Re: [dmarc-ietf] Summary comments on draft-ietf-dmarc-psd

"Douglas E. Foster" <> Wed, 11 March 2020 00:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4EEE03A0C90 for <>; Tue, 10 Mar 2020 17:24:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RB6DvV8P55Nm for <>; Tue, 10 Mar 2020 17:24:36 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A2A9E3A0CDC for <>; Tue, 10 Mar 2020 17:24:36 -0700 (PDT)
X-ASG-Debug-ID: 1583886274-11fa313cec3fb50001-K2EkT1
Received: from ( []) by with ESMTP id 2xHvyGTXVaGnAfMU (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO) for <>; Tue, 10 Mar 2020 20:24:34 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=s1025; h=message-id:reply-to:subject:to:from; bh=BZlcdZEbT8PqOiWolXKaROYhi39zTC39+cFW5wANI4c=; b=jIx7xalHeVjiaeGXJlt7BjqmDcPM6zyfbZDI3fONSUFRfGBt7To5U8Co8U0v3BiNT +UaUQRXAWCQ/1cs6uuRnzQ3ek9MGRDcfQUUwimRZi3i8RpCopC8l3YmERsfJY8Dq9 f4kDYxDIM5QVjK1wv0+K5dsYEMsqL5x37HWaKDjc4=
From: "Douglas E. Foster" <>
Date: Wed, 11 Mar 2020 00:24:27 GMT
X-ASG-Orig-Subj: Re: [dmarc-ietf] Summary comments on draft-ietf-dmarc-psd
Message-ID: <>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=a1c013b87ceb4c0083560efb5cdba1cc
In-Reply-To: <>
References: <>
X-Exim-Id: 07299ed5532344839a82dd295451b6c1
X-Barracuda-Start-Time: 1583886274
X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384
X-Virus-Scanned: by bsmtpd at
X-Barracuda-Scan-Msg-Size: 3583
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <>
Subject: Re: [dmarc-ietf] Summary comments on draft-ietf-dmarc-psd
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 11 Mar 2020 00:25:59 -0000

Dave raises some interesting points.

For my part, I am troubled by issues that are created by the DMARC specification itself.    The fallback rule says we jump directly from the domain name to the organization name, which creates the need for a special list to know how to find the organization.   As I think you have discussed, there is no fully acceptable mechanism for publishing the list and keeping implementations of the list current.

If the fallback rule simply told implementations to walk up the domain tree until a policy was found, the need for a special list would go away.

The other need for organization knowledge is the domain alignment rule which allows for sibling relationships between the signing domain and the From domain.   From a technical standpoint, this is unfortunate becomes it complicates implementations with the need to determine the organization.

>From the viewpoint of a receiving system, it is not obvious to me why I should assume that should be accepted as having administrative authority to send messages on behalf of  This is an administrative control issue for the sending organization, and the whole point of DMARC was to help sending organizations improve their administrative control over email.  However, it is a trust issue for the receiving organization, and I have no desire to assume every DMARC-participating organization has perfect administrative control.

But I suppose the DMARC train has left the station, even if the deployment process has been slow.

Doug Foster