idnits 2.17.1 draft-crocker-dmarc-sender-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 233: '... domain owner MAY have a RFC5322.Se...' RFC 2119 keyword, line 234: '... that evaluation MAY be based on the d...' RFC 2119 keyword, line 257: '...ndividual message, Mail Receivers MUST...' RFC 2119 keyword, line 259: '... 2-3 MAY be done in parallel, wherea...' RFC 2119 keyword, line 285: '... of the algorithm and MUST include the...' (1 more instance...) -- The draft header indicates that this document updates RFC7489, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 27, 2020) is 1341 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 7489 (ref. 'DMARC') ** Downref: Normative reference to an Informational RFC: RFC 5598 (ref. 'Mail-Arch') -- Obsolete informational reference (is this intentional?): RFC 733 (Obsoleted by RFC 822) Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DMARC D. Crocker 3 Internet-Draft Brandenburg InternetWorking 4 Updates: 7489 (if approved) July 27, 2020 5 Intended status: Standards Track 6 Expires: January 28, 2021 8 DMARC Use of the RFC5322.Sender Header Field 9 draft-crocker-dmarc-sender-01 11 Abstract 13 Internet mail defines the RFC5322.From field to indicate the author 14 of the message's content and the RFC5322.Sender field to indicate who 15 initially handled the message. The RFC5322.Sender field is optional, 16 if it has the same information as the RFC5322.From field. That is, 17 when the RFC5322.Sender field is absent, the RFC5322.From field has 18 conflated semantics, with both a handling identifier and a content 19 creator identifier. This was not a problem, until development of 20 stringent protections on use of the RFC5322.From field. It has 21 prompted Mediators, such as mailing lists, to modify the RFC5322.From 22 field, to circumvent mail rejection caused by those protections. 24 This affects end-to-end behavior of email, between the author and the 25 final recipients, because mail from the same author is not treated 26 the same, depending on what path it followed. In effect, the 27 RFC5322.From field has become dominated by its role as a handling 28 identifier. 30 The current specification augments use of the RFC5322.From field, by 31 enhancing DMARC to also use the RFC5322.Sender field. This preserves 32 the utility of RFC5322.From field while also preserving the utility 33 of DMARC. 35 Status of This Memo 37 This Internet-Draft is submitted in full conformance with the 38 provisions of BCP 78 and BCP 79. 40 Internet-Drafts are working documents of the Internet Engineering 41 Task Force (IETF). Note that other groups may also distribute 42 working documents as Internet-Drafts. The list of current Internet- 43 Drafts is at https://datatracker.ietf.org/drafts/current/. 45 Internet-Drafts are draft documents valid for a maximum of six months 46 and may be updated, replaced, or obsoleted by other documents at any 47 time. It is inappropriate to use Internet-Drafts as reference 48 material or to cite them other than as "work in progress." 49 This Internet-Draft will expire on January 28, 2021. 51 Copyright Notice 53 Copyright (c) 2020 IETF Trust and the persons identified as the 54 document authors. All rights reserved. 56 This document is subject to BCP 78 and the IETF Trust's Legal 57 Provisions Relating to IETF Documents 58 (https://trustee.ietf.org/license-info) in effect on the date of 59 publication of this document. Please review these documents 60 carefully, as they describe your rights and restrictions with respect 61 to this document. Code Components extracted from this document must 62 include Simplified BSD License text as described in Section 4.e of 63 the Trust Legal Provisions and are provided without warranty as 64 described in the Simplified BSD License. 66 Table of Contents 68 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 69 2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4 70 3. Domain Owner Actions . . . . . . . . . . . . . . . . . . . . 5 71 4. Mail Originator Actions . . . . . . . . . . . . . . . . . . . 5 72 5. Mail Receiver Actions . . . . . . . . . . . . . . . . . . . . 6 73 5.1. Extract RFC5322.Sender and RFC5322.From Domains . . . . . 6 74 5.2. Determine Handling Policy . . . . . . . . . . . . . . . . 6 75 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 76 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 77 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 78 8.1. Normative References . . . . . . . . . . . . . . . . . . 7 79 8.2. Informative References . . . . . . . . . . . . . . . . . 7 80 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8 82 1. Introduction 84 Internet mail conducts asynchronous communication from an author to 85 one or more recipients, and is used for ongoing dialogue amongst 86 them. Email has a long history of serving a wide range of human uses 87 and styles, within that simple framework, and the mechanisms for 88 making email robust and safe serve that sole purpose. 