[v6ops] I-D An Extension to DNS64 for Sender Policy Framework SPF Awareness
Klaus Frank <klaus.frank@posteo.de> Mon, 14 February 2022 08:53 UTC
Return-Path: <klaus.frank@posteo.de>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3746A3A0CB3 for <v6ops@ietfa.amsl.com>; Mon, 14 Feb 2022 00:53:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=posteo.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ex5bBb-Eirlt for <v6ops@ietfa.amsl.com>; Mon, 14 Feb 2022 00:53:28 -0800 (PST)
Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A55543A0CA4 for <v6ops@ietf.org>; Mon, 14 Feb 2022 00:53:25 -0800 (PST)
Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id 683B3240029 for <v6ops@ietf.org>; Mon, 14 Feb 2022 09:53:21 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1644828802; bh=/vJe6rMUFjByW0w0t/Lkm5lV0bYaICqJBdGFO67+Knc=; h=Date:To:From:Subject:From; b=BItQBoYS92pLT5dio4e+Fm39V/jhpKBAp0pxp65tOSkrIFr998B4JSoivLoOwg3au jc1BnTediJVdOe9lmBOiEoc2PI9T5kmWkJSx75lBo92aq75PX2hFfhpdk1cTkKAvUV 1xVyueGwDskDTdXKnpVW3mU0SS9ixIKfmlDUwNSP6hgvp2rHzF0UwjWPYJFQNOZeps K7hLPdYiBckD/hmEN8U2kVYOtpgPPAvLR0xdfAl123i+oDxmz555j98uKykUQS6foJ eQeZJuhJEr+um25csAFJ4ajztMEjw+qUgjfqGJUu/amxVIHZhsEyl6M7IsMPeXUOL+ WumJTbpP0r1Cw==
Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4Jxyg53wmrz9rxT for <v6ops@ietf.org>; Mon, 14 Feb 2022 09:53:20 +0100 (CET)
Message-ID: <dba71317-3889-7b0a-c9fa-2a907bb40e93@posteo.de>
Date: Mon, 14 Feb 2022 08:53:20 +0000
MIME-Version: 1.0
Content-Language: en-US
To: v6ops@ietf.org
From: Klaus Frank <klaus.frank@posteo.de>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms030906080103010108030607"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/YZQnMj5V_XV8YmJj6RT7fJJtgoU>
Subject: [v6ops] I-D An Extension to DNS64 for Sender Policy Framework SPF Awareness
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Feb 2022 08:53:33 -0000
Hi, I wrote an I-D for updating DNS64 to better work for MTA operators. I'd like to get your opinions on that as some guidance on how to move forward with it (sorry I'm new to the process). Some background for this we had some issues with SPF and a mail server that was behind NAT64+DNS64. I at first thought that it was just a misconfiguration. But after the DNS64 server seamed to work as intended I went to the implementation and the RFC. Thereby while reading RFC6147 I stumbled across section 5.3.3 which says "All other RRs MUST be returned unchanged." which is the cause of my issues. This section is basically ignoring SPF records (RFC7208 section 5.6) and also preventing DNS64 implementations from addressing this limitation themselves. After some discussion on the behave and spfbis mailing list I created this I-D. I was referred to this mailing list as both the behave as well as the spfbis WG are closed. GitHub: https://github.com/agowa338/IETF-RFC-drafts/blob/main/draft-frank-dns64-spf-extension-03.xml Sincerely, Klaus Frank Name: draft-frank-dns64-spf-extension Revision: 03 Title: An Extension to DNS64 for Sender Policy Framework SPF Awareness Document date: 2022-02-14 Group: Individual Submission Pages: 6 URL: https://www.ietf.org/archive/id/draft-frank-dns64-spf-extension-03.txt Status: https://datatracker.ietf.org/doc/draft-frank-dns64-spf-extension/ Html: https://www.ietf.org/archive/id/draft-frank-dns64-spf-extension-03.html Htmlized: https://datatracker.ietf.org/doc/html/draft-frank-dns64-spf-extension Diff: https://www.ietf.org/rfcdiff?url2=draft-frank-dns64-spf-extension-03 Abstract: This document describes interoperability issues and resolutions between DNS64 and SPF records for mail transfer agents. This document also aims to simplify the IPv6 migration for mail transfer agent operators. This document updates [RFC6147] and [RFC7208].
- [v6ops] I-D An Extension to DNS64 for Sender Poli… Klaus Frank
- Re: [v6ops] I-D An Extension to DNS64 for Sender … Mark Andrews