[dmarc-ietf] Ticket #113 - DMARCbis -01 Introduction Section
Todd Herr <todd.herr@valimail.com> Wed, 05 May 2021 18:49 UTC
Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F09623A1C89 for <dmarc@ietfa.amsl.com>; Wed, 5 May 2021 11:49:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mHvZFFhPqzfu for <dmarc@ietfa.amsl.com>; Wed, 5 May 2021 11:49:11 -0700 (PDT)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E173D3A1C8B for <dmarc@ietf.org>; Wed, 5 May 2021 11:49:10 -0700 (PDT)
Received: by mail-qk1-x729.google.com with SMTP id k127so2568171qkc.6 for <dmarc@ietf.org>; Wed, 05 May 2021 11:49:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:from:date:message-id:subject:to; bh=m5h/qGfm9OpilFDepumJ9YWC8wtUv/tXAhzgsKduKL8=; b=a06bIiRH89CYroHpLm6AqWFw14sOjR+axIYgegV/vsAs3+8Gyah7XRM7Vp+xsKJt81 n8JqowklBws4YS8YfJ6+bREejMx2ncz13kwIa7ytQo4Pc3mdmWnuQKzXGaQFb/374t0i 9uyfLooyI0T/O6FFcXTjShvAktk4XF6wiIGdORfoqwSCLZMfbBXtwdpEN7Ab46aoR0I4 qWpbg74/CW12vI5pg0Rk1XXgc2R1NmYNQlJmdiHfOtRNFp3KWVh27YX7kh4SMUnOSxx5 /yHNY68G/+4dXy7rou2TuYdc4Yim6xEGn+hjC/IVcIVujweq2llz5Lfi74eI3CCXUYqp bqxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=m5h/qGfm9OpilFDepumJ9YWC8wtUv/tXAhzgsKduKL8=; b=LWEQtbp45urwCr6nL//KASekqXcYU+BC2xnzpKiKTQ/dT85IgAq9FIYvO0uSxzPUnj oNXwErGGn1rwxKljXJ8nOZbGbGCZdS83FrkuFhJBhJuNyeb4iTpLCBRCmZd973uELoJE Vztqw3dmsErLkzV6rQ1gYlKNV32hN2YcjVn8gazW0OLAprugEMc2v6hvou8vIlPtIOGF r6iRdExXRtYCZjzcuiQAJK8HAF0RlQPDLljqkwSYLmnU1TbljIj2O+fMuH71N674fqfr t6TwVZHfgT4scGWtGp/+igXBa1/b05HrcAI1mUa5/OsaU0Us1UYx5vTsg3qxyOZwEZLZ q05Q==
X-Gm-Message-State: AOAM532/eriw3Ld5UcnZpB/X0UETbb5MkVcqyFKj9YTKexSz2wwhM+hW ZCJzc/CoBsLQklNtK2R1n4mE0yDOOdLvu4zaUedy48Aei6zaUg==
X-Google-Smtp-Source: ABdhPJybFSqj6pCElIhW9n8kQ+Ti5AyFgM5zG6cWrXyqecjf0qkCpKCO0oWN0WXjh3/N9uwwHljab5ZiF7xYLN1okV8=
X-Received: by 2002:a37:42d3:: with SMTP id p202mr170911qka.456.1620240547565; Wed, 05 May 2021 11:49:07 -0700 (PDT)
MIME-Version: 1.0
From: Todd Herr <todd.herr@valimail.com>
Date: Wed, 05 May 2021 14:48:51 -0400
Message-ID: <CAHej_8mU58N60MLmc4qRrUPjfUojxxv8MFzkwSZRSk5uCE8o6A@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000049e50905c199a625"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/J62QYRld3xV343OC-dBATHKaCE4>
Subject: [dmarc-ietf] Ticket #113 - DMARCbis -01 Introduction Section
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 May 2021 18:49:16 -0000
Greetings. This thread will be used to track discussion of the proposed text for the Introduction section of draft-ietf-dmarc-dmarcbis-01. The proposed text was influenced not only by the original text from draft-ietf-dmarc-dmarcbis-00, but also by tickets 52, 75, 80, 85, 96 and 108. Rather than trying to track changes to the Introduction section through all six of those tickets, a new one (Ticket 113 <https://trac.ietf.org/trac/dmarc/ticket/113>) has been opened. The request from the design team/editors for this ticket is as follows: If you object to some or all of the proposed text, please communicate the part(s) to which you object, and propose replacement text for those part(s). We would like to achieve rough consensus on this section of text by Friday, May 21. Current proposed text follows, and side-by-side diffs with version -00 can be found here <https://www.ietf.org/rfcdiff?url1=draft-ietf-dmarc-dmarcbis-00&url2=draft-ietf-dmarc-dmarcbis-01&difftype=--html> ------------------------------------begin current proposed text ----------------------------------- 1. Introduction The Sender