Opened 10 months ago

Last modified 3 months ago

#108 assigned defect

Changes to DMARCbis for PSD

Reported by: todd.herr@… Owned by: todd.herr@…
Priority: minor Milestone: Deliverable #3 (changes to DMARC base spec + DMARC Usage Guide
Component: dmarc-bis Version:
Severity: - Keywords:
Cc:

Description (last modified by todd.herr@…)

Last call of PSD - https://datatracker.ietf.org/doc/draft-ietf-dmarc-psd/?include_text=1 - mandates several changes to DMARCbis:

3.  PSD DMARC Updates to DMARC Requirements

   This document updates DMARC as follows:

Kitterman & Wicinski    Expires October 14, 2021                [Page 6]
Internet-Draft                  PSD DMARC                     April 2021

3.1.  General Updates

   References to "Domain Owners" also apply to PSOs.

3.2.  Changes in Section 6.3 "General Record Format"

   A new tag is added after "fo":

   np:  Requested Mail Receiver policy for non-existent subdomains
      (plain-text; OPTIONAL).  Indicates the policy to be enacted by the
      Receiver at the request of the Domain Owner.  It applies only to
      non-existent subdomains of the domain queried and not to either
      existing subdomains or the domain itself.  Its syntax is identical
      to that of the "p" tag defined below.  If the 'np' tag is absent,
      the policy specified by the "sp" tag (if the 'sp' tag is present)
      or the policy specified by the "p" tag, if the 'sp' tag is not
      present, MUST be applied for non-existent subdomains.  Note that
      "np" will be ignored for DMARC records published on subdomains of
      Organizational Domains and PSDs due to the effect of the DMARC
      policy discovery mechanism described in DMARC Section 6.6.3.

   The following tag definitions from DMARC are updated:

   p: The sentence 'Policy applies to the domain queried and to
      subdomains, unless subdomain policy is explicitly described using
      the "sp" tag' is updated to read 'Policy applies to the domain
      queried and to subdomains, unless subdomain policy is explicitly
      described using the "sp" or "np" tags.'

   sp:  The sentence 'If absent, the policy specified by the "p" tag
      MUST be applied for subdomains' is updated to read 'If both the
      'sp' tag is absent and the 'np' tag is either absent or not
      applicable, the policy specified by the "p" tag MUST be applied
      for subdomains.

3.3.  Changes in Section 6.5 "Domain Owner Actions"

   In addition to the DMARC domain owner actions, PSOs that require use
   of DMARC and participate in PSD DMARC ought to make that information
   available to receivers.  This document is an experimental mechanism
   for doing so.  See the [this document] experiment description
   (Appendix A).

3.4.  Changes in Section 6.6.1 "Extract Author Domain"

   Experience with DMARC has shown that some implementations short-
   circuit messages, bypassing DMARC policy application, when the domain
   name extracted by the receiver (from the RFC5322.From) is on the

Kitterman & Wicinski    Expires October 14, 2021                [Page 7]
Internet-Draft                  PSD DMARC                     April 2021

   public suffix list used by the receiver.  This negates the capability
   being created by this specification.  Therefore, the following
   paragraph is appended to Section 6.6.1 of DMARC:

   Note that domain names that appear on a public suffix list are not
   exempt from DMARC policy application and reporting.

3.5.  Changes in Section 6.6.3 "Policy Discovery"

   A new step between step 3 and 4 is added:

   3A.  If the set is now empty and the longest PSD (Section 2.4) of the
      Organizational Domain is one that the receiver has determined is
      acceptable for PSD DMARC (discussed in the [this document]
      experiment description (Appendix A)), the Mail Receiver MUST query
      the DNS for a DMARC TXT record at the DNS domain matching the
      [this document] longest PSD (Section 2.4) in place of the
      RFC5322.From domain in the message (if different).  A possibly
      empty set of records is returned.

   As an example, for a message with the Organizational Domain of
   "example.compute.cloudcompany.com.example", the query for PSD DMARC
   would use "compute.cloudcompany.com.example" as the [this document]
   longest PSD (Section 2.4).  The receiver would check to see if that
   PSD is listed in the DMARC PSD Registry, and if so, perform the
   policy lookup at "_dmarc.compute.cloudcompany.com.example".

   Note: Because the PSD policy query comes after the Organizational
   Domain policy query, PSD policy is not used for Organizational
   domains that have published a DMARC policy.  Specifically, this is
   not a mechanism to provide feedback addresses (RUA/RUF) when an
   Organizational Domain has declined to do so.

3.6.  Changes in Section 7 "DMARC Feedback"

   Operational note for PSD DMARC: For PSOs, feedback for non-existent
   domains is desirable and useful, just as it is for org-level DMARC
   operators.  See Section 4 of [this document] for discussion of
   Privacy Considerations for PSD DMARC.

Change History (7)

comment:1 Changed 9 months ago by todd.herr@…

  • Owner set to todd.herr@…
  • Status changed from new to accepted

comment:2 Changed 9 months ago by todd.herr@…

  • Status changed from accepted to assigned

comment:3 Changed 9 months ago by todd.herr@…

  • Description modified (diff)

comment:4 Changed 9 months ago by todd.herr@…

  • Status changed from assigned to started

comment:5 Changed 9 months ago by todd.herr@…

In keeping with structure of PSD document, using this ticket to break out Terminology and Definitions into individual sections.

comment:6 Changed 9 months ago by todd.herr@…

  • Status changed from started to infoneeded

Changes made and pushed to github and merged to main branch.

comment:7 Changed 3 months ago by todd.herr@…

  • Milestone set to Deliverable #3 (changes to DMARC base spec + DMARC Usage Guide
  • Status changed from infoneeded to assigned
Note: See TracTickets for help on using tickets.