Re: [dmarc-ietf] Signaling MLMs

Tue, 18 Apr 2023 06:38:11 -0700 

On 4/17/2023 6:48 PM, Benny Pedersen wrote:

Hector Santos skrev den 2023-04-17 20:55:


One solution is for the junc.eu domain to add an ATPS authorization
record for ietf.org [1] to the junc.eu [2] zone:

pq6xadozsi47rluiq5yohg2hy3mvjyoo._atps  TXT ("v=atps01; d=ietf.org;")


retest


[3] https://winserver.com/public/wcDmarc




Hi Benny,

Thanks for testing!!  The verification on your message showed dmarc=fail.
Apparently, I couldn't completely turn off the ADSP/ATPS logic when I added the DMARC/ATPS to the wcDKIM Policy verifier. Once I re-enabled ADSP/ATPS, it worked with the expected responses by running the code on the saved original inbound message. The Author Domain policy, if any, in this case ADSP and DMARC, ares applied to each signature found. 

*Authentication-Results: dkim.winserver.com;**
**     dkim=pass header.d=ietf.org header.s=ietf1 header.i=ietf.org;**
**     adsp=none author.d=junc.eu signer.d=ietf.org;**
**dmarc=pass policy=none author.d=junc.eu asl.d=ietf.org (asl signer);**
**     dkim=pass header.d=ietf.org header.s=ietf1 header.i=ietf.org;**
**     adsp=none author.d=junc.eu signer.d=ietf.org;**
**dmarc=pass policy=none author.d=junc.eu asl.d=ietf.org (asl signer);**
**dkim=fail (DKIM_BODY_HASH_MISMATCH) header.d=junc.eu header.s=default header.i=@junc.eu;** 
**     adsp=dkim-fail author.d=junc.eu signer.d=junc.eu;**
** dmarc=dkim-fail policy=none author.d=junc.eu signer.d=junc.eu (originating signer);* 


Description.  The DMARC record for junc.eu was updated with two new tags:

*atps=y;asl=ietf.org*
No ADSP record was found. No ADSP+ATPS policy logic applied. The DMARC+ATPS verifier found the asl= signer condition to be true. If asl= was false, the atps=y tag enables an ATPS record lookup for the signer domain ietf.org.
Time to update this 2011 code to allow ADSP to be disabled and the new DMARCBis new lookup algorithm considerations.
Thanks for exploring this DKIM Policy Model solution with 3rd party signer support using DMARC+ATPS. 


--
Hector Santos,
https://winserver.com/public/wcADSP
https://winserver.com/public/wcDMARC



_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to