Some universities' resolvers return NOERROR instead of NXDOMAIN (samba4 server
used as AD, and resolvers)
They still do that? Wow. At least that won't screw up DMARC evaluators
too much.
In any event, I don't think it's our job to redesign our specs for the
benefit of people who've
arc"
Cc: "Murray S. Kucherawy"
Envoyé: Vendredi 15 Mars 2024 02:45:01
Objet: Re: [dmarc-ietf] Problem with multiple policies, different alignment
It appears that Murray S. Kucherawy said:
>It's alarming to hear that NXDOMAIN replies are never issued or (perhaps
>mo
It appears that Murray S. Kucherawy said:
>It's alarming to hear that NXDOMAIN replies are never issued or (perhaps
>more likely) are dropped by some software or firewalls. It completely
>prevents any benefits of negative caching. I wonder what the DNS community
>might have to say about this
On Thu, Mar 14, 2024 at 9:17 PM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:
> All of this is based on my slightly confrontational comment that "Tree
> Walk is inefficient and unreliable", which maybe needs elaboration. My
> approach to the problem changed dramatically when I
On Thu 14/Mar/2024 12:17:17 +0100 Douglas Foster wrote:
Your latter questions were similar to Ale's
- If the SPF/DKIM domain is a parent of the From domain, then we check its
relationship to the organizational domain. If it is a parent of the
organizational domain, the result is unaligned.
Your latter questions were similar to Ale's
- If the SPF/DKIM domain is a parent of the From domain, then we check its
relationship to the organizational domain. If it is a parent of the
organizational domain, the result is unaligned. If it is anywhere between
the organizational domain and
When SPF/DKIM domain is a parent of the From domain, result may be aligned
or unaligned, but Tree Walk is not needed.
"Not a child" was correct as stated. If the first Tree Walk determines
that sub1.example.com is the organization, then we are only interested in
SPF)DKIM domains that are in the
On Wed, Mar 13, 2024 at 6:24 AM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:
> My unsuccessful attempt to implement to the specification has reminded me
> of my past concerns.
>
> Our document gives primacy to the Tree Walk, as if it will be used on
> every From domain, SPF
On Wed 13/Mar/2024 11:23:43 +0100 Douglas Foster wrote:
The reality is that the Tree Walk is an inefficient and unreliable way of
obtaining an answer, particularly because of the risk of DNS timeouts. As
a result, the Tree Walk should be avoided whenever possible. In fact, the
secondary
My unsuccessful attempt to implement to the specification has reminded me
of my past concerns.
Our document gives primacy to the Tree Walk, as if it will be used on every
>From domain, SPF domain, and DKIM domain. The Tree Walk algorithm is
explained in detail before any discussion of how it is
the groups intend is with
DMARCbis in this case.
/ Tobias Herkula
From: dmarc On Behalf Of Murray S. Kucherawy
Sent: Tuesday, March 12, 2024 8:49 PM
To: IETF DMARC WG
Subject: Re: [dmarc-ietf] Problem with multiple policies, different alignment
On Tue, Mar 12, 2024 at 6:23 AM Tobias Herkula
mailto
On Tue, Mar 12, 2024 at 6:23 AM Tobias Herkula wrote:
> The DMARC Record on the DKIM signing domain is not relevant for DMARC
> evaluation, so if the 5322.From header domain is “example.com” the
> “adkim:r” is relevant for evaluation regarding your example setup and would
> consider a DKIM
WG
Subject: [dmarc-ietf] Problem with multiple policies, different alignment
I have been building a DMARC implementation, starting with a simple function:
TreeWalk(domain) which returns:
* Policy found or not found indicator
* Policy Domain
* Organizational Domain
* Policy record
I have been building a DMARC implementation, starting with a simple
function:
TreeWalk(domain) which returns:
- Policy found or not found indicator
- Policy Domain
- Organizational Domain
- Policy record
My thought was that the Tree Walk result was independent of the domain
14 matches
Mail list logo
