I don't know how to represent it in documents, but I do think there would be value in clearer terminology to help people trying to adopt (and buy solutions). I worry that there are people saying they've 'implemented DMARC' who are doing one of inbound filtering, or have published a policy, but not both (I think most simply aren't aware of aggregate reporting as being potentially a separate thing).
I think issue #41 "Potentially separate reporting and policy into different documents" might be related as if there's a separate RFC number for sending aggregate reports, there's a clearer line about whether or not you've implemented it? David ________________________________ From: dmarc <[email protected]> on behalf of Seth Blank <[email protected]> Sent: 07 June 2020 22:23 To: IETF DMARC WG <[email protected]> Subject: [dmarc-ietf] DMARC bis: ticket 66: define what is means to implement DMARC https://trac.ietf.org/trac/dmarc/ticket/66<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrac.ietf.org%2Ftrac%2Fdmarc%2Fticket%2F66&data=02%7C01%7Cdavid.i%40ncsc.gov.uk%7Cdea9abc7f5364bb3308308d80b2920cb%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C637271618558249757&sdata=ZNzgnrU80Q%2F5xqAfo9Nw46I1uXqcGWPzzobISlfUQm4%3D&reserved=0> Many different entities participate in DMARC, and to each, there is a different definition of what is needed to "implement" or participate in DMARC. Should the spec be clear about the different participants, and what it means for each to participate partially and completely? As a straw man to start conversation (assume this is all wrong): The domain owner: - partially participating: valid record? - complete participation: no part of the domain hierarchy can be spoofed by an unauthenticated sender? The receiver/MTA: - partially participating: validates DMARC? - complete participation: validates DMARC and ARC, and sends aggregate reports? The intermediary (is this different than a receiver?): - partially: validates DMARC? - complete participation: validates DMARC and validates and seals ARC? -- Seth Blank | VP, Standards and New Technologies e: [email protected]<mailto:[email protected]> p: 415.273.8818 [https://lh5.googleusercontent.com/_vs__6iRjfmT2Ae5LLNBb8nEopl2M5Tl5QlpS6LS0Lh0vv4TYnZu-Mff2kDFOqe0LhbnSXprAx4yoaTvq_Tc_7n1b8yzGIqoxuhedthDxYQansg8ChT2x5EcZV3rjz19-Dx9rESL] This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system. This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]. All material is UK Crown Copyright ©
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
