Conformance requirements to support contracting is not something the IETF typically does. I think deferring this to a follow-on BCP is appropriate.
Scott K On Monday, June 8, 2020 12:45:17 PM EDT David I wrote: > I don't know how to represent it in documents, but I do think there would be > value in clearer terminology to help people trying to adopt (and buy > solutions). I worry that there are people saying they've 'implemented > DMARC' who are doing one of inbound filtering, or have published a policy, > but not both (I think most simply aren't aware of aggregate reporting as > being potentially a separate thing). > > I think issue #41 "Potentially separate reporting and policy into different > documents" might be related as if there's a separate RFC number for sending > aggregate reports, there's a clearer line about whether or not you've > implemented it? > > David > ________________________________ > From: dmarc <[email protected]> on behalf of Seth Blank > <[email protected]> Sent: 07 June 2020 22:23 > To: IETF DMARC WG <[email protected]> > Subject: [dmarc-ietf] DMARC bis: ticket 66: define what is means to > implement DMARC > > https://trac.ietf.org/trac/dmarc/ticket/66<https://eur03.safelinks.protectio > n.outlook.com/?url=https%3A%2F%2Ftrac.ietf.org%2Ftrac%2Fdmarc%2Fticket%2F66& > data=02%7C01%7Cdavid.i%40ncsc.gov.uk%7Cdea9abc7f5364bb3308308d80b2920cb%7C14 > aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C637271618558249757&sdata=ZNzgnrU80Q > %2F5xqAfo9Nw46I1uXqcGWPzzobISlfUQm4%3D&reserved=0> > > Many different entities participate in DMARC, and to each, there is a > different definition of what is needed to "implement" or participate in > DMARC. > > Should the spec be clear about the different participants, and what it means > for each to participate partially and completely? > > As a straw man to start conversation (assume this is all wrong): > > The domain owner: > - partially participating: valid record? > - complete participation: no part of the domain hierarchy can be spoofed > by an unauthenticated sender? > > The receiver/MTA: > - partially participating: validates DMARC? > - complete participation: validates DMARC and ARC, and sends aggregate > reports? > > The intermediary (is this different than a receiver?): > - partially: validates DMARC? > - complete participation: validates DMARC and validates and seals ARC? > > > -- > > Seth Blank | VP, Standards and New Technologies > e: [email protected]<mailto:[email protected]> > p: 415.273.8818 > > [https://lh5.googleusercontent.com/_vs__6iRjfmT2Ae5LLNBb8nEopl2M5Tl5QlpS6LS0 > Lh0vv4TYnZu-Mff2kDFOqe0LhbnSXprAx4yoaTvq_Tc_7n1b8yzGIqoxuhedthDxYQansg8ChT2x > 5EcZV3rjz19-Dx9rESL] > > > This email and all data transmitted with it contains confidential and/or > proprietary information intended solely for the use of individual(s) > authorized to receive it. If you are not an intended and authorized > recipient you are hereby notified of any use, disclosure, copying or > distribution of the information included in this transmission is prohibited > and may be unlawful. Please immediately notify the sender by replying to > this email and then delete it from your system. > > This information is exempt under the Freedom of Information Act 2000 (FOIA) > and may be exempt under other UK information legislation. Refer any FOIA > queries to [email protected]. All material is UK Crown Copyright © _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
