On April 5, 2023 10:20:28 PM UTC, Seth Blank <seth=40valimail....@dmarc.ietf.org> wrote: >On Wed, Apr 5, 2023 at 2:57 PM Scott Kitterman <skl...@kitterman.com> wrote: > >> My understanding is that the IETF doesn't do implementation >> specifications. I'm not sure what problem that's related to >> interoperability this is meant to address. >> >> I think the ticket should be closed without action > > >The purpose of DMARC from the point of view of a domain owner, is to stop >spoofing of their exact domain from unauthorized sources. > >The document describes certain mechanics of this relative to the Author >Domain, but never explains what doing this completely for the >Organizational Domain and its entire hierarchy looks like. As this is the >goal of many domain owners, it is worth clear definition in the document. > >When we talk about DMARC and interoperability, we have to remember that >there are THREE participants within DMARC that need to interoperate, the >sender, the receiver, and the domain owner. We keep on discussing the >sender and receiver relationship, and leaving the domain owner out to dry. >It's the domain owner's authentication, and their policy, which DMARC is >all about. DMARC is nothing without domain owners. > >This is clunky, because there's normally not a person or business in the >mix when we talk about interop. With DMARC, there is. Policy needs to work >as expected, and consistently. Therefore, we need clear definition. I can >see how this might look like implementation guidance if you're only >thinking about the bits moving between the sender and the receiver. In the >DMARC context, the domain owner's desires, and clarity on how to implement >them, are critical to be spelled out in the document. > >The text that I proposed feels like the minimum text needed to address this >clarity, without telling people what to do.
I don't follow. Section 5.5 is called Domain Owner Actions. Also, that's the goal for some domains, but not others. We shouldn't over-generalize. Personally, I publish DMARC records for the aggregate reports. I find them useful. Publishing a DMARC record with anything other than p=none is not something I'm considering due to the associated side effects. Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
