DMARC D. Crocker Internet-Draft Brandenburg InternetWorking Updates: 7489 (if approved) September 25, 2020 Intended status: Experimental Expires: March 29, 2021 DMARC Use of the RFC5322.Sender Header Field draft-ietf-dmarc-sender-00 Abstract Internet mail defines the RFC5322.From field to indicate the author of the message's content and the RFC5322.Sender field to indicate who initially handled the message. The RFC5322.Sender field is optional, if it has the same information as the RFC5322.From field. That is, when the RFC5322.Sender field is absent, the RFC5322.From field has conflated semantics, with both a handling identifier and a content creator identifier. This was not a problem, until development of stringent protections on use of the RFC5322.From field. It has prompted Mediators, such as mailing lists, to modify the RFC5322.From field, to circumvent mail rejection caused by those protections. This affects end-to-end behavior of email, between the author and the final recipients, because mail from the same author is not treated the same, depending on what path it followed. In effect, the RFC5322.From field has become dominated by its role as a handling identifier. The current specification augments use of the RFC5322.From field, by enhancing DMARC to also use the RFC5322.Sender field. This preserves the utility of RFC5322.From field while also preserving the utility of DMARC. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Crocker Expires March 29, 2021 [Page 1] Internet-Draft DMARC September 2020 This Internet-Draft will expire on March 29, 2021. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Domain Owner Actions . . . . . . . . . . . . . . . . . . . . 5 4. Mail Originator Actions . . . . . . . . . . . . . . . . . . . 6 5. Mail Mediator Actions . . . . . . . . . . . . . . . . . . . . 6 6. Mail Receiver Actions . . . . . . . . . . . . . . . . . . . . 6 6.1. Extract RFC5322.Sender and RFC5322.From Domains . . . . . 6 6.2. Determine Handling Policy . . . . . . . . . . . . . . . . 6 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 9.1. Normative References . . . . . . . . . . . . . . . . . . 8 9.2. Informative References . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8 1. Introduction Internet mail conducts asynchronous communication from an author to one or more recipients, and is used for ongoing dialogue amongst them. Email has a long history of serving a wide range of human uses and styles, within that simple framework, and the mechanisms for making email robust and safe serve that sole purpose. Internet mail defines the RFC5322.From field to indicate the author of the message's content and the RFC5322.Sender field to indicate who initially handled the message. [Mail-Fmt] The RFC5322.Sender field is optional, if it has the same information as the RFC5322.From field. That is, when the RFC5322.Sender field is absent, the RFC5322.From field has conflated semantics, as both a handling Crocker Expires March 29, 2021 [Page 2] Internet-Draft DMARC September 2020 identifier and a content creator identifier. These fields were initially defined in [RFC733] and making the redundant RFC5322.Sender field optional was a small, obvious optimization, in the days of slower communications, expensive storage and less powerful computers. The dual semantics of the RFC5322.From field was not a problem, until development of stringent protections were put in place, on the use of the RFC5322.From field. It has prompted Mediators, such as mailing lists, to modify the RFC5322.From field, to circumvent mail rejection caused by those protections. This affects end-to-end usability of email, between the author and the final recipients. If the mailing list does not modify the RFC5322.From field, there is the risk that the message will be rejected or quarantined by the receiving system. However, if the mailing list does modify the RFC5322.From field, mail received from the same author will be treated differently by the recipient's software, depending on what path the message followed. By way of example, mail by: Author Name which is sent directly to a recipient, will show the user's display name correctly and can correctly analyze and aggregate mail from that user, based on their email address. However if the user sends through a mailing list, and the mailing list conducts a common form of RFC5322.From modification, needed to bypass enforcement of stringent authentication policies, then the received message might have a RFC5322.From field along the lines of Author Name via Listname The change inserts an operational address, for the Mediator, into the RFC5322.From field, and distorts the field's display-name, as a means of recording the modification. The result is that the recipient's software will see the message as being from an entirely different author and will handle it separately. Mediators might create a Reply-To: field, with the original RFC5322.From field email address. While this facilitates a recipient's responding to the original author, it does nothing to aid other processing done by the recipient's MUA based on what it believes is the author's address or original display-name. Because the current email protection behavior involves the RFC5322.From field, and pertain to the human author, it is common to think that the issue, in protecting the field's content, is behavior of the human recipient. However there is no indication that the enforced values in the RFC5322.From field alter end-user behavior. In fact there is a long train of indication that it does not. Crocker Expires March 29, 2021 [Page 3] Internet-Draft DMARC September 2020 Rather, the meaningful protections actually operate at the level of the receiving system's mail filtering engine, which decides on the dispostion of received mail. In effect, the RFC5322.From field has become dominated by its role as a handling identifier. This specification defines enhancement for use of the RFC5322.Sender field by [DMARC]. It is designed with the view that enhancement of standards works best as incremental additions. DMARC functionality is preserved, as is long-standing recipient email usability.. Teminology and architectural details in this document are incorporated from [Mail-Arch]. Discussion of this draft is directed to the dmarc@ietf.org mailing list. COMMENT: The original version of this specification essentially sought to have the Sender: header field treated as an alternative to the From: header field. Unfortunately this suffers a fatal problem, in the face of established DMARC use. If: * the original From: field is covered by DMARC, and * the message goes through a Mediator that breaks aligned authentication, and * the receiving DMARC engine only uses the original version of DMARC, then it will produce a DMARC fail. It