[dmarc-ietf] Ticket #113 - DMARCbis -01 Introduction Section

Todd Herr <todd.herr@valimail.com> Wed, 05 May 2021 18:49 UTC

Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F09623A1C89 for <dmarc@ietfa.amsl.com>; Wed, 5 May 2021 11:49:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mHvZFFhPqzfu for <dmarc@ietfa.amsl.com>; Wed, 5 May 2021 11:49:11 -0700 (PDT)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E173D3A1C8B for <dmarc@ietf.org>; Wed, 5 May 2021 11:49:10 -0700 (PDT)
Received: by mail-qk1-x729.google.com with SMTP id k127so2568171qkc.6 for <dmarc@ietf.org>; Wed, 05 May 2021 11:49:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:from:date:message-id:subject:to; bh=m5h/qGfm9OpilFDepumJ9YWC8wtUv/tXAhzgsKduKL8=; b=a06bIiRH89CYroHpLm6AqWFw14sOjR+axIYgegV/vsAs3+8Gyah7XRM7Vp+xsKJt81 n8JqowklBws4YS8YfJ6+bREejMx2ncz13kwIa7ytQo4Pc3mdmWnuQKzXGaQFb/374t0i 9uyfLooyI0T/O6FFcXTjShvAktk4XF6wiIGdORfoqwSCLZMfbBXtwdpEN7Ab46aoR0I4 qWpbg74/CW12vI5pg0Rk1XXgc2R1NmYNQlJmdiHfOtRNFp3KWVh27YX7kh4SMUnOSxx5 /yHNY68G/+4dXy7rou2TuYdc4Yim6xEGn+hjC/IVcIVujweq2llz5Lfi74eI3CCXUYqp bqxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=m5h/qGfm9OpilFDepumJ9YWC8wtUv/tXAhzgsKduKL8=; b=LWEQtbp45urwCr6nL//KASekqXcYU+BC2xnzpKiKTQ/dT85IgAq9FIYvO0uSxzPUnj oNXwErGGn1rwxKljXJ8nOZbGbGCZdS83FrkuFhJBhJuNyeb4iTpLCBRCmZd973uELoJE Vztqw3dmsErLkzV6rQ1gYlKNV32hN2YcjVn8gazW0OLAprugEMc2v6hvou8vIlPtIOGF r6iRdExXRtYCZjzcuiQAJK8HAF0RlQPDLljqkwSYLmnU1TbljIj2O+fMuH71N674fqfr t6TwVZHfgT4scGWtGp/+igXBa1/b05HrcAI1mUa5/OsaU0Us1UYx5vTsg3qxyOZwEZLZ q05Q==
X-Gm-Message-State: AOAM532/eriw3Ld5UcnZpB/X0UETbb5MkVcqyFKj9YTKexSz2wwhM+hW ZCJzc/CoBsLQklNtK2R1n4mE0yDOOdLvu4zaUedy48Aei6zaUg==
X-Google-Smtp-Source: ABdhPJybFSqj6pCElIhW9n8kQ+Ti5AyFgM5zG6cWrXyqecjf0qkCpKCO0oWN0WXjh3/N9uwwHljab5ZiF7xYLN1okV8=
X-Received: by 2002:a37:42d3:: with SMTP id p202mr170911qka.456.1620240547565; Wed, 05 May 2021 11:49:07 -0700 (PDT)
MIME-Version: 1.0
From: Todd Herr <todd.herr@valimail.com>
Date: Wed, 5 May 2021 14:48:51 -0400
Message-ID: <CAHej_8mU58N60MLmc4qRrUPjfUojxxv8MFzkwSZRSk5uCE8o6A@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000049e50905c199a625"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/J62QYRld3xV343OC-dBATHKaCE4>
Subject: [dmarc-ietf] Ticket #113 - DMARCbis -01 Introduction Section
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 May 2021 18:49:16 -0000

Greetings.

This thread will be used to track discussion of the proposed text for the
Introduction section of draft-ietf-dmarc-dmarcbis-01.

The proposed text was influenced not only by the original text from
draft-ietf-dmarc-dmarcbis-00, but also by tickets 52, 75, 80, 85, 96 and
108. Rather than trying to track changes to the Introduction section
through all six of those tickets, a new one (Ticket 113
<https://trac.ietf.org/trac/dmarc/ticket/113>) has been opened.

The request from the design team/editors for this ticket is as follows:

If you object to some or all of the proposed text, please communicate the
part(s) to which you object, and propose replacement text for those part(s).

We would like to achieve rough consensus on this section of text by Friday,
May 21.

Current proposed text follows, and side-by-side diffs with version -00 can
be found here
<https://www.ietf.org/rfcdiff?url1=draft-ietf-dmarc-dmarcbis-00&url2=draft-ietf-dmarc-dmarcbis-01&difftype=--html>


------------------------------------begin current proposed text
-----------------------------------
1. Introduction

   The Sender Policy Framework ([RFC7208]) and DomainKeys Identified

   Mail ([RFC6376]) protocols provide domain-level authentication which

   is not directly associated with the RFC5322.From domain, and DMARC

   builds on those protocols.  Using DMARC, Domain Owners that originate

   email can publish a DNS TXT record with their email authentication

   policies, state their level of concern for mail that fails

   authentication checks, and request reports about email use of the

   domain name.  Similarly, Public Suffix Operators (PSOs) may do the

   same for PSO Controlled Domain Names and non-existent subdomains of

   the PSO Controlled Domain Name.

   As with SPF and DKIM, DMARC authentication checks result in verdicts

   of "pass" or "fail".  A DMARC pass verdict requires not only that SPF

   or DKIM pass for the message in question, but also that the domain

   validated by the SPF or DKIM check is aligned with the RFC5322.From

   domain.  In the DMARC protocol, two domains are said to be "in

   alignment" if they have the same Organizational Domain.

   A DMARC pass result indicates only that the RFC5322.From domain has

   been authenticated in that message; there is no explicit or implied

   value assertion attributed to a message that receives such a verdict.

   A mail-receiving organization that performs a DMARC validation check

   on inbound mail can choose to use the result and the published

   severity of concern expressed by the Domain Owner or PSO for

   authentication failures to inform its mail handling decision for that

   message.


   For a mail-receiving organization supporting DMARC, a message that

   passes validation is part of a message stream that is reliably

   associated with the Domain Owner and/or any, some, or all of the

   Authenticated Identifiers.  Therefore, reputation assessment of that

   stream by the mail-receiving organization does not need to be

   encumbered by accounting for unauthorized use of any domains.  A

   message that fails this validation cannot reliably be associated with

   the Domain Owner's domain and its reputation.

   DMARC, in the associated [DMARC-Aggregate-Reporting] and

   [DMARC-Failure-Reporting] documents, also describes a reporting

   framework in which mail-receiving domains can generate regular

   reports containing data about messages seen that claim to be from

   domains that publish DMARC policies, and send those reports to one or

   more addresses as requested by the Domain Owner's or PSO's DMARC

   policy record.


   Experience with DMARC has revealed some issues of interoperability

   with email in general that require due consideration before

   deployment, particularly with configurations that can cause mail to
   be rejected.  These are discussed in Section 9.
-------------------------------------end current proposed text
-----------------------------------

Thank you for your time.

-- 

*Todd Herr* | Sr. Technical Program Manager
*e:* todd.herr@valimail.com
*m:* 703.220.4153

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.