Opened 2 years ago

Closed 14 months ago

#52 closed defect (fixed)

Remove strict alignment (and adkim and aspf tags)

Reported by: seth@… Owned by: todd.herr@…
Priority: major Milestone: Deliverable #3 (changes to DMARC base spec + DMARC Usage Guide
Component: dmarc-bis Version:
Severity: - Keywords: nit tag-update
Cc:

Description

Strict alignment is rarely deployed, doesn't provide additional security (especially if any cloud services are being used to send mail on behalf of the domain), and actually makes blocking all unauthenticated mail significantly harder, not easier due to confusion.

Change History (9)

comment:1 Changed 2 years ago by seth@…

  • Component changed from rfc7601bis to dmarc-bis
  • Owner draft-ietf-dmarc-rfc7601bis@… deleted
  • Status changed from new to assigned

comment:2 Changed 17 months ago by todd.herr@…

Valimail data:

73917 DMARC records examined

 1244 with adkim=r (default)
 1346 with adkim=s

 1856 with aspf=r (default)
 1505 with aspf=s

comment:3 Changed 17 months ago by todd.herr@…

  • Owner set to todd.herr@…
  • Status changed from assigned to started

comment:4 Changed 16 months ago by todd.herr@…

  • Status changed from started to infoneeded

Proposed text to remove strict alignment references pushed to github and merged with main branch.

comment:5 Changed 15 months ago by mail@…

  • Status changed from infoneeded to assigned

dns probe on Tranco toplist 2021-05-09:

152348 v=DMARC1 records
 11049 with adkim=r (default)
  5934 with adkim=s

 18288 with aspf=r (default)
  6668 with aspf=s

 58405 v=DMARC1 records with (qurantine|reject) policy
  5339 with adkim=r (default)
  4707 with adkim=s

  7247 with aspf=r (default)
  5226 with aspf=s

comment:6 Changed 15 months ago by mail@…

  • Status changed from assigned to infoneeded

Whoops, sorry for changing the ticket status.

comment:7 Changed 15 months ago by smj@…

  • Status changed from infoneeded to assigned

Looking at the ~2.9MM valid DMARC records from the dataset Farsight provided to DMARC.org through 1Q2021, retrievable via DNS at that time.

Tag Count
adkim=r163,441
adkim=s152,615
aspf=r242,198
aspf=s166,519

comment:8 Changed 14 months ago by todd.herr@…

Consensus from the 27 May 2021 Interim session (https://datatracker.ietf.org/doc/minutes-interim-2021-dmarc-01-202105270900/) was to leave the tags in place for now, but to include their use in a future discussion of "ratchet mechanisms" meant to provide Domain Owners a way to slow-roll DMARC adoption

comment:9 Changed 14 months ago by todd.herr@…

  • Resolution set to fixed
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.