IETF Logo Mail Archive

Re: [dmarc-ietf] Issue opened: Use a four-valued token for the four roles of a DMARC policy

Douglas Foster <dougfoster.emailstandards@gmail.com> Mon, 29 August 2022 11:50 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFE26C152578 for <dmarc@ietfa.amsl.com>; Mon, 29 Aug 2022 04:50:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MIMlyfTiWK6Z for <dmarc@ietfa.amsl.com>; Mon, 29 Aug 2022 04:50:30 -0700 (PDT)
Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com [IPv6:2607:f8b0:4864:20::32e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E15FC152575 for <dmarc@ietf.org>; Mon, 29 Aug 2022 04:50:30 -0700 (PDT)
Received: by mail-ot1-x32e.google.com with SMTP id v2-20020a056830090200b006397457afecso5025695ott.13 for <dmarc@ietf.org>; Mon, 29 Aug 2022 04:50:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc; bh=pClyHulk71KxJv/tdKXIMoWQv/3qzG+XMfykjv0IMoM=; b=op9v/6WuB0qK6KIpqxckRDTYcVsvKF6cquxBCzLRDRmzf2mJcNeMsdpTD9gyqJNlqp ZX5lxqsZ+Az2v7Huaa3D879F4v6XyUCLM79viOqV7hK2XqPFxbnaBBS9HmA4t1h0vhYP BuiZnkcHsif7/ptw9LckZdBGXmuhbuUh1voV1obURoYHGVrxg/KeY0Txu/F/7ferVYVF n6k3YuOWh/7mPdvcrJtOUtQW5KY9LwFzcwVVV8Nx+kiKKqsdAP1ZCnLBQRHIkLAeyFBf gPDnZ1A0fjVS9+4YdrPCAEb22JjUFLKwuGJ1q50Eds8cCUa/fcITIhP+WdJhLXVw8uSj 7HQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc; bh=pClyHulk71KxJv/tdKXIMoWQv/3qzG+XMfykjv0IMoM=; b=DLjhUabfw/JMOg+2ukBeaPuWWRjtnXcKq9rbmDgvZtUxV+cAHpwxTrqvCun+yqgdZ1 kKto4r41VbwRHUjdTkCNhe/vCuurpM3/oiPNJusPp0PhREnN+diYuqPewbils4nJTlRG AxHgURazrWbHfS6vn6o8SVzV3Lq/NbBhjJ6TJ5wqve0TrzW+hgxVQhvcR4DUKCxXZE23 9vK7nlAtK+sWKHaSRPzeY2jNahK/T+pXabZras0+Q+pkXN6GBEkCNCsSY97On+9qokXd 7KH0SYchZzT6ldWBcMqTc4ofCNQcv+HvTrEJ6yZM6bTL84eNy574tf9/GFTZD+Xv3Wo/ jygg==
X-Gm-Message-State: ACgBeo1+4+9DRO6OEzdl3BRJm2GuAzz9VlwGySUt+OjyvgfFZom93+gD Ll3Z1Yaj1P5wEiaHGYd3H4QKv5ZbA5Wwhw3aVsJCmNfN0wY=
X-Google-Smtp-Source: AA6agR5iB1+TfrI4vlD1UZCP1M8sFDwqhm8ERu89af66+w4HsLEcqrF2trTNaoCPfow4OZca1R0GtVg/Ja99nEqhXb8=
X-Received: by 2002:a05:6830:61ce:b0:63b:1a17:ebb0 with SMTP id cc14-20020a05683061ce00b0063b1a17ebb0mr4214605otb.82.1661773828700; Mon, 29 Aug 2022 04:50:28 -0700 (PDT)
MIME-Version: 1.0
References: <CAH48Zfy7hwRNsFbufA1nfFhC8takoipRY298oNO9RpHCaKuZaA@mail.gmail.com> <CAD2i3WMH-s0BL9R8pMORmFi0s_hjsA9B+JEEwDagWkSiteeSuA@mail.gmail.com> <CALaySJLH0NhDk1PMUog45=5YFdy5=TyZZ8uX8_gthVAhxvgUOQ@mail.gmail.com> <CAH48ZfxYbLWrqima5pz2LMngi9TXAFV4smDt9JHLiu8bDS4yXg@mail.gmail.com> <CALaySJL6Dzzm4sM8XTGWGs6ayC4tGmv2Qf9x38NvbjMC61ADcA@mail.gmail.com> <CAH48ZfzeKu_r2zbmBznw+JASp-vg2u9B0aXoh-ouDmzRyONoZw@mail.gmail.com> <8F21F0C0-D9F5-4677-A3D0-1039AC04A540@kitterman.com>
In-Reply-To: <8F21F0C0-D9F5-4677-A3D0-1039AC04A540@kitterman.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Mon, 29 Aug 2022 07:50:18 -0400
Message-ID: <CAH48ZfxTMu1O1=1BsR3Nvyfer6b5LK77+Xcg-5FLjOQ9k80-VQ@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c1bfb605e75fde03"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/NCzD7Y__zvPc-5Geg_x0EBlFbAA>
Subject: Re: [dmarc-ietf] Issue opened: Use a four-valued token for the four roles of a DMARC policy
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Aug 2022 11:50:31 -0000

