Opened 14 months ago

Last modified 3 months ago

#85 assigned enhancement

Proposed change to wording describing 'p' tag and values.

Reported by: todd.herr@… Owned by: todd.herr@…
Priority: minor Milestone: Deliverable #3 (changes to DMARC base spec + DMARC Usage Guide
Component: dmarc-bis Version:
Severity: - Keywords:
Cc:

Description (last modified by todd.herr@…)

Section 6.3 describes the p tag as follows:

p: Requested Mail Receiver policy (plain-text; REQUIRED for policy

records). Indicates the policy to be enacted by the Receiver at
the request of the Domain Owner. Policy applies to the domain
queried and to subdomains, unless subdomain policy is explicitly
described using the "sp" tag. This tag is mandatory for policy
records only, but not for third-party reporting records (see
Section 7.1). Possible values are as follows:

none: The Domain Owner requests no specific action be taken

regarding delivery of messages.

quarantine: The Domain Owner wishes to have email that fails the

DMARC mechanism check be treated by Mail Receivers as
suspicious. Depending on the capabilities of the Mail
Receiver, this can mean "place into spam folder", "scrutinize
with additional intensity", and/or "flag as suspicious".

reject: The Domain Owner wishes for Mail Receivers to reject

email that fails the DMARC mechanism check. Rejection SHOULD
occur during the SMTP transaction. See Section 10.3 for some
discussion of SMTP rejection methods and their implications.

The following has been asserted about the above text (https://mailarchive.ietf.org/arch/msg/dmarc/D8dSnmdbyG3H3KOS2L6pn9IORW0/):

"The premise that an author domain owner can, in any way, direct the
message disposition decisions of a receiving system is simply false.
It's false to a level of silliness, if one adequately considers the
complete independence of the receiver from the domain owner.

The domain owner can, perhaps, express something about the owner's own
concerns for mail that fails dmarc, but that's different from saying
anything about the receiver's decisions about how to respond to those
expressed concerns.

That is, the language expressing the semantics should be changed to be, in a sense, egocentric. How do I, the domain owner feel about (assess) the meaning of a DMARC failure?"

The following is proposed as a possible replacement:

p: Domain Owner Assessment Policy (plain-text; REQUIRED for policy records). Indicates the severity of concern the domain owner has, for mail using its domain but not passing DMARC validation. Policy applies to the domain queried and to subdomains, unless subdomain policy is explicitly described using the "sp" tag. This tag is mandatory for policy records only, but not for third-party reporting records (see Section 7.1). Possible values are as follows:

none: The Domain Owner offers no expression of concern.

quarantine: The Domain Owner considers such mail to be suspicious. It is possible the mail is valid, although the failure creates a significant concern.

reject: The Domain Owner considers all such failures to be a clear indication that the use of the domain name is not valid. See Section 10.3 for some discussion of SMTP rejection methods and their implications.

Change History (5)

comment:1 Changed 9 months ago by todd.herr@…

  • Owner set to todd.herr@…
  • Status changed from new to accepted

comment:2 Changed 9 months ago by todd.herr@…

  • Description modified (diff)

comment:3 Changed 9 months ago by todd.herr@…

  • Status changed from accepted to started

comment:4 Changed 9 months ago by todd.herr@…

  • Status changed from started to infoneeded

Proposed new language from issue description.

Pushed to github, merged to main branch.

comment:5 Changed 3 months ago by todd.herr@…

  • Milestone set to Deliverable #3 (changes to DMARC base spec + DMARC Usage Guide
  • Status changed from infoneeded to assigned
Note: See TracTickets for help on using tickets.