Re: [dmarc-ietf] Thoughts on choosing N (choose 6)
Douglas Foster <dougfoster.emailstandards@gmail.com> Tue, 16 April 2024 11:18 UTC
Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9EC7C14F5F9 for <dmarc@ietfa.amsl.com>; Tue, 16 Apr 2024 04:18:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qo01HfW4S7Z1 for <dmarc@ietfa.amsl.com>; Tue, 16 Apr 2024 04:18:23 -0700 (PDT)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95DDCC14F5F2 for <dmarc@ietf.org>; Tue, 16 Apr 2024 04:18:23 -0700 (PDT)
Received: by mail-lj1-x236.google.com with SMTP id 38308e7fff4ca-2da88833109so28588541fa.0 for <dmarc@ietf.org>; Tue, 16 Apr 2024 04:18:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713266301; x=1713871101; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=gOJDRVQSy0sIrBUW7Q6dbLECG7R4fkzLNU3gcVQmC3Y=; b=akK/BHeU1aFm46iWKrYOhElgyLaSNbguS429kJCz9Q85Mf41w/fzyTywCGzDav9amj /+WLfrIiz+yIqaFmqwxPZfBS57y+d7NZd7nApOay/x/zFqkFIhwRfV+ULDzT8qfF+nOu OJbasY+ZNA/hWJTpmOlqyt8TklDs806MR/Qsnby9cmkXO9novWbA4RzJouzNHXN5Wk20 0UMUM1tp1siWgUFIXsRUN0Mj0O1M/pW4ucYKGRKyORHF3Yeqbd3oM5ZEcIsIsO8y+9a7 7GZ0cIUzPIeqGoulnZW48zdSyukaYePT+h3ozNALSDiMiHZntwHyrpgdStYxpHMu1rU5 pINw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713266301; x=1713871101; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gOJDRVQSy0sIrBUW7Q6dbLECG7R4fkzLNU3gcVQmC3Y=; b=illi0y4PYihe5uLtXt1K+MT7YDobGzETgbQ0DEKN5U/gxFUwTnj52/1cdtTYQU8f3q VrzRlITHgQFp0vBW1XA/GtVCUrOrg6eIc5yd6i97XLAHIgr1sihJU5JZE3lZ/xYy8/GP TbHLG8iyo6qMx8r2J5qP8KFwiEO2JgUmzgobvPqPmdQ19BIaxBJsFTDwFyAby4yz1c8f NpIVFV2Fm8Dn37szj5wTrN0KgszBsVHC+Azbb/l9WSBvKobPzAJCdGxyr+/XZgXwB8Jb 6LhyZIkl2o5siR9skfslsHMsGqpnYmTE57+gWPfMD+mqJK9rhY8GAtkxqjOgoPoMAD9c 8Y8w==
X-Gm-Message-State: AOJu0YyNWXL3MkJCRxtZtKUSyayNGyEntkKZHXU28J3MeamRwMT8JQxN /VqdXnrxCEEovdOlxbP165ST44RsAcekYfv9kJWTzUhfxchL5kAxURRA/ZCE7GGfR+73YVFjBMT YqjUFPLLXp7+eTzBGIL1hsVh7dQQn6Q==
X-Google-Smtp-Source: AGHT+IHAsAUB/55HQVB/9EBqlOAXfjO/X8+nbyemTDLD28nA8EKLToE3/XCV/T2jYO1WIpfrNG3S9QOavdHKkldw6eo=
X-Received: by 2002:a2e:be1b:0:b0:2d8:55f0:476b with SMTP id z27-20020a2ebe1b000000b002d855f0476bmr10022910ljq.23.1713266301234; Tue, 16 Apr 2024 04:18:21 -0700 (PDT)
MIME-Version: 1.0
References: <20240416023654.6639F8883D66@ary.qy> <1B5E0A76-270B-486E-9EA2-F1B936092198@kitterman.com>
In-Reply-To: <1B5E0A76-270B-486E-9EA2-F1B936092198@kitterman.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Tue, 16 Apr 2024 07:18:10 -0400
Message-ID: <CAH48ZfxFL9g9Tt0Zhn_agG9L8H=vbq23gNtL47qafos+eGpXbA@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004a78c8061634e5e8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/yzu3gYQOqlUu-Cc70CDcDWpA6YM>
Subject: Re: [dmarc-ietf] Thoughts on choosing N (choose 6)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2024 11:18:27 -0000
A look at my data was helpful. Organizational alignment means that N labels match exactly. Relaxed alignment means that at least one of the names is longer than N. Those rules are easy to check on my historical data. I have examples of mismatched domains with 4 matching labels. I also have examples of exact-match domains with 5 matching labels. Strict alignment does not matter for N, because it will produce PASS on any detected policy. So my data suggests a maximum possible N of 4. My message volume is almost exclusively 2LD domains, so a 4-label match represents a partitioned organization at Org+2. This has parallels in the known private registry structure, where Private Registry clients are mostly at Registered Org +1 and sometimes at Registered Org + 2. If we choose N=6, we provide Org+2 partitioning to organizations with 4-label domains. Based on this, I don't see any reason to go higher, and limiting partitions to Org+2 seems easy to defend conceptually. (As an aside, my longest From address was 10 labels, from a spammer, and it aligned with a 3-label Mail From address. My longest Mail From addresses were from *.bnc.salesforce.com, but I stopped counting at 9 because the salesforce Mail From addresses do not align with the From address at all.) Doug Foster On Tue, Apr 16, 2024 at 12:03 AM Scott Kitterman <sklist@kitterman.com> wrote: > > > On April 16, 2024 