Talk:DMARC

From Wikipedia, the free encyclopedia
Jump to: navigation, search

I tried to clean up the English in the last paragraph of the History section. I wasn't sure whether "heathened debate" was intended to mean "heated debated" or not, so I changed it to "significant debate" after looking at a few of the posts at the link. As for "making process," I couldn't figure out whether that was intended to refer to the creation process, the design process, or what, so I left it as-is. Palmpilot900 (talk) 15:55, 22 April 2014 (UTC)

This page has some issues! There are minor editorial problems with the language (what is a "dismissed address"?), but I think the whole structure of the page needs rethinking and expanding. The section "The Underscore Issue" is at too high a level, and its mentioning of a tiny handful of specific registries seems out of place (and likely to become outdated quickly). Time permitting, I will endeavor to clean it up. TobyGoodwin (talk) 10:04, 7 May 2015 (UTC)

I agree, it's overly specific, and I cannot find any references that support that 1&1 doesn't support it --TmuSrnn (talk) 12:23, 15 January 2016 (UTC)

I suggest that we add two things;

  • Main difference to the widely known SPF records; DMARC checks From: whereas SPF checks envelope (MAIL FROM
  • Mention of the public suffix list https://wiki.mozilla.org/Public_Suffix_List/Uses#DMARC that enables DMARC to make "intelligent" decisions about organizational domains

TmuSrnn (talk) 11:54, 29 Dec 2015 (UTC)

Registrars have nothing to do with names of subdomains or RRsets[edit]

I propose the section on registrars be removed or modified. I do not think that types or identifiers of RRs or RRsets of subdomains is the purview of a registrar. The only exception is of course the subdomain of the domain they are selling, such as .org or .co.uk. Their responsibilities end at nameserver and zone signing delegation. If, on the other hand, the registrar is also providing DNS services for the purchased domain(s), OK, then they may be introducing their own restrictions. But as far as I know, there are no domains which require the registrar to provide DNS services beyond the mentioned delegations. In other words, they don't (have to) know or care that I have a _demarc.surname.us in my zone, unless as noted they are also providing DNS service for surname.us. -- Joe (talk) 19:49, 20 November 2015 (UTC)

Yes check.svg Done. Good point, Joe. I've changed the wording from "registrar" to "provider". Pelagic (talk) 11:47, 22 May 2016 (UTC)
Actually, another user had previously changed (Jan 2016) "registrar" to "DNS" for this section, but either missed the third instance of "registrar" or was unsure whether the change was applicable for CNAME. Pelagic (talk) 19:03, 23 May 2016 (UTC)

DKIM SSP[edit]

I'm wondering about the relationship between DKIM SSP and the sender-policy part of DMARC. Here is a reference for the former:

p= unknown / all / strict; u= yes/no; t= y,s;

Pelagic (talk) 11:30, 22 May 2016 (UTC)

Ah, SSP became ADSP. Note that there are 3 versions of draft-allman-dkim-ssp and 11 of draft-ietf-dkim-ssp. Final draft was number 10, which became RFC 5617:

dkim = unknown / all / discardable

Pelagic (talk) 12:48, 22 May 2016 (UTC)

Okay, moving ADSP to Historic status was officially unrelated to the rise of DMARC,[1] but several people on the IETF mailing list felt that it was.[2] (I got the first link from the ADSP article.)
ADSP spec. was written by Allman (Sendmail), Fenton (Cisco), Delany (Yahoo), and Levine, whereas DMARC was submitted to IETF by Kucherawy and Zwicky (the latter also from Yahoo).
ADSP's unknown/all/discardable can be seen as equivalent to DMARC's none/quarantine/reject, but the former says "this is how we sign" whilst the latter says "this is what we want you to do".
Although they were separate and in some ways competing, I find it odd that this article doesn't mention ADSP much. I'll try to remedy that when I get time, but anyone reading this might want to have a go.
Pelagic (talk) 19:33, 23 May 2016 (UTC)

Miscellaneous issues[edit]

Relating to the current version:-

  • The following sentence, whilst not unfactual, does sound a bit promotional, like something that would come from an industry consortium: "A group of leading organizations came together in the spring of 2011 to collaborate on a method for combating fraudulent email at Internet-scale, based on practical experience with DKIM and SPF." Is there a way we could make this more encyclopedic in tone without sounding awkward?
  • Heading "human policy" – I'm not quite sure what this means or how it relates to the content. Seeking a better section head. Also, the lengthy material about remailers (not sure if that's the correct term, I'm referring to mailing lists, share-via-email, etc.) deserves its own section [yes, I admit that I contributed to its lengthiness!].
  • Contributors. Are all of the listed companies actually contributors to the spec as the first sentence states? Or are some of them just implementers/adopters? (e.g. Microsoft, Twitter, Symantec) Need to check the PDF cited.
  • "After one year, in 2013, DMARC was estimated to protect 60% of the world's mailboxes" – though the statement is sourced, "protect" could do with some more explanation, maybe?

Pelagic (talk) 20:18, 23 May 2016 (UTC)

The article has had so few editors in recent years that why don't you just go bold? — kashmiri TALK 22:32, 23 May 2016 (UTC)