Re: [spfbis] [dmarc-ietf] SPF doesn't accommodate third level .name domains?
John Levine <johnl@taugh.com> Fri, 03 June 2022 20:02 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26CF8C14F738 for <spfbis@ietfa.amsl.com>; Fri, 3 Jun 2022 13:02:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.859
X-Spam-Level:
X-Spam-Status: No, score=-1.859 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=cO7RKlE+; dkim=pass (2048-bit key) header.d=taugh.com header.b=CquMLQID
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L3Au0wKY7Xqq for <spfbis@ietfa.amsl.com>; Fri, 3 Jun 2022 13:02:09 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE2BBC14F612 for <spfbis@ietf.org>; Fri, 3 Jun 2022 13:02:09 -0700 (PDT)
Received: (qmail 86502 invoked from network); 3 Jun 2022 20:02:05 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:reply-to:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=151e4.629a68bd.k2206; bh=v0YiqF7RCl8AgCW0qk7oJ9LxSR/ZFF1M2o3Ej0d1q3o=; b=cO7RKlE+LVJYOO7reNI51soHjsVItB+Wl9EVbu2SPIo+H+PQ49NGDMFtK+KBBKf7gs2cTzLuT1QwpQps25UJLFTtTR9hHb0tNWN5z+KabDV9jzTMlXgg3TtyUii4A6p8SFHYg/Y5YkOrKKhKF1O6H+6I2ovrun+F8RBMZJFJWMeXyjmH6tL9waUrLNm05hK6BgtNhLkyzMWt5Sku4R7nosuh6WM+Z4Gc8YFiVqLuqiY9mfYLrG8SWppgGBcApPVJwiHswiHQrpR0o6BxdsTOj4FmAiLVILD/UiiDBpbOzxZq+LmEDkI8Slsx6ydYEVP3PK9f0E9hW/uaY7+ZG53ZoQ==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:reply-to:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=151e4.629a68bd.k2206; bh=v0YiqF7RCl8AgCW0qk7oJ9LxSR/ZFF1M2o3Ej0d1q3o=; b=CquMLQID8P5cutAp5N7v/59WbBcCsgPj1ZJVCjaRUsNG3PQlMeeAKAn8LQH4oaQ8KxEZCE5CHNCoWAho7oJ6D2PsWhdML8NTOsdZMinE50dxky/ExoejDzHM9cC7d7yF7L8uGeBVLc0A7xIvt66AzjvEPcGMEAsXEJ9YX8NZqePpKD+NF7+DuR73sQ7RmhDNoOfuJylTogQ30wX1rYlwZlawsWnHJQbEKeU8Xfwqxd7q6LEG9tFk+7mvXUUi+5/UfhESm9iLIcd4506OISjrVIP5Om7R/0VN74nSYzn3ie5s+7EcXj8OjoGggGw+X6TwdAkKgJuvTnIpBX//44h6jw==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 03 Jun 2022 20:02:05 -0000
Received: by ary.qy (Postfix, from userid 501) id 3442942E787F; Fri, 3 Jun 2022 16:02:03 -0400 (EDT)
Date: Fri, 03 Jun 2022 16:02:03 -0400
Message-Id: <20220603200204.3442942E787F@ary.qy>
From: John Levine <johnl@taugh.com>
Reply-To: spfbis@ietf.org
To: spfbis@ietf.org
Cc: dw@thedave.ca
In-Reply-To: <ccb36c34-5e89-a699-e88a-e0c3985494cc@thedave.ca>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/spfbis/qqytXlJEYEHixMm4pAy_gUTr8PY>
Subject: Re: [spfbis] [dmarc-ietf] SPF doesn't accommodate third level .name domains?
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2022 20:02:15 -0000
[[ replies once again directed to spfbis ]]
>SPF should be able to handle this situation using macros anyway:
>
>bustos.name. IN TXT "v=spf1 include:%{l}._spf.bustos.name -all"
>david._spf.bustos.name. IN TXT "v=spf1 redirect=david's-email-provider"
Except, as we may have mentioned a few times, the .name ICANN contract
has no provision for adding SPF records like this. The registry only
forwards incoming mail. It doesn't handle outgoing mail.
Since they've been forwarding incoming .name mail for 20 years, and this is the first
time we've seen a complaint about outgoing .name mail, perhaps this is not a problem
that needs solving.
If David used david@david.bustos.name, the domain would point to his own nameservers
and he can do whatever SPF, DKIM, or DMARC he wants. Or if it wants a 2LD, he could
get davidbustos.name and manage the NS. What you can't do is manage the NS on a .name
2LD which is a last name.
R's,
John