Hi all,

For the past few weeks I've been participating in discussions of DMARC at the IETF, and I thought I'd post an update as matters have taken a somewhat optimistic turn there. According to participants there, the dmarc@ietf.org mailing list is the primary venue for discussion of DMARC development-related topics at the moment (the list at dmarc.org has been inactive for months).

Over the past few weeks a general consensus has developed that further technology should be developed, which we hope will be adopted by providers like AOL and Yahoo!, as well as by mailing lists and others suffering from draconian DMARC policies. To this end, a charter for an IETF working group has been proposed, discussed, and will be submitted to the IETF very soon. The proposed charter is here:

http://trac.tools.ietf.org/wg/appsawg/trac/wiki/DMARC

(I'm not sure if this is the original or how current it might be; only a few suggestions for changes were received.)

Briefly, the DMARC protocol itself is considered "successful" as far as it goes, so the current protocol is proposed for independent publication by its current editors as an Informational RFC. (Ie, this is not part of the working group's function.) I think this is reasonable, as the DMARC Consortium can ignore any RFC they don't like.

The specific products of the working group that are planned are a Best Current Practices RFC on implementation and deployment of DMARC tools, and new experimental or standards-track RFCs aimed at providing protocols for senders to designate authorized resenders (such as mailing lists). I don't know how soon the working group will be formed, but I suppose some discussion will take place while we're waiting for official word from the IETF.

Mailing list discussion of the charter, as well as the concrete proposals received so far, can be found here:

https://mailarchive.ietf.org/arch/search/?q=dmarc

Not directly related to the chartering process, but perhaps of interest to Mailman-Developers, are the following documents.

The BCP draft is here:

http://tools.ietf.org/html/draft-crocker-dmarc-bcp

Three proposals for third-party authorization:

http://tools.ietf.org/html/draft-kucherawy-dkim-delegate http://tools.ietf.org/html/draft-levine-dkim-conditional http://tools.ietf.org/html/draft-otis-tpa-label

(from simplest to most complex).

Regards, Steve