Re: [dmarc-ietf] Proposed Introduction and Abstract (was I-D Action: draft-ietf-dmarc-dmarcbis-00.txt)
Todd Herr <todd.herr@valimail.com> Thu, 19 November 2020 22:55 UTC
Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 947E13A133E for <dmarc@ietfa.amsl.com>; Thu, 19 Nov 2020 14:55:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t7GUnCBN3f5z for <dmarc@ietfa.amsl.com>; Thu, 19 Nov 2020 14:55:37 -0800 (PST)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8253D3A133D for <dmarc@ietf.org>; Thu, 19 Nov 2020 14:55:37 -0800 (PST)
Received: by mail-qk1-x729.google.com with SMTP id 11so7221635qkd.5 for <dmarc@ietf.org>; Thu, 19 Nov 2020 14:55:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=X/nD672DTsXHiR4lKYZ8WlneakJKWHSglSxwB59rP8o=; b=cZJcJHii8lundcgUyE3CBoCZBmVv2iIksTS/Ueg4L4VG4OBBI0jZC301BqTfuDvafX bPaD9hsFhQvzIldSeCrz4AYDfQlROLQdDtEcknD7ksd965h5I9E8ALwf5JM98+4Cmvek bNQDRWq0bjgdVJgtGBVv6BmzYeH6tr8eUzk0twiyPk/V+1t/rv1lX6dkmK0U5KcTJbTb hahkIXyaDRCLzXlZQYoSvuKks5IQJzcsuAhCPuyeSlKHLi+y43KIFzjpkQoQ2OwPH6i1 M+sCAhqno6fysMkbVFGMThLXThus6T6T/3X6lamj/20qdrTDjyqS22tvye4ctjRKm9Ne tCwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=X/nD672DTsXHiR4lKYZ8WlneakJKWHSglSxwB59rP8o=; b=jsB6yeXbCscGGwhEoomA19BS5FYv4yX9Kos5LuRy6Qvd/bCzl8FLlAKtd6WGOwbIm+ AyLi2USrU0vI397lXp3liD09MruVWIsBndm8boJGaJC9yyQ4JWptfQNMuCBkNArI8JvA rahrLsdj83LuJRN0Xl/qNJ3hJ9tVaqzYm985fCXJvuhWwS8VMSmULDdK9kIg+D2s5Db0 bUSsLXnWjvYI+tW3RIthOXe8bIvlRdJcbWGpnN97UVOHc6nHW1H89YBBK+hgN13nwFAF wkyk7rEn/apiTRxd37OZR5v2zzzkF1u9N2N14/5RmvEI7Qv5Fs6FzK/IwxX4YFxLJ9pY F7OQ==
X-Gm-Message-State: AOAM5337XTpBqhTCZuISfPutis/iMg1azgfF1Chai9pVatQBp5xmOEPX XT2Gr23zMWnPixMyKKp0SSH6jc+aaj0aohCnsGrAWQxDidn20w==
X-Google-Smtp-Source: ABdhPJxx2ZvfFK1gQSSY7z76PEKm4hhvcCNqI5xvqUWpv3IiqxSEfl303fqg2Ujau9CvrwdQFNKOgdeIfqLAPgPfGqc=
X-Received: by 2002:a37:e20d:: with SMTP id g13mr13263828qki.325.1605826536225; Thu, 19 Nov 2020 14:55:36 -0800 (PST)
MIME-Version: 1.0
References: <160513169495.16356.6565556939968267867@ietfa.amsl.com> <CAHej_8=hvo2f6f_d3tYs2xVV1JnGvQsuqxFqJXJKmgfpTiSO3w@mail.gmail.com>
In-Reply-To: <CAHej_8=hvo2f6f_d3tYs2xVV1JnGvQsuqxFqJXJKmgfpTiSO3w@mail.gmail.com>
From: Todd Herr <todd.herr@valimail.com>
Date: Thu, 19 Nov 2020 17:55:20 -0500
Message-ID: <CAHej_8mzRo4cxxLrpeVZTcKC032OexK21=UgNhNDiTcRy713xA@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000043561a05b47da02e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/c1Kxee9xE8Yw4weYbxEN4UqcpHQ>
Subject: Re: [dmarc-ietf] Proposed Introduction and Abstract (was I-D Action: draft-ietf-dmarc-dmarcbis-00.txt)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Nov 2020 22:55:42 -0000
This thread hasn't generated any discussion or momentum yet, and I know that's not because y'all have found the proposed text for the Abstract and Introduction to be acceptable, so I'm going to add the text to this thread and see where the discussion leads. ----------------------------------------------- cut here ---------------------------------------------------- Abstract This document describes the Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocol. DMARC is a scalable mechanism by which a mail-originating organization can express domain-level policies and preferences for message validation, disposition, and reporting. Mail-receiving organizations can in turn use these expressions of policies and preferences to inform their mail handling decisions should they choose to do so. This document obsoletes RFC 7489. [...] 1. Introduction RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH BEFORE PUBLISHING: The source for this draft is maintained in GitHub at: https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-dmarcbis (https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-dmarcbis) The Sender Policy Framework ([RFC7208]) and DomainKeys Identified Mail ([RFC6376]) protocols provide domain-level authentication, and DMARC builds on these protocols. DMARC is designed to give ADminstrative Management Domains (ADMDs) that originate email the ability to publish in a DNS TXT record their email authentication policies, specify preferred handling for mail that fails authentication checks, and request reports about mail purportedly originated by the ADMD, as determined by the RFC5322.From header in the message. As with SPF and DKIM, DMARC authentication checks result in verdicts of "pass" or "fail". A DMARC pass verdict requires not only that SPF or DKIM pass for the message in question, but also that the domain validated by the SPF or DKIM check is aligned with the domain in the RFC5322.From header. In the DMARC protocol, two domains are said to be "in alignment" if they have the same Organizational Domain (a.k.a., relaxed alignment) or they are identical (a.k.a., strict alignment). A DMARC pass verdict asserts only that the RFC5322.From domain has been authenticated in that message; there is no explicit or implied value assertion attributed to a message that receives such a verdict. A mail-receiving organization that performs DMARC validation checks on inbound mail can choose to use the results and the preferences expressed by the originating domain for message disposition to inform its mail handling decision for that message. For messages that pass DMARC