Not strongly opinionated about location.

For the first insertion:  Since the definition of psd=n  occurs in the
policy record, and after the tree walk, this seems to fit in with the psd=n
definition.

Some organizations have subtrees within their DNS structure that represent
client sub-organizations, which are unaffiliated for purposes of relaxed
authentication.   Before putting a PSD=N tag on an organizational domain
policy, the domain owner MUST ensure that all sub-organization boundaries
are properly identifiable.   Identification can be accomplished by placing
a PSD=Y tag on the domain which is the parent of the sub-organizations, by
placing a PSD=Y tag on the organizational domain of every client
sub-organization, or both.


For the second insertion:  Also append it to the definition of psd=y.  If
the tree walk description was more algorithmic, I would place the second
paragraph with the description of how the initial exact-match policy is
handled, but that is not an option.

"Most registrar domains are self-contained, meaning that the parent domain
is a PSD and child domains are PSDs or unaffiliated organizations or PSDs.
When this is the case, the domain owner should publish PSD=Y as well as
askim=s and aspf=s.   This ensures that the Tree Walk will terminate and
use the current domain policy as the default policy.

When a registrar and its parent are in the same organization, and the
organization sends mail, DMARC policies using relaxed alignment may be
desired.  When "psd=y" is encountered on the initial exact-match domain,
and relaxed alignment is specified, the "psd=y" term is ignored and the
Tree Walk is used to find the parent record which is the organizational
domain."

df

On Sun, Aug 28, 2022 at 5:16 PM Scott Kitterman <sklist@kitterman.com>
wrote:

> Where in the document are you proposing this text be added?
>
> Scott K
>
> On August 28, 2022 9:04:18 PM UTC, Douglas Foster <
> dougfoster.emailstandards@gmail.com> wrote:
> >I have stewed on the issues more while mowing the lawn.   The language
> >below will address my concerns without changing the PSD=value token.
> >
> >
> >
> >Certainty
> >
> >Certainty can be achieved by adding constraints to the “psd=n” token:
> >
> >“Some organizations have subtrees within their DNS structure that
> represent
> >client sub-organizations, which are unaffiliated for purposes of relaxed
> >authentication.   Before putting a PSD=N tag on an organizational domain
> >policy, the domain owner MUST ensure that all sub-organization boundaries
> >are properly identifiable.   Identification can be accomplished by placing
> >a PSD=Y tag on the domain which is the parent of the sub-organizations, by
> >placing a PSD=Y tag on the organizational domain of every client
> >sub-organization, or both.”
> >
> >
> >
> >PSD=Y+N vs. PSD=Y only
> >
> >More than 90% of all PSL entries are both PSD=N (organization top) and
> >PSD=Y (registration point).   I am looking to ensure that both types of
> >registrars have a way to publish DMARC policies that do not depend on the
> >configuration of parent domains.   I think this will suffice:
> >
> >“Most registrar domains are self-contained, meaning that the parent domain
> >is a PSD and child domains are PSDs or unaffiliated organizations or PSDs.
> >When this is the case, the domain owner should publish PSD=Y as well as
> >askim=s and aspf=s.   This ensures that the Tree Walk will terminate and
> >use the current domain policy as the default policy.”
> >
> >When a registrar and its parent are in the same organization, and the
> >organization sends mail, DMARC policies using relaxed alignment may be
> >desired.   When “psd=y” is encountered on the initial exact-match domain,
> >and relaxed alignment is specified, the “psd=y” term is ignored and the
> >Tree Walk is used to find the parent record which is the organizational
> >domain.”
> >
> >
> >
> >DF
> >
> >On Sun, Aug 28, 2022 at 4:10 PM Barry Leiba <barryleiba@computer.org>
> wrote:
> >
> >> Thanks for that, Doug.
> >>
> >> The part that’s missing is in relation to this: “keeping in mind that
> >> we’ve already established that the current PSD= tag is needed in only a
> >> very small number of domains”.
> >>
> >> If things were truly open-ended, there might be more agreement with you.
> >> But the fact that, using the PSL as a guide, we can easily count the
> number
> >> of domains that will have to add a PSD tag, it’s hard to see an actual
> >> (rather than theoretical) benefit from this change.  Your proposal is
> also
> >> subject to errors when domains that need to use it fail to.  But the
> bottom
> >> line is that in either case, *very* few domains are affected.
> >>
> >> If the text in the document now is unclear and likely to cause errors of
> >> confusion, we should address that, clearly.  But I have to agree with
> >> Scott, John, and Mike in that I don’t see a real-world benefit either.
> >>
> >> Barry
> >>
> >> On Sun, Aug 28, 2022 at 3:03 PM Douglas Foster <
> >> dougfoster.emailstandards@gmail.com> wrote:
> >>
> >>> The PSL has two problems:
> >>> - It removes control of relaxed authentication boundaries from the
> domain
> >>> owners.
> >>> - It is subject to errors which can cause both false PASS and false
> FAIL
> >>> - The possibility of errors means that evaluators cannot be certain
> >>> whether PASS and FAIL can be trusted.   This is irrespective of the
> >>> decision whether a PASS should or FAIL result should be actionable.
> >>>
> >>> The PSD=token has similar problems:
> >>> - It depends primarily on registrars to define organizational
> boundaries
> >>> - It is subject to false PASS errors when registrar boundaries are not
> >>> tagged.
> >>> - It has ambiguity PSD=Y ONLY and PSD=Y+N domains, and I see that
> >>> ambiguity as likely to cause errors in policy tagging, software, or
> both.
> >>> - The possibility of errors means that evaluators cannot be certain
> >>> whether PASS and FAIL can be trusted.   This is irrespective of the
> >>> decision whether a PASS should or FAIL result should be actionable.
> >>>
> >>> The Boundary=Token proposal is a reworking of the role=(tokens)
> proposal
> >>> that Ale introduced a long time ago.  It does not change the logic to
> be
> >>> used when tokens are missing, so it is not more or less incompatible
> than
> >>> the current document.   But it does provide domain owners with the
> ability
> >>> to fully document their configuration, which gives them the control
> which
> >>> is fundamental to the general DMARC concept.   When the policy roles
> are
> >>> explicit, the evaluator has confidence that the result is error-free,
> >>> because the domain owner has explicitly asserted the information
> needed to
> >>> make that conclusion.
> >>>
> >>> As a fundamental design issue, I have a problem with using a two-state