Policy Framework ([RFC7208]) and DomainKeys Identified Mail ([RFC6376]) protocols provide domain-level authentication which is not directly associated with the RFC5322.From domain, and DMARC builds on those protocols. Using DMARC, Domain Owners that originate email can publish a DNS TXT record with their email authentication policies, state their level of concern for mail that fails authentication checks, and request reports about email use of the domain name. Similarly, Public Suffix Operators (PSOs) may do the same for PSO Controlled Domain Names and non-existent subdomains of the PSO Controlled Domain Name. As with SPF and DKIM, DMARC authentication checks result in verdicts of "pass" or "fail". A DMARC pass verdict requires not only that SPF or DKIM pass for the message in question, but also that the domain validated by the SPF or DKIM check is aligned with the RFC5322.From domain. In the DMARC protocol, two domains are said to be "in alignment" if they have the same Organizational Domain. A DMARC pass result indicates only that the RFC5322.From domain has been authenticated in that message; there is no explicit or implied value assertion attributed to a message that receives such a verdict. A mail-receiving organization that performs a DMARC validation check on inbound mail can choose to use the result and the published severity of concern expressed by the Domain Owner or PSO for authentication failures to inform its mail handling decision for that message. For a mail-receiving organization supporting DMARC, a message that passes validation is part of a message stream that is reliably associated with the Domain Owner and/or any, some, or all of the Authenticated Identifiers. Therefore, reputation assessment of that stream by the mail-receiving organization does not need to be encumbered by accounting for unauthorized use of any domains. A message that fails this validation cannot reliably be associated with the Domain Owner's domain and its reputation. DMARC, in the associated [DMARC-Aggregate-Reporting] and [DMARC-Failure-Reporting] documents, also describes a reporting framework in which mail-receiving domains can generate regular reports containing data about messages seen that claim to be from domains that publish DMARC policies, and send those reports to one or more addresses as requested by the Domain Owner's or PSO's DMARC policy record. Experience with DMARC has revealed some issues of interoperability with email in general that require due consideration before deployment, particularly with configurations that can cause mail to be rejected. These are discussed in Section 9. -------------------------------------end current proposed text ----------------------------------- Thank you for your time. -- *Todd Herr* | Sr. Technical Program Manager *e:* todd.herr@valimail.com *m:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- [dmarc-ietf] Ticket #113 - DMARCbis -01 Introduct… Todd Herr
- Re: [dmarc-ietf] Ticket #113 - DMARCbis -01 Intro… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #113 - DMARCbis -01 Intro… Todd Herr
- Re: [dmarc-ietf] Ticket #113 - DMARCbis -01 Intro… Dotzero
- Re: [dmarc-ietf] Ticket #113 - DMARCbis -01 Intro… Dave Crocker
- Re: [dmarc-ietf] Ticket #113 - DMARCbis -01 Intro… Dave Crocker
- Re: [dmarc-ietf] Ticket #113 - DMARCbis -01 Intro… Dave Crocker
- Re: [dmarc-ietf] Ticket #113 - DMARCbis -01 Intro… Dave Crocker
- Re: [dmarc-ietf] Ticket #113 - DMARCbis -01 Intro… Todd Herr