does not appear to be possible to handle this case safely, except by modifying the From: header field so that it does not trigger an alignment failure. Unless there comes a time at which concern for this case is eliminated, Mediators will continue to have to deal with this, such as by modifying the From: field. To that end, this version of the specification has been modified, to make Sender: an _additional_ DMARC alignment possibility, rather than an alternative one. Crocker Expires March 29, 2021 [Page 4] Internet-Draft DMARC September 2020 2. Overview This specification defines modifications to DMARC, to add use of the RFC5322.Sender header field, as a possible second source of DMARC validation and policy information. The changes are: o A tag is added to the DMARC DNS record, to flag support for this enhancement, indicating that valid mail originating from this domain will have an aligned RFC5322.Sender field. o The message originator creates a RFC5322.Sender field that is identical to the RFC5322.From field, and therefore provides DMARC alignment. This can permit DMARC to validate, even when it fails to validate, based on the From: field. o Receiving systems supporting the enhancement check for the RFC5322.Sender domain's DNS DMARC record. * If there is a record and it contains the enhancement flag, DMARC evaluation is performed on that domain name. * DMARC evaluation is also performed, as before, using the RFC5322.From domain name. The enhancement preserves existing DMARC operation, but permits DMARC success in some scenarios that either used to fail or that produce Mediator actions to bypass DMARC. The following table shows DMARC interactions between original vs. enhanced originators and receivers: +-------------------------------+--------------+----------------+ | \Originate/ || - Receive --> | Original | Enhanced | +-------------------------------+--------------+----------------+ | RFC5322.From | RFC5322.From | RFC5322.From | | RFC5322.From + RFC5322.Sender | RFC5322.From | RFC5322.Sender | +-------------------------------+--------------+----------------+ DMARC Original/Enhanced Interactions 3. Domain Owner Actions For a domain that supports the use of RFC5322.Sender field evaluation for DMARC, the owner specifies an additional DMARC Policy Record tag: snd: When present, this tag signals that mail originated by the domain owner MAY have a RFC5322.Sender field, as well as a RFC5322.From field and that evaluation MAY be based on the domain name in the RFC5322.Sender field. Crocker Expires March 29, 2021 [Page 5] Internet-Draft DMARC September 2020 4. Mail Originator Actions Mail originators, for domains supporting enhanced DMARC, can create a RFC5322.Sender field that is a duplicate of the RFC5322.From field. They can, instead, create one that has a separate address, such as when the originator is an independent agent, acting on behalf of the content creator. 5. Mail Mediator Actions Mediators, such as mailings lists, are independent agents, acting on behalf of authors and recipients. They take delivery of messages and then repost them, typically with modification. In response to the use of DMARC, they often modify the RFC 5332.From field. They can use this Sender-based mechanism to generate their own DMARC-aligned authentication, based on the RFC5322.Sender field. 6. Mail Receiver Actions 6.1. Extract RFC5322.Sender and RFC5322.From Domains The domain in the RFC5322.Sender field and the domain in the RFC5322.From field are extracted as the domains to be evaluated by DMARC. 6.2. Determine Handling Policy The following procedure can result in DMARC policy information based on the rfc5322.From, or the rfc5322.Sender, or based on both header fields. The final choice for using this information to determine message disposition resides with the receiving system. To arrive at a policy for an individual message, Mail Receivers MUST perform the following actions or their semantic equivalents. Steps 2-3 MAY be done in parallel, whereas steps 4 and 5 require input from previous steps. The steps are as follows: 1. Sender: Extract the RFC5322.Sender domain from the message. Query the DNS for a DMARC policy record. Perform remaining, numbered steps, if one is found and it contains an "snd" tag. Crocker Expires March 29, 2021 [Page 6] Internet-Draft DMARC September 2020 AND From: Extract the RFC5322.From domain from the message. Query the DNS for a DMARC policy record Perform remaining, numbered steps, if one is found. Terminate: Otherwise terminate DMARC evaluation. 2. Perform DKIM signature verification checks. A single email could contain multiple DKIM signatures. The results of this step are passed to the remainder of the algorithm and MUST include the value of the "d=" tag from each checked DKIM signature. 3. Perform SPF validation checks. The results of this step are passed to the remainder of the algorithm and MUST include the domain name used to complete the SPF check. 4. Conduct Identifier Alignment checks. With authentication checks and policy discovery performed, the Mail Receiver checks to see if Authenticated Identifiers fall into alignment. If one or more of the Authenticated Identifiers align with the RFC5322.From (or with the RFC5322.Sender field, if permitted by the domain owner) domain, the message is considered to pass the DMARC mechanism check. All other conditions (authentication failures, identifier mismatches) are considered to be DMARC mechanism check failures. 5. Apply policy. Emails that fail the DMARC mechanism check MAY be disposed of in accordance with the discovered DMARC policy of the Domain Owner. Broadly, however, receivers typically do not automatically follow such directives. Rather, they apply complex evaluation rules, for which DMARC is merely one (or more) sets of input data. To that end, having a DMARC assessment for the RFC5322.From field and another for the RFC5322.Sender field merely add to their pool of data to consider. 7. Security Considerations This enhancement entails the same security issues as the basic DMARC service. 8. IANA Considerations None. Crocker Expires March 29, 2021 [Page 7] Internet-Draft DMARC September 2020 9. References 9.1. Normative References [DMARC] Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based Message Authentication, Reporting, and Conformance (DMARC)", RFC 7489, March 2015. [Mail-Arch] Crocker, D., "Internet Mail Architecture", RFC 5598, July 2009. [Mail-Fmt] Resnick, P., Ed., "Internet Message Format", RFC 5322, October 2008. 9.2. Informative References [RFC733] Crocker, D., Vittal, J., Pogran, K., and D. Henderson, "Standard for the Format of ARPA Network Text Messages", RFC 733, November 1977. Author's Address Dave Crocker Brandenburg InternetWorking Email: dcrocker@bbiw.net Crocker Expires March 29, 2021 [Page 8]