[dmarc-ietf] Ticket #80 - DMARCbis Should Have Clear and Concise Definition of DMARC
Todd Herr <todd.herr@valimail.com> Wed, 30 December 2020 21:58 UTC
Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20F863A0994 for <dmarc@ietfa.amsl.com>; Wed, 30 Dec 2020 13:58:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tFaLXmjFd8dp for <dmarc@ietfa.amsl.com>; Wed, 30 Dec 2020 13:58:12 -0800 (PST)
Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8D083A0949 for <dmarc@ietf.org>; Wed, 30 Dec 2020 13:58:11 -0800 (PST)
Received: by mail-qk1-x734.google.com with SMTP id 186so15093626qkj.3 for <dmarc@ietf.org>; Wed, 30 Dec 2020 13:58:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:from:date:message-id:subject:to; bh=nVYW67o9/5GZ6x5RZrLPFuizG5+uXpQ36q4bwsg4ytk=; b=HN25rCno9mBcWrLACKM6IkybC+uBbfDBXKk709dA8xDSiDR8nRwj/s+lmPqULjonXW gz2iNUXz43WO3JR1fNAYYvGgf1izms3dIFNFydbKstSAW7tKO02cqn8rON+piEeYMOH1 yolMLZTFVFrQsYUDlMCXlFl2ckY5Vw/as66jxgl2e+QipsuA1lalFm8jw2hXslUuzJbj LJ0Bjwm9Brcrpub5cSq5OgcakaMTrgMu60vZHKzMwCGb1XVrKQp9+E69XlW+892ACKom 1bvDJ6DohYt09fMbF9BwWB4hdti23omYiVeul6mCfixLBp0AsLCysb+8GqIIraEfr2tf ZRPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=nVYW67o9/5GZ6x5RZrLPFuizG5+uXpQ36q4bwsg4ytk=; b=KSz47R2Jwr9cUi7gWBU37t/CdA71LjdtJssn9h4vK6mtONrIsrIkWjPx6z71l7i9Bu UrQde7lADCow8P4YUqaSafXI+lZA6PO1AbPU1r3MRwUGvZFZDpGBueq5A6dqgMPXx8yA +Yn069BUrSYhenQJIEEM+wpd+Jl86AjSyNAYWwRWRDyht2adZ4GZbnfDf0hJ4/Hv6Zcz PoSiubuYetKsjLRVQucAd/16ztEMt5/rIosIhZk2BFXyn9klIN+oDY0kYUmETA0OnpMf 8y46xh6/TI4WS67q+Bf73XXzRABoUqwenR8pa7PudB157TRU4JS+WgOVNhi0A6nbHldk PVAg==
X-Gm-Message-State: AOAM531I4iYQf7pO/Prv+dDbcOlyEGF+Axtl5gz2BwtAn7CeUMNqTWqz 96+ehiGFmEKMMTheyrRgPM0kU2eRnqjblBlVrKxhA5VxyTY=
X-Google-Smtp-Source: ABdhPJxKbs8d5aqGusYR2L+IJVeRDVQ8x06sPBb7obo28t2fTemK/jx/VqI1BXiHRam5aOwG1AeOTSjNKL+zbDnR+u8=
X-Received: by 2002:a37:a058:: with SMTP id j85mr56963865qke.387.1609365490246; Wed, 30 Dec 2020 13:58:10 -0800 (PST)
MIME-Version: 1.0
From: Todd Herr <todd.herr@valimail.com>
Date: Wed, 30 Dec 2020 16:57:54 -0500
Message-ID: <CAHej_8kkuQR3_LiV_O5Z-EPvVeZrdTPvCiK7rOmWKxQKsp=6pA@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005c3e7505b7b59a1f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/xhUuxDT3KYJfT1CPHuO-L131Vyc>
Subject: [dmarc-ietf] Ticket #80 - DMARCbis Should Have Clear and Concise Definition of DMARC
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Dec 2020 21:58:14 -0000
In mid-November, I shared some proposed text for new Abstract and Introduction sections - https://mailarchive.ietf.org/arch/msg/dmarc/wNE-cvIWQ3PXrM-42SozSocnnxs/ Dave Crocker submitted some suggestions on-list, and I noodled a bit with the text myself, and submit the following for your collective consideration: Abstract This document describes the Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocol. DMARC permits the owner of an author's domain name to enable validation of the domain's use, to indicate the implication of failed validation, and to request reports about use of the domain name. Mail receiving organizations can use this information when evaluating disposition choices for incoming mail. This document obsoletes RFC 7489. [...] 1. Introduction RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH BEFORE PUBLISHING: The source for this draft is maintained in GitHub at: https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-dmarcbis (https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-dmarcbis) The Sender Policy Framework ([RFC7208]) and DomainKeys Identified Mail ([RFC6376]) protocols provide domain-level authentication which is not directly associated with the RFC5322.From domain, and DMARC builds on those protocols. Using DMARC, Domain Owners that originate email can publish a DNS TXT record with their email authentication policies, preferred handling for mail that fails authentication checks, and request reports about use of the domain name. As with SPF and DKIM, DMARC authentication checks result in verdicts of "pass" or "fail". A DMARC pass verdict requires not only that SPF or DKIM pass for the message in question, but also that the domain validated by the SPF or DKIM check is aligned with the domain in the RFC5322.From header. In the DMARC protocol, two domains are said to be "in alignment" if they have the same Organizational Domain (a.k.a., relaxed alignment) or they are identical (a.k.a., strict alignment). A DMARC pass result indicates only that the RFC5322.From domain has been authenticated in that message; there is no explicit or implied value assertion attributed to a message that receives such a verdict. A mail-receiving organization that performs a DMARC validation check on inbound mail can choose to use the result and the published assessment by the originating domain for message disposition to inform its mail handling decision for that message. For a mail- receiving organization supporting DMARC, a message that passes validation is part of a message stream that is reliably associated with the domain owner. Therefore reputation assessment of that stream by the mail-receiving organization does not need to be encumbered by accounting for unauthorized use of the domain. A message that fails this validation cannot reliably be associated with the aligned domain and its reputation. DMARC also describes a reporting framework in which mail-receiving domains can generate regular reports containing data about messages seen that claim to be from domains that publish DMARC policies, and send those reports to one or more addresses as requested by the Domain Owner's DMARC policy record. Experience with DMARC has revealed some issues of interoperability with email in general that require due consideration before deployment, particularly with configurations that can cause mail to be rejected. These are discussed in Section 9. Thank you for your time. -- *Todd Herr* | Sr. Technical Program Manager *e:* todd.herr@valimail.com *p:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- [dmarc-ietf] Ticket #80 - DMARCbis Should Have Cl… Todd Herr
- Re: [dmarc-ietf] Ticket #80 - DMARCbis Should Hav… John Levine
- Re: [dmarc-ietf] Ticket #80 - DMARCbis Should Hav… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #80 - DMARCbis Should Hav… Todd Herr
- Re: [dmarc-ietf] Ticket #80 - DMARCbis Should Hav… Todd Herr