DMARC (Domain-based Message Authentication, Reporting, and Conformance) Extension For PSDs (Public Suffix Domains)
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, The IESG <email@example.com>, Murray Kucherawy <firstname.lastname@example.org>, email@example.com Subject: Document Action: 'DMARC (Domain-based Message Authentication, Reporting, and Conformance) Extension For PSDs (Public Suffix Domains)' to Experimental RFC (draft-ietf-dmarc-psd-08.txt) The IESG has approved the following document: - 'DMARC (Domain-based Message Authentication, Reporting, and Conformance) Extension For PSDs (Public Suffix Domains)' (draft-ietf-dmarc-psd-08.txt) as Experimental RFC This document is the product of the Domain-based Message Authentication, Reporting & Conformance Working Group. The IESG contact persons are Adam Roach, Alexey Melnikov and Barry Leiba. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-dmarc-psd/
Technical Summary DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a scalable mechanism by which a mail-originating organization can express domain-level policies and preferences for message validation, disposition, and reporting, that a mail-receiving organization can use to improve mail handling. The design of DMARC presumes that domain names represent either nodes in the tree below which registrations occur, or nodes where registrations have occurred; it does not permit a domain name to have both of these properties simultaneously. Since its deployment in 2015, use of DMARC has shown a clear need for the ability to express policy for these domains as well. Domains at which registrations can occur are referred to as Public Suffix Domains (PSDs). This document describes an extension to DMARC to enable DMARC functionality for PSDs. This document also seeks to address implementations that consider a domain on a public Suffix list to be ineligible for DMARC enforcement. Working Group Summary Generally, the working group came to consensus fairly quickly about this proposal because it's fairly minimal, straightforward, and well understood. Document Quality There are several expressions of interest with respect to implementation. There is one reference implementation. Personnel Murray Kucherawy wrote the original Document Shepherd writeup, and Alexey Melnikov started IETF Last Call as Area Director. Since then, their roles have swapped; Alexey is the shepherding co-chair, and Murray is the Area Director. IESG Note It is worth noting here that Dave Crocker raised and pressed an objection that the work should not be published without going back to first principles with DMARC itself, which would set the already glacial working group back months. Given the WG intends to reopen its base document anyway after this experiment is published, that seems like an unnecessary constraint. In any case, his assertion does not appear to have swayed consensus away from proceeding. He also contends that an experiment meant to collect data and then be destroyed is not the kind of thing the IETF should be publishing in the first place, since it represents something that could introduce confusion or cruft into the deployed base. I disagreed with this position because there are existence proofs of Experimental status not observing such constraints. His objection has not been sustained by the working group generally; one person was concerned about us publishing an experiment of any kind, but this was not enough to give the impression that consensus has eroded. Nevertheless, the working group is prepared to accept Informational status if the IESG concurs with this objection.