New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define what it means to have implemented DMARC #96
Comments
@seth@sethblank.com changed status from |
@seth@sethblank.com removed owner (was |
@seth@sethblank.com changed component from |
@todd.herr@valimail.com changed status from |
@todd.herr@valimail.com set owner to |
@todd.herr@valimail.com commented Not sure where to put it, but here's some proposed text: What Does It Mean To Have Implemented DMARC? Domain owners, intermediaries, and mail receivers can all claim to implement DMARC, but what that means will depend on their role in the transmission of mail. To remove any ambiguity from the claims, this document specifies the following minimum criteria that must be met for each agent to rightly claim to be "implementing DMARC". Domain Owner: To implement DMARC, a domain owner MUST configure its domain to request that unauthenticated mail be rejected or at least treated with suspicion. This means that it MUST publish a policy record that:
While 'none' is a syntactically valid value for both the p and sp tags, the practical value of either the p tag or sp tag being 'none' means that the domain owner is still gathering information about mail flows for the domain or sub-domains, and is not yet ready to commit to requesting that unauthenticated mail receive different handling than authenticated mail. Intermediary: To implement DMARC, an intermediary MUST do the following before passing the message to the next hop or rejecting it as appropriate:
Mail Receiver: To implement DMARC, a mail receiver MUST do the following:
|
@todd.herr@valimail.com changed status from |
@todd.herr@valimail.com commented Added proposed text from comment 3 as section 4.4, part of the Overview section |
@todd.herr@valimail.com changed _comment0 which not transferred by tractive |
@todd.herr@valimail.com changed status from |
@todd.herr@valimail.com set resolution to |
@todd.herr@valimail.com commented pushed to github and merged to main branch |
@todd.herr@valimail.com changed status from |
@todd.herr@valimail.com removed resolution (was |
@todd.herr@valimail.com commented Reopening because it makes more sense to put this in Section 8, Minimum Implementations, which was already there. |
@todd.herr@valimail.com commented Moved stuff to section 8 as proposed replacement text. Pushed to github and merged to main branch. |
@todd.herr@valimail.com changed status from |
@todd.herr@valimail.com changed status from |
There are extensive sections, specifically Domain Owner Actions and Mail Receiver Actions, that describe but do not necessarily mandate activities for those roles to participate in DMARC. There is currently nothing for intermediaries. |
I think once we have the discussion that was started at the meeting on what to say about mailing lists, anything related to intermediaries will naturally be addressed. I don't know that you need to keep an issue open waiting for it. |
I believe there is sufficient text in the document in the Domain Owner Actions and Mail Receiver Actions sections to describe what it means to have implemented DMARC, and I recommend closing this ticket. |
I agree.
…On February 28, 2024 10:51:31 PM UTC, Todd Herr ***@***.***> wrote:
I believe there is sufficient text in the document in the Domain Owner Actions and Mail Receiver Actions sections to describe what it means to have implemented DMARC, and I recommend closing this ticket.
|
Chair concurs with closing ticket. |
keyword_clarify
owner:todd.herr@valimail.com
type_enhancement
| by seth@sethblank.comIn particular:
What does it mean to implement DMARC as a domain owner? Here, we should specifically define "Enforcement" -- the point at which only authenticated mail can be sent from the domain.
What does it mean to implement DMARC as a receiver? Here, that DMARC and ARC are validated and reports are sent?
What does it mean to implement DMARC as an intermediary? That DMARC and ARC are validated?
Issue migrated from trac:66 at 2022-01-24 16:17:54 +0000
The text was updated successfully, but these errors were encountered: