Cs3DAECARk6GgroVksgYsPpcGz6Xcn8lbgCDD0buhLU5PBZv0siMmIILnmEc3eeTWs 5HgzKOQ6okYe4eftsOV5l2At5WDWuntHu3f1LobKiwaKUmU+tco9Jvf0pSXnHvWcTEez qb8EBkMDuJgue1qvnRBk3/0nMlxX7pmeeyY1IhLY7dIG5d7NqRaTB9THKHkLkAUTKCc8 hdeg==
X-Gm-Message-State: AOAM530IJWTROcZkca/Qvp6IN57mMDKYefzRSJgKohHXAqo9AEJ48tFs jPzeR9vzvmRkGRZ9tWo4MJf8H8Zt2WQyzaNbQmk=
X-Google-Smtp-Source: ABdhPJxi4U4wWI3bBgo4pp7nu/usPQv78UyZrLTKRq0bt4VHQgANWrBfGohbeQjMFOR7uledodguW7Uy4Fw1lCL3YL0=
X-Received: by 2002:a67:18c6:: with SMTP id 189mr2692140vsy.54.1611066235795; Tue, 19 Jan 2021 06:23:55 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <>
In-Reply-To: <>
From: "Murray S. Kucherawy" <>
Date: Tue, 19 Jan 2021 06:23:42 -0800
Message-ID: <>
To: Douglas Foster <>
Cc: IETF DMARC WG <>, "Dale R. Worley" <>
Content-Type: multipart/alternative; boundary="000000000000b1bdaf05b94196fb"
Archived-At: <>
Subject: Re: [dmarc-ietf] [Gen-art] [Last-Call] Genart last call review of draft-ietf-dmarc-psd-08
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 19 Jan 2021 14:23:59 -0000

On Tue, Jan 19, 2021 at 4:34 AM Douglas Foster <> wrote:

> I raised objections to the definition of "non-existent", which never
> received an adequate response before the discussion went silent.
> DMARC checks the From  header address, which may exist only as an
> identifier used for mass mailings.   These mailings are often sent by an
> ESP using an unrelated SMTP address.    As such, the From address need not
> be associated with any A, AAAA, or MX record.    I assert that the only
> viable definition of non-existent is "not registered", as evidenced by
> absence of an NS record.

This is a discussion of DMARC, not of PSD, right?  DMARC defines this test
in an Appendix, and then makes it non-mandatory.  PSD says to apply that
test for domains that request it.

Hooking this test up to registration requires introducing RDAP or something
similar.  Is that what we're talking about here?

I don't believe the proposed definition of "non-existent" is reliably true
> even in the special case of interest for this document, impersonation fraud
> occurring at the top of an organizational structure.  Example.PSD may
> legitimately use mail.Example.PSD for email and www.example.psd for web.
>  If the proposed condition MUST always be true, I have not seen that fact
> demonstrated.   Since the document raises a general concern about
> fraudulent use of non-existent domains, the definition used should be one
> that can be generalized.,

This sounds like something that should be solved in DMARC, not PSD, but
naturally consensus wins here, so have at it.