Notes for DMARC, SPF, DKIM, etc. (Just titled "dmarc" to keep the URL tidy.)
SPF
editHighlights from Namedroppers mailing list thread, 2002:
- Archived copy of "Mail-Transmitter RR" post by David N. Green, Sat, 1 Jun 2002 20:49:48 -0400 (EDT). The included proposal is titled "Domain-Authorized SMTP Mail". Proposes "Mail Transmitter (MT) resource records (RRs) in the Domain Name System (DNS)" but does not specify the format of the record.
- "All hosts which are authorized transmitters of mail for a domain, including any authorized forwarders, SHOULD be designated as Mail Transmitters through the use of an MT RR."
- Paul Vixie's follow-up post dated Sat, 01 Jun 2002 18:16:37 -0700. His proposal was dated 28 May (authored, not published, date). This proposal uses MX records on a specially-labeled sub-domain.
- Eric A. Hall replied that the idea comes up frequently and mentioned a draft by Church. He also attached an earlier post by himself (on Fri, 17 May 2002 to ietf-822@imc.org), mentioning that "Some people are very opposed to it."
- Green suggests that an SRV record would be better than overloading MX. But this was opposed by Hall and Vixie.
- Derek Atkins objected that this wouldn't work for mobile users (e.g. he runs sendmail on his laptop), but Andy W. Barclay pointed out that some ISPs were already blocking outbound SMTP on consumer-level accounts, and that some receivers were dropping email from "dial-up" senders. Followed by further opposition by Måns Nilsson and Randy Brush; Brush writes "this is really a side-eddy to the spam maelstrom ... it is like trying to use source spoofing prevention to stop ddos attacks, a useful tool but not a real solution".
- Phillip Hallam-Baker mentions publishing recipient keys in DNS(!) c.f. DKIM, which uses sender keys.
DKIM
edit- RFC 6541, DKIM ATPS Experiment, Kucherawy February 2012
DMARC
edit- draft-crocker-dmarc-bcp-01, mentions that
q=rejectis only for transactional mail, general providers should NOT publish reject policy.
- To-do: check References in DMARC RFC for related work.
Third-party signing: Hector Santos suggested an ATSP extension to DMARC.
Underscores: spf.org points out that underscores are permitted in domain labels but not hostnames. This applied to early versions of SPF, but is also relevant to DKIM and DMARC.
Mailing lists
edit- P.H.-B.: "witness the current practice of mining email lists to harvest sender/receiver pairs in response to registered sender filtering" [1]