> >>> semaphore to represent a four-state reality.
> >>>
> >>> This document provides heuristics for working around missing data.
>  The
> >>> heuristic is plausible, and the proponents of PSD=token consider this a
> >>> final state.   I consider it a transitional state.  I believe our final
> >>> state should be one where organizational boundaries are based on
> explicit
> >>> domain owner information, not on guesswork.   I don't see how a
> standards
> >>> track document would not define error-free results as the intended
> final
> >>> state.
> >>>
> >>> Allowing domain owners to voluntarily add token to their DMARC policy,
> in
> >>> exchange for gaining full control of relaxed alignment, seems both
> >>> acceptable ask and appropriate.
> >>>
> >>> Doug Foster
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> On Sat, Aug 27, 2022 at 6:22 PM Barry Leiba <barryleiba@computer.org>
> >>> wrote:
> >>>
> >>>> Seth is right here: Doug, your message doesn't comply with what I've
> >>>> asked people to do, in two ways: it's asking for a change to something
> >>>> we already have consensus on and it's not proposing specific text
> >>>> changes.
> >>>>
> >>>> That said, there are two mitigating factors.  For the latter, the
> >>>> request is specific enough that I think there's enough detail to
> >>>> discuss it.
> >>>>
> >>>> For the former, the PSD= feature is new enough, and our participation
> >>>> level has gotten low enough that it's difficult to say how strong the
> >>>> consensus is on that point, and I think it's reasonable to have
> >>>> another look.  I've discussed this with Seth since his message below,
> >>>> and I'm allowing this issue to be opened for discussion, BUT...
> >>>>
> >>>> ...BUT let's keep the discussion focused and productive: I will cut it
> >>>> off at some point, so it's important that everyone in the discussion
> >>>> make their points clear and concise.
> >>>>
> >>>> John has replied that this is incompatible.  Yes, but PSD= is also, at
> >>>> some level, incompatible... though far less so.  So here's one thing
> >>>> I'd like to see discussed:
> >>>>
> >>>> - Doug, please clearly and concisely explain what benefit this has
> >>>> over the current PSD= tag that makes the incompatibility with existing
> >>>> implementations worth it.
> >>>>
> >>>> - If you disagree with Doug's proposal, please clearly and concisely
> >>>> explain why the benefit he is proposing is not useful enough to
> >>>> introduce the incompatibility.
> >>>>
> >>>> Barry
> >>>>
> >>>> On Sat, Aug 27, 2022 at 3:01 PM Seth Blank <seth@sethblank.com>
> wrote:
> >>>> >
> >>>> > Doug, Barry's email sent as Chair was clear and specific:
> >>>> >
> >>>> > On Fri, Aug 26, 2022 at 8:33 AM Barry Leiba <
> barryleiba@computer.org>
> >>>> wrote:
> >>>> >>
> >>>> >> We have come to a point in our discussions of
> >>>> >> draft-ietf-dmarc-dmarcbis that the basic content and features of
> DMARC
> >>>> >> are stable and have rough consensus.  Coupling that with the
> >>>> >> expectation, as in the working group's charter, that changes to the
> >>>> >> protocol that break interoperability with installed base need
> detailed
> >>>> >> justification, I think we need to be clear on how to go forward as
> we
> >>>> >> finish up.
> >>>> >>
> >>>> >> At this point, again, we consider the content and features to be
> >>>> >> stable, and changes to that are no longer in scope.
> >>>> >
> >>>> >
> >>>> > What you raise as alternative token design goes counter to this
> clean
> >>>> line.
> >>>> >
> >>>> > Further, we're at the point of the bis project, as Barry also points
> >>>> out, where we expect comments to be accompanied by text suggestions,
> >>>> preferably in an OLD/NEW format.
> >>>> >
> >>>> > Doug, if you believe there is an issue here within scope of the
> text I
> >>>> quoted from Barry, please cite the section and text in the document
> and
> >>>> propose updated language.
> >>>> >
> >>>> > Otherwise, the time for topics like these has come and gone.
> >>>> >
> >>>> > Seth, as Chair
> >>>> >
> >>>> > On Fri, Aug 26, 2022 at 8:08 PM Douglas Foster <
> >>>> dougfoster.emailstandards@gmail.com> wrote:
> >>>> >>
> >>>> >> Alternative token design.
> >>>> >>
> >>>> >>
> >>>> >> Boundary=A (Above only)
> >>>> >>
> >>>> >> Literal: The domain owner asserts that an
> >>>> organizational/administrative boundary exists between the current
> domain
> >>>> and its parent, meaning the domain and its parents are not aligned for
> >>>> relaxed authentication. No boundary exists immediately below this
> domain,
> >>>> so its child domains are aligned with it for relaxed authentication.
> >>>> >> Role: An Organizational Domain
> >>>> >> PSL Equivalent representation: The domain does not exist in the
> PSL,
> >>>> or is listed with negation. The parent domain is listed in the PSL,
> and
> >>>> without negation.
> >>>> >> Tree walk significance: The tree walk always stops on Boundary=A,
> as
> >>>> this domain is the organizational domain and provides the default