90 Internet mail defines the RFC5322.From field to indicate the author 91 of the message's content and the RFC5322.Sender field to indicate who 92 initially handled the message. [Mail-Fmt] The RFC5322.Sender field 93 is optional, if it has the same information as the RFC5322.From 94 field. That is, when the RFC5322.Sender field is absent, the 95 RFC5322.From field has conflated semantics, as both a handling 96 identifier and a content creator identifier. These fields were 97 initially defined in [RFC733] and making the redundant RFC5322.Sender 98 field optional was a small, obvious optimization, in the days of 99 slower communications, expensive storage and less powerful computers. 101 The dual semantics of the RFC5322.From field was not a problem, until 102 development of stringent protections were put in place, on the use of 103 the RFC5322.From field. It has prompted Mediators, such as mailing 104 lists, to modify the RFC5322.From field, to circumvent mail rejection 105 caused by those protections. This affects end-to-end usability of 106 email, between the author and the final recipients. If the mailing 107 list does not modify the RFC5322.From field, there is the risk that 108 the message will be rejected or quarantined by the receiving system. 109 However, if the mailing list does modify the RFC5322.From field, mail 110 received from the same author will be treated differently by the 111 recipient's software, depending on what path the message followed. 113 By way of example, mail by: 115 Author Name 117 which is sent directly to a recipient, will show the user's display 118 name correctly and can correctly analyze and aggregate mail from that 119 user, based on their email address. However if the user sends 120 through a mailing list, and the mailing list conducts a common form 121 of RFC5322.From modification, needed to bypass enforcement of 122 stringent authentication policies, then the received message might 123 have a RFC5322.From field along the lines of 125 Author Name via Listname 127 The change inserts an operational address, for the Mediator, into the 128 RFC5322.From field, and distorts the field's display-name, as a means 129 of recording the modification. The result is that the recipient's 130 software will see the message as being from an entirely different 131 author and will handle it separately. Mediators might create a 132 Reply-To: field, with the original RFC5322.From field email address. 133 While this facilitates a recipient's responding to the original 134 author, it does nothing to aid other processing done by the 135 recipient's MUA based on what it believes is the author's address or 136 original display-name. 138 Because the current email protection behavior involves the 139 RFC5322.From field, and pertain to the human author, it is common to 140 think that the issue, in protecting the field's content, is behavior 141 of the human recipient. However there is no indication that the 142 enforced values in the RFC5322.From field alter end-user behavior. 143 In fact there is a long train of indication that it does not. 144 Rather, the meaningful protections actually operate at the level of 145 the receiving system's mail filtering engine, which decides on the 146 dispostion of received mail. 148 In effect, the RFC5322.From field has become dominated by its role as 149 a handling identifier. This specification defines enhancement for 150 use of the RFC5322.Sender field by [DMARC]. It is designed with the 151 view that enhancement of standards works best as incremental 152 additions. DMARC functionality is preserved, as is long-standing 153 recipient email usability.. 155 Teminology and architectural details in this document are 156 incorporated from [Mail-Arch]. 158 Discussion of this draft is directed to the dmarc@ietf.org mailing 159 list. 161 COMMENT: The original version of this specification essentially 162 sought to have the Sender: header field treated as an alternative 163 to the From: header field. Unfortunately this suffers a fatal 164 problem, in the face of established DMARC use. 166 If: 168 * the original From: field is covered by DMARC, and 170 * the message goes through a Mediator that breaks aligned 171 authentication, and 173 * the receiving DMARC engine only uses the original version of 174 DMARC, 176 then it will produce a DMARC fail. 178 It does not appear to be possible to handle this case safely, 179 except by modifying the From: header field so that it does not 180 trigger an alignment failure. Unless there comes a time at which 181 concern for this case is eliminated, Mediators will continue to 182 have to deal with this, such as by modifying the From: field. 184 To that end, this version of the specification has been modified, 185 to make Sender: an _additional_ DMARC alignment possibility, 186 rather than an alternative one. 188 2. Overview 190 This specification defines modifications to DMARC, to add use of the 191 RFC5322.Sender header field, as a possible second source of DMARC 192 validation and policy information. The changes are: 194 o A tag is added to the DMARC DNS record, to flag support for this 195 enhancement, indicating that valid mail originating from this 196 domain will have an aligned RFC5322.Sender field. 