validation checks, the mail-receiving organization can be confident in applying handling based on its known history for similarly authenticated messages, whereas messages that fail such checks cannot be reliably associated with a domain with a history of sending DMARC-validated messages. DMARC also describes a reporting framework in which mail-receiving domains can generate regular reports containing data about messages seen that claim to be from domains that publish DMARC policies, and send those reports to the ADMD as requested by its DMARC policy record. Experience with DMARC has revealed some issues of interoperability with email in general that require due consideration before deployment, particularly with configurations that can cause mail to be rejected. These are discussed in Section 9. ----------------------------------------------- cut here ---------------------------------------------------- On Fri, Nov 13, 2020 at 2:54 PM Todd Herr <todd.herr@valimail.com> wrote: > Hi. > > I wanted to call everyone's attention to how draft-ietf-dmarc-dmarcbis-00 > differs from the existing RFC 7489. > > The key differences are as follows: > > - Section 7, DMARC Feedback, has been mostly removed except for a > paragraph that mentions that reporting will be discussed in a different > document (as per current plans) > - Section 9, Privacy Considerations, has been removed (under the > expectation that they'll be discussed in the reporting documents) > - Appendix C, DMARC XML Schema, has been removed (under the > expectation that it'll be discussed in the the reporting documents) > - Remaining target references to "verifying-external-destinations", > "failure-reports", and "aggregate-reports", which were anchors in the > removed sections mentioned above, have been replaced by hand-wavy language > referencing "The DMARC reporting document(s)" > - The Abstract and Introduction section have been rewritten as an > attempt to address issue #80 > <https://trac.ietf.org/trac/dmarc/ticket/80> - *DMARCbis Should Have a > Clear and Concise Definition of DMARC* > > Obviously the text applicable to the first four bullet points above will > evolve over time, and it may not yet be the right time in the process to > discuss those sections. However, the proposed new text for the Abstract and > Introduction is certainly worthy of discussion at this time, I believe. > > On Wed, Nov 11, 2020 at 4:55 PM <internet-drafts@ietf.org> wrote: > >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Domain-based Message Authentication, >> Reporting & Conformance WG of the IETF. >> >> Title : Domain-based Message Authentication, Reporting, >> and Conformance (DMARC) >> Authors : Emil Gustafsson >> Todd M. Herr >> John Levine >> Filename : draft-ietf-dmarc-dmarcbis-00.txt >> Pages : 55 >> Date : 2020-11-11 >> >> Abstract: >> This document describes the Domain-based Message Authentication, >> Reporting, and Conformance (DMARC) protocol. >> >> DMARC is a scalable mechanism by which a mail-originating >> organization can express domain-level policies and preferences for >> message validation, disposition, and reporting. Mail-receiving >> organizations can in turn use these expressions of policies and >> preferences to inform their mail handling decisions should they >> choose to do so. >> >> This document obsoletes RFC 7489. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-dmarc-dmarcbis/ >> >> There is also an HTML version available at: >> https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-00.html >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> >> _______________________________________________ >> I-D-Announce mailing list >> I-D-Announce@ietf.org >> https://www.ietf.org/mailman/listinfo/i-d-announce >> Internet-Draft directories: http://www.ietf.org/shadow.html >> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt >> > > > -- > > *Todd Herr* | Sr. Technical Program Manager > *e:* todd.herr@valimail.com > *p:* 703.220.4153 > > > This email and all data transmitted with it contains confidential and/or > proprietary information intended solely for the use of individual(s) > authorized to receive it. If you are not an intended and authorized > recipient you are hereby notified of any use, disclosure, copying or > distribution of the information included in this transmission is prohibited > and may be unlawful. Please immediately notify the sender by replying to > this email and then delete it from your system. > -- *Todd Herr* | Sr. Technical Program Manager *e:* todd.herr@valimail.com *p:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- [dmarc-ietf] I-D Action: draft-ietf-dmarc-dmarcbi… internet-drafts
- [dmarc-ietf] Proposed Introduction and Abstract (… Todd Herr
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Gene Hightower
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Todd Herr
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Murray S. Kucherawy
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Todd Herr
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Todd Herr
- Re: [dmarc-ietf] Proposed Introduction and Abstra… Todd Herr
- Re: [dmarc-ietf] Proposed Introduction and Abstra… Dave Crocker
- Re: [dmarc-ietf] Proposed Introduction and Abstra… Alessandro Vesely