John, Thanks for this. I think we'd decided this wouldn't work (along with JISC, who currently run the authoritative DNS for gov.uk). For the life of me, I can't remember why though!
We'll have another look at it after the holidays. We have every intention of making delegates responsible for doing something sensible in their namespace as well. Thanks again. Ta. I. -- Dr Ian Levy Technical Director National Cyber Security Centre Staff Officer : Kate Atkins, kat...@ncsc.gov.uk -----Original Message----- From: John R Levine [mailto:jo...@taugh.com] Sent: 20 December 2017 17:58 To: Kurt Andersen (b) <kb...@drkurt.com> Cc: Ian Levy <ian.l...@ncsc.gov.uk>; dmarc@ietf.org Subject: Re: [dmarc-ietf] Preventing abuse of public-suffix-level domains On Wed, 20 Dec 2017, Kurt Andersen (b) wrote: >> I need to be able to emulate in some way the effect of SPF and DMARC >> records for non-existent first level subdomains under the PSL gov.uk >> - to stop spoof mail apparently coming from them being delivered. > I'm quite sure that you will need to do this via synthetic records > being returned either by the gov.uk name servers or by having gov.uk > refer to a general "parked domain" name server (farm) for all of the > non-existent subdomains ... With your current DNS setup, you could add this, no new name servers needed: *.gov.uk. IN TXT "v=spf1 -all" *.gov.uk. IN TXT "v=DMARC1; p=reject; rua=mailto:<something>; ruf=mailto:<something>" This will cover all undelegated names below gov.uk, e.g. abc.gov.uk and abc.def.gov.uk. It won't cover names under existing subdomains, e.g. abc.mod.gov.uk but it's better than nothing. Unless the people who host your DNS are willing to let you use customized stunt servers, which seems unlikely considering who they are, that's about the best you can do without getting the cooperation of your delegatees. Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fjl.ly&data=02%7C01%7Cian.levy%40ncsc.gov.uk%7Cbd63e2124c974606c8a808d547d33b16%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C636493894920036818&sdata=iUTep54zAORBtIwqsMU%2BjEg51F%2FhxgAEPX%2BXl9IEfmU%3D&reserved=0 This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfo...@ncsc.gov.uk _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
