IETF Logo Mail Archive

Re: [dmarc-ietf] DMARCbis issue: what is DMARC ?

"John R Levine" <johnl@taugh.com> Fri, 24 May 2019 18:25 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17FB512008F for <dmarc@ietfa.amsl.com>; Fri, 24 May 2019 11:25:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=Rfsv583G; dkim=pass (1536-bit key) header.d=taugh.com header.b=Te1726Ll
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pnjiQ8rhAJYG for <dmarc@ietfa.amsl.com>; Fri, 24 May 2019 11:25:36 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCC4312004B for <dmarc@ietf.org>; Fri, 24 May 2019 11:25:35 -0700 (PDT)
Received: (qmail 3042 invoked from network); 24 May 2019 18:25:34 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=be0.5ce8371e.k1905; i=johnl-iecc.com@submit.iecc.com; bh=nqSfxrQNQ8LvcMsgS74RV2K27puB5RHdCSwP3kOzp8U=; b=Rfsv583G5tmqjpqiRs5dwEAHSa0Tv8Q2sqppoaD4ZUEoE+9j+tIHU7nbPG1vuWGkZR7GeRuAQL57X1HZoULepvmpl30SFTl1agLHQsviKq1UCH+pnZOdG96Ok8m8v9vtfceO9I8/GlbuLZujXHsNX2lU9172S9IDNoCPN+RHk6we5Z5u37/sHzWDBTMc/fSX5Z5xLEhFhxg7bg1bxtXSHATS+xYY5tbm28q45YIHoW45do7cFDHjGHZXZ7tY6mwE
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=be0.5ce8371e.k1905; olt=johnl-iecc.com@submit.iecc.com; bh=nqSfxrQNQ8LvcMsgS74RV2K27puB5RHdCSwP3kOzp8U=; b=Te1726LlNdKYmFNMk8t3z/O6rApq+CEQ6J3zuL3Yr2V4NnLFaOAlMSmZ6/vqVbsrTLhmmehNHNaCZQzfmTDkmREnKIBdbIh9Umd+m11pB9EgVhmdL8FM6pI7s3hJGbP4EJv+1/C/U8vCKEBZH96ul4CBGO0kD7Rdt+MHpBwXJokR9LZyZ7UYCWH2jyzyHTZT8fKt3KecgxqwWVMiXrsq3XnsC3X7hlSkOfDvTj3ihDqNLz++c4rvJEXEWY3yglft
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 24 May 2019 18:25:33 -0000
Date: Fri, 24 May 2019 14:25:33 -0400
Message-ID: <alpine.OSX.2.21.9999.1905241416240.51329@ary.qy>
From: John R Levine <johnl@taugh.com>
To: Jim Fenton <fenton@bluepopcorn.net>
Cc: dmarc@ietf.org
In-Reply-To: <280824a0-536b-91f1-8072-f7d1cf3051aa@bluepopcorn.net>
References: <20190523225213.C214620147B780@ary.qy> <ab587c42-dd2f-2403-999a-c7d559764726@bluepopcorn.net> <alpine.OSX.2.21.9999.1905241036450.50141@ary.qy> <280824a0-536b-91f1-8072-f7d1cf3051aa@bluepopcorn.net>
User-Agent: Alpine 2.21.9999 (OSX 337 2019-05-05)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/IH9z5BADOiKO5jkWfYk8MqfAzmI>
Subject: Re: [dmarc-ietf] DMARCbis issue: what is DMARC ?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 May 2019 18:25:38 -0000

On Fri, 24 May 2019, Jim Fenton wrote:
> I hope this isn't devolving into a "we can't make any changes, because
> it might break something" argument.

I don't think so, but we also have a tradition of minimizing the changes 
to what's needed.  Look at RFCs 2821 and 5321 for example, where they 
deliberately left the section numbering and most of the language alone and 
fit the changes into the existing structure.

> 1. When an MTA product says that it "supports DMARC", does that mean
> that it has to support both policy and reporting? ...

> 2. Along similar lines, I get confused when I hear that x% of {some set
> of domains} has "deployed DMARC". What does that mean? ...

Deploying DMARC seems to mean any subset of these:

1a.  Publish a DMARC record
1b.  Publish a DMARC record with a restrictive policy
2a.  Evaluate DMARC status of incoming messages
2b.  Use that status to manage message disposition
3.   Collect reports
4a.  Send aggregate reports
4b.  Send failure reports

It is my impression that most domains that have "deployed DMARC" have done 
1b and 3.  I've done 1a, 2a, 3, and a very small amount of 2b.  Only a few 
sites do 4a and even fewer do 4b.

I'm getting the impression that what we need is a non-normative deployment 
guide, not as part of the spec.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email