2:36:53 AM UTC, John Levine <johnl@taugh.com> wrote: > >It appears that Scott Kitterman <sklist@kitterman.com> said: > >>>I'm with Scott, pick a number, 5, 8, whatever, and be done with it. > >>> > >>Modulo we do need to explain why 8. Related, I think we also need to > explain why the reporting address thing is important for DMARCbis since > having an intermediate level record isn't > >>currently supported by DMARC. > > > >What do you mean by intermediate level record? Whatever the tree walk > finds is > >by definition the org domain. > > > >There are some PSL entries with one below another so it's not > unprecedented. > > That's true, although that pattern in the PSL doesn't seem very relevant > to email. > > In the case of a.b.c.example.com and example.com is in the PSL, the DMARC > records in a.b.c.example.com (if present) and example.com (otherwise) are > consulted. The only way to get to b.c.example.com or c.example.com would > be to add them to the PSL. These are what I meant by intermediate records. > > It's, of course, different for DMARCbis. There we walk up the tree, so > those get checked and as you say, the first one we find is the org domain. > > The claim, as I understand it, is that for big orgs that go deeper than 5 > levels (in fact up to 8), it is somehow critical to have different > reporting addresses (which leads to a need for org domains 6, 7, and 8 > levels deep). > > I don't find cases where it looks like such things have been added to the > PSL, so I'm skeptical that this is really critical. It might be helpful > and it might even be a good idea, but I fail to find the evidence I'd > expect to find if it were actually critical for a domain operator to be > able to do this. > > I agree that we ought to just get this done, but without a rationale for 8 > that holds water, I think we're better off deciding to stick to the number > (5) that we have an articulable rationale for. > > I'm sure it will take some time to get through the last call comments, so > I imagine that we can wait a bit for more information before deciding > without delaying the overall progress. > > Scott K > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- [dmarc-ietf] WGLC editorial review of draft-ietf-… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… John Levine
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Douglas Foster
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Mark Alley
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… John Levine
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Seth Blank
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Murray S. Kucherawy
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Richard Clayton
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Tero Kivinen
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Brotman, Alex
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Dotzero
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Todd Herr
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Jim Fenton
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Brotman, Alex
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Todd Herr
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Murray S. Kucherawy
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… John Levine
- Re: [dmarc-ietf] ARC, was WGLC editorial review o… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Laura Atkins
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Dotzero
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Scott Kitterman
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Scott Kitterman
- Re: [dmarc-ietf] the long march, WGLC editorial r… John R. Levine
- Re: [dmarc-ietf] the long march, WGLC editorial r… Scott Kitterman
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Neil Anuskiewicz
- Re: [dmarc-ietf] the long march, WGLC editorial r… Murray S. Kucherawy
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Murray S. Kucherawy
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N (choose 6) Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Neil Anuskiewicz
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely