In mid-November, I shared some proposed text for new Abstract and Introduction sections - https://mailarchive.ietf.org/arch/msg/dmarc/wNE-cvIWQ3PXrM-42SozSocnnxs/
Dave Crocker submitted some suggestions on-list, and I noodled a bit with the text myself, and submit the following for your collective consideration: Abstract This document describes the Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocol. DMARC permits the owner of an author's domain name to enable validation of the domain's use, to indicate the implication of failed validation, and to request reports about use of the domain name. Mail receiving organizations can use this information when evaluating disposition choices for incoming mail. This document obsoletes RFC 7489. [...] 1. Introduction RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH BEFORE PUBLISHING: The source for this draft is maintained in GitHub at: https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-dmarcbis (https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-dmarcbis) The Sender Policy Framework ([RFC7208]) and DomainKeys Identified Mail ([RFC6376]) protocols provide domain-level authentication which is not directly associated with the RFC5322.From domain, and DMARC builds on those protocols. Using DMARC, Domain Owners that originate email can publish a DNS TXT record with their email authentication policies, preferred handling for mail that fails authentication checks, and request reports about use of the domain name. As with SPF and DKIM, DMARC authentication checks result in verdicts of "pass" or "fail". A DMARC pass verdict requires not only that SPF or DKIM pass for the message in question, but also that the domain validated by the SPF or DKIM check is aligned with the domain in the RFC5322.From header. In the DMARC protocol, two domains are said to be "in alignment" if they have the same Organizational Domain (a.k.a., relaxed alignment) or they are identical (a.k.a., strict alignment). A DMARC pass result indicates only that the RFC5322.From domain has been authenticated in that message; there is no explicit or implied value assertion attributed to a message that receives such a verdict. A mail-receiving organization that performs a DMARC validation check on inbound mail can choose to use the result and the published assessment by the originating domain for message disposition to inform its mail handling decision for that message. For a mail- receiving organization supporting DMARC, a message that passes validation is part of a message stream that is reliably associated with the domain owner. Therefore reputation assessment of that stream by the mail-receiving organization does not need to be encumbered by accounting for unauthorized use of the domain. A message that fails this validation cannot reliably be associated with the aligned domain and its reputation. DMARC also describes a reporting framework in which mail-receiving domains can generate regular reports containing data about messages seen that claim to be from domains that publish DMARC policies, and send those reports to one or more addresses as requested by the Domain Owner's DMARC policy record. Experience with DMARC has revealed some issues of interoperability with email in general that require due consideration before deployment, particularly with configurations that can cause mail to be rejected. These are discussed in Section 9. Thank you for your time. -- *Todd Herr* | Sr. Technical Program Manager *e:* [email protected] *p:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