198 o The message originator creates a RFC5322.Sender field that is 199 identical to the RFC5322.From field, and therefore provides DMARC 200 alignment. This can permit DMARC to validate, even when it fails 201 to validate, based on the From: field. 203 o Receiving systems supporting the enhancement check for the 204 RFC5322.Sender domain's DNS DMARC record. 206 * If there is a record and it contains the enhancement flag, 207 DMARC evaluation is performed on that domain name. 209 * If there is no record or the record does not contain the 210 enhancement flag, then DMARC evaluation proceeds is before, 211 using the RFC5322.From domain name. 213 The enhancement preserves existing DMARC operation, but permits DMARC 214 success in some scenarios that either used to fail or that produce 215 Mediator actions to bypass DMARC. The following table shows DMARC 216 interactions between original vs. enhanced originators and receivers: 218 +-------------------------------+--------------+----------------+ 219 | \Originate/ || - Receive --> | Original | Enhanced | 220 +-------------------------------+--------------+----------------+ 221 | RFC5322.From | RFC5322.From | RFC5322.From | 222 | RFC5322.From + RFC5322.Sender | RFC5322.From | RFC5322.Sender | 223 +-------------------------------+--------------+----------------+ 225 DMARC Original/Enhanced Interactions 227 3. Domain Owner Actions 229 For a domain that supports the use of RFC5322.Sender field evaluation 230 for DMARC, the owner specifies an additional DMARC Policy Record tag: 232 snd: When present, this tag signals that mail originated by the 233 domain owner MAY have a RFC5322.Sender field, as well as a 234 RFC5322.From field and that evaluation MAY be based on the domain 235 name in the RFC5322.Sender field. 237 4. Mail Originator Actions 239 Mail originators, for domains supporting enhanced DMARC, create a 240 RFC5322.Sender field that is a duplicate of the RFC5322.From field. 242 5. Mail Receiver Actions 244 5.1. Extract RFC5322.Sender and RFC5322.From Domains 246 The domain in the RFC5322.Sender field and the domain in the 247 RFC5322.From field are extracted as the domains to be evaluated by 248 DMARC. 250 5.2. Determine Handling Policy 252 The following procedure can result in DMARC policy information based 253 on the rfc5322.From, or the rfc5322.Sender, or based on both header 254 fields. The final choice for using this information to determine 255 message disposition resides with the receiving system. 257 To arrive at a policy for an individual message, Mail Receivers MUST 258 perform the following actions or their semantic equivalents. Steps 259 2-3 MAY be done in parallel, whereas steps 4 and 5 require input from 260 previous steps. 262 The steps are as follows: 264 1. 266 Sender: Extract the RFC5322.Sender domain from the message. 268 Query the DNS for a DMARC policy record. 270 Perform remaining, numbered steps, if one is found and it 271 contains an "snd" tag. 273 AND 275 From: Extract the RFC5322.From domain from the message. 277 Query the DNS for a DMARC policy record 279 Perform remaining, numbered steps, if one is found. 281 Terminate: Otherwise terminate DMARC evaluation. 283 2. Perform DKIM signature verification checks. A single email could 284 contain multiple DKIM signatures. The results of this step are 285 passed to the remainder of the algorithm and MUST include the 286 value of the "d=" tag from each checked DKIM signature. 288 3. Perform SPF validation checks. The results of this step are 289 passed to the remainder of the algorithm and MUST include the 290 domain name used to complete the SPF check. 292 4. Conduct Identifier Alignment checks. With authentication checks 293 and policy discovery performed, the Mail Receiver checks to see 294 if Authenticated Identifiers fall into alignment. If one or more 295 of the Authenticated Identifiers align with the RFC5322.From (or 296 with the RFC5322.Sender field, if permitted by the domain owner) 297 domain, the message is considered to pass the DMARC mechanism 298 check. All other conditions (authentication failures, identifier 299 mismatches) are considered to be DMARC mechanism check failures. 301 5. Apply policy. Emails that fail the DMARC mechanism check are 302 disposed of in accordance with the discovered DMARC policy of the 303 Domain Owner. See Section 6.3 for details. 305 6. Security Considerations 307 This enhancement entails the same security issues as the basic DMARC 308 service. 310 7. IANA Considerations 312 None. 314 8. References 316 8.1. Normative References 318 [DMARC] Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based 319 Message Authentication, Reporting, and Conformance 320 (DMARC)", RFC 7489, March 2015. 322 [Mail-Arch] 323 Crocker, D., "Internet Mail Architecture", RFC 5598, July 324 2009. 326 [Mail-Fmt] 327 Resnick, P., Ed., "Internet Message Format", RFC 5322, 328 October 2008. 330 8.2. Informative References 332 [RFC733] Crocker, D., Vittal, J., Pogran, K., and D. Henderson, 333 "Standard for the Format of ARPA Network Text Messages", 334 RFC 733, November 1977. 336 Author's Address 338 Dave Crocker 339 Brandenburg InternetWorking 341 Email: dcrocker@bbiw.net