Re: [dmarc-ietf] Summary comments on draft-ietf-dmarc-psd

John Levine <johnl@taugh.com> Thu, 19 March 2020 01:17 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD41B3A1B73 for <dmarc@ietfa.amsl.com>; Wed, 18 Mar 2020 18:17:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.851
X-Spam-Level:
X-Spam-Status: No, score=-1.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=Yu0hAPLU; dkim=pass (1536-bit key) header.d=taugh.com header.b=h35vg/Gs
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jp7N_vKL6RXW for <dmarc@ietfa.amsl.com>; Wed, 18 Mar 2020 18:17:06 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2D3E3A1A6A for <dmarc@ietf.org>; Wed, 18 Mar 2020 18:17:05 -0700 (PDT)
Received: (qmail 38758 invoked from network); 19 Mar 2020 01:17:04 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; =?utf-8?q?h=3Ddate?= =?utf-8?q?=3Amessage-id=3Afrom=3Ato=3Acc=3Asubject=3Ain-reply-to=3Amime-ver?= =?utf-8?q?sion=3Acontent-type=3Acontent-transfer-encoding=3B?= =?utf-8?q?s=3D9760=2E5e72c810=2Ek2003=3B_bh=3DHqPPd8KUrSK0LAj3PMHoIcdUsvGk0?= =?utf-8?q?MVerpZId56abGA=3D=3B_b=3DYu0hAPLUTFEeucCKEGrnqY1Vn98Fu/K1hVKh9v0h?= =?utf-8?q?AY0T917Ys85g5l1nLM6xtUFc8rgtE3JEv7P8rb3TEbiOo8XbwpFLB1ET4KnNGq4hV?= =?utf-8?q?LGDrd4MlshI5BfvaF6Xe/OAfWeSGEVj4U7p7nFYTOG/0uJC6rCXz0LWWYADcantHg?= =?utf-8?q?sv6fHEZOYr/g2sI23kEJJLVARs5QFkQwnDfEwBgZe/rwnyV4JyVOZ7PvevXWoOF6f?= =?utf-8?q?FNHawTQaLkA/6dJGDoGV2?=
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; =?utf-8?q?h=3Ddate?= =?utf-8?q?=3Amessage-id=3Afrom=3Ato=3Acc=3Asubject=3Ain-reply-to=3Amime-ver?= =?utf-8?q?sion=3Acontent-type=3Acontent-transfer-encoding=3B?= =?utf-8?q?s=3D9760=2E5e72c810=2Ek2003=3B_bh=3DHqPPd8KUrSK0LAj3PMHoIcdUsvGk0?= =?utf-8?q?MVerpZId56abGA=3D=3B_b=3Dh35vg/GsLUqetLHp51uBGaAsRo1jtdWtFXZmQlDZ?= =?utf-8?q?Jz22HIItFsym7cRM9+2NMZeh9UCFPV3e6apWDyDmHcN48Y0GfIFLOUXlbQ58AFcP1?= =?utf-8?q?PtgxS42jEcjrfDLW6pkziGt3778Kf23xNJfvUuNQxt3VP1hg7BSIa7+RjXSgARAAb?= =?utf-8?q?OfwxKHSh6qHboBIEPVJmpLoBam9bLoi7U0I3vP7AQ1UnWHPi6mHGg9dpx6vLN2oI4?= =?utf-8?q?fPLphD/RtymD00DYdYBHj?=
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 19 Mar 2020 01:17:04 -0000
Received: by ary.qy (Postfix, from userid 501) id E1A70163EB3F; Wed, 18 Mar 2020 21:17:03 -0400 (EDT)
Date: 18 Mar 2020 21:17:03 -0400
Message-Id: <20200319011703.E1A70163EB3F@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: superuser@gmail.com
In-Reply-To: <CAL0qLwZwz+R52ydEgn7Qpu8t4=5WSH0xLUijs48FWB00vbQ49g@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/yCh7qVaklh0WEBf7XzWQX0yrYTg>
Subject: Re: [dmarc-ietf] Summary comments on draft-ietf-dmarc-psd
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2020 01:17:09 -0000

In article <CAL0qLwZwz+R52ydEgn7Qpu8t4=5WSH0xLUijs48FWB00vbQ49g@mail.gmail.com> you write:
>> Consider: From foo@bogus.bogus.bogus.bogus.bogus...bogus.bogus.example.com
>>
>Yeah, I'm familiar with the nature of the attack.   But based on what
>amounts to the hallway track, it feels like the perspective of the DNS
>community these days is that the currently deployed DNS infrastructure
>could easily deal with such an attack, ...

The DNS crowd is finally admitting to themselves that Sturgeon's Law
applies to the DNS, too, and a little more crud will be lost in the
large amoung ot noise.  I gather than people are implementing RFC 8020
which makes this attack less effective.

>The issue PSD is attempting to address is mail sent as a nonexistent
>subdomain.  For example, irs.gov doesn't have a subdomain called
>auditors.irs.gov, so irrespective of any irs.gov DMARC policy, I could send
>email as msk@auditors.irs.gov without limitation. ...

I have less sympathy for that argument.  I do a hard reject of any
mail with a nonexistent bounce address which I don't think is unusual.

PSD as I understand it is to address the same issue the organizational
domain does, but a level up, in a group of organizations that have
some administrative connection.  The issue is people who publish A and
MX records without covering DMARC records.  They're not supposed to do
that but they do, and PSD is one way of figuring out who needs to fix what.

R's,
John
-- 
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly