[dmarc-ietf] [dmarc] #2 (): Flow of operations text in dmarc-base

Mon, 19 Jan 2015 21:00:07 -0800 

#2: Flow of operations text in dmarc-base

 To: dmarc@ietf.org
 From: Anne Bennett <a...@encs.concordia.ca>
 Date: Fri, 16 Jan 2015 19:26:41 -0500
 Subject: [dmarc-ietf] Flow of operations text in -12

 In draft 12, Section "4.3 Flow Diagram", we have text which
 I think is somewhat contradicted by text in the later and
 more detailed "6.6. Mail Receiver Actions", in particular
 with respect to parallelizing some of the checks, and there's
 another small problem with the text as well.  Quoting 4.3:

   6. Recipient delivery service conducts SPF and DKIM authentication
      checks by passing the necessary data to their respective
      modules, each of which require queries to the Author Domain's
      DNS data (when identifiers are aligned; see below).

 ... but the "Author Domain" (based on RFC5322.From) is not
 necessarily the domain that will be queried by SPF and DKIM
 checks, and we won't know if identifiers are aligned until we
 look at the results of:

   7. The results of these are passed to the DMARC module along with
      the Author's domain.  The DMARC module attempts to retrieve a
      policy from the DNS for that domain.  If none is found, the
      DMARC module determines the Organizational Domain and repeats
      the attempt to retrieve a policy from the DNS.  (This is
      described in further detail in Section 6.6.3.)

 "6.6.2" shows clearly that the SPF check (with its DNS queries),
 the DKIM checks (with its DNS queries), and the DMARC policy
 determination (with its DNS queries) can be done in parallel, and
 their results combined when all have arrived, and I imagine that
 will turn out to be the best way to do it.

 So 4.2 could perhaps be modified:

   6. Recipient delivery service conducts SPF and DKIM
      authentication checks by passing the necessary data to
      their respective modules, each of which require queries
      to DNS data.  The results of these checks are passed back
      to the DMARC module.

   7. Meanwhile, the DMARC module attempts to retrieve a
      policy from the DNS for that domain.  If none is found,
      the DMARC module determines the Organizational Domain and
      repeats the attempt to retrieve a policy from the DNS.
      (This is described in further detail in Section 6.6.3.)

-- 
-------------------------+-------------------------------------------------
Reporter:                |      Owner:
  superu...@gmail.com    |     Status:  new
    Type:  defect        |  Milestone:  Deliverable #3 (changes to DMARC
Priority:  major         |  base spec + DMARC Usage Guide
 Version:                |   Severity:  -
Keywords:                |
-------------------------+-------------------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/dmarc/trac/ticket/2>
dmarc <http://tools.ietf.org/dmarc/>

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to