> policy.
> >>>> >> PSD=token equivalent: “psd=n”
> >>>> >>
> >>>> >>
> >>>> >> Boundary=N (None, Neither)
> >>>> >>
> >>>> >> Literal: That domain owner asserts that the domain does not have
> any
> >>>> adjacent organizational/administrative boundaries.
> >>>> >> Role: An organizational subdomain.
> >>>> >> PSL Equivalent representation: : The domain does not exist in the
> >>>> PSL. The parent domain is also not listed, or listed with negation.
> >>>> >> Tree walk significance: The domain owner has indicated awareness of
> >>>> DMARCbis. The tree walk will end on domain with a DMARC policy and a
> >>>> “Boundary=A” term. If an explicitly tagged organizational domain
> policy is
> >>>> not found, the result is PERMERROR and the evaluator is recommended
> to fall
> >>>> back to strict alignment.
> >>>> >> PSD=token equivalent: None
> >>>> >>
> >>>> >>
> >>>> >> Boundary=2 (Both above and below)
> >>>> >>
> >>>> >> Literal: The domain owner asserts that an
> >>>> organizational/administrative boundary exists both immediately above
> and
> >>>> immediately below this domain. Consequently, an exact match is
> required for
> >>>> alignment.
> >>>> >> Role: All Public Suffix Domains and many Private Registry domains.
> >>>> >> PSL Equivalent: Both the current domain and its parent are listed
> in
> >>>> the PSL, both without negation.
> >>>> >> Tree walk significance: The tree walks stops. If this is the
> >>>> exact-match domain, the organizational domain and default policy are
> from
> >>>> this record. If this domain is encountered subsequently during the
> tree
> >>>> walk, the walk stops, the current domain policy is the default policy
> but
> >>>> the immediately lower child domain is the organizational domain for
> relaxed
> >>>> alignment.
> >>>> >> PSD=token equivalent: Nothing provides a complete equivalence, but
> >>>> PSL=Y is used as an approximation.
> >>>> >>
> >>>> >>
> >>>> >> Boundary=B (Below only)
> >>>> >>
> >>>> >> Literal: The domain owner asserts that an
> >>>> organizational/administrative boundary exist between this domain and
> its
> >>>> child domains, so its child domains are not aligned for relaxed
> >>>> authentication. No organizational/administrative boundary exists
> above this
> >>>> domain, so this domain can participate in relaxed alignment with its
> >>>> immediate parent.
> >>>> >> Role: A private registry whose parent domain is in the same
> >>>> organization.
> >>>> >> PSL Equivalent: The current domain is listed in the “Private
> >>>> Registry” section of the PSL, without negation. The parent domain is
> not
> >>>> listed at all.
> >>>> >> Tree walk significance: If encountered on the exact-match domain,
> the
> >>>> domain is treated the same as “Boundary=N”, and the tree walk proceeds
> >>>> upward. If encountered subsequently during the tree walk, the domain
> is
> >>>> treated the same as “Boundary=2”: the Tree Walk stops, the current
> domain
> >>>> policy becomes the default policy but the immediately lower child
> domain is
> >>>> the organizational domain for relaxed alignment.
> >>>> >> PSD=token equivalent: : Nothing provides a complete equivalence,
> but
> >>>> PSL=Y is used as an approximation.
> >>>> >>
> >>>> >>
> >>>> >> DMARC policy with no Boundary=token term
> >>>> >>
> >>>> >> Literal: The domain owner has not added new information in support
> of
> >>>> DMARCbis to his policy. The presence or absence of
> >>>> organizational/administrative boundaries must be inferred.
> >>>> >> Role: Not stated and therefore not known with certainty.
> >>>> >> PSL Equivalent: None. The PSL lookup always returns a result.
> >>>> >> Tree Walk significance: Information about this policy is stored,
> the
> >>>> Tree Walk continues upward, and an inference is made when the Tree
> Walk is
> >>>> complete.
> >>>> >> PSD=token equivalent: “psd=u”
> >>>> >>
> >>>> >>
> >>>> >> Domain with no DMARC policy
> >>>> >>
> >>>> >> Literal: The domain owner has not attached a DMARC policy to the
> >>>> current domain.
> >>>> >> Role: Not stated and therefore not known with certainty.
> >>>> >> PSL Equivalent: None. The PSL lookup always returns a result.
> >>>> >> Tree Walk significance: Information about this policy is stored,
> the
> >>>> Tree Walk continues upward, and an inference is made when the Tree
> Walk is
> >>>> complete.
> >>>> >> PSD=token equivalent: Not applicable. Since no policy is present,
> no
> >>>> tokens are present in that policy.
> >>>> >>
> >>>> >> _______________________________________________
> >>>> >> dmarc mailing list
> >>>> >> dmarc@ietf.org
> >>>> >> https://www.ietf.org/mailman/listinfo/dmarc
> >>>> >
> >>>> > _______________________________________________
> >>>> > dmarc mailing list
> >>>> > dmarc@ietf.org
> >>>> > https://www.ietf.org/mailman/listinfo/dmarc
> >>>>
> >>> _______________________________________________
> >>> dmarc mailing list
> >>> dmarc@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/dmarc
> >>>
> >>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email