DMARC Technical Specification


Related Specifications

The following specifications, listed alphabetically, are related to DMARC in various ways.

Authenticated Received Chain (ARC)

  • ARC preserves initial authentication results across subsequent intermediaries (“hops”) that modify the message and thus will cause email authentication to fail to verify when the message reaches its destination
  • Intended to address situations where certain indirect mailflows are adversely affected when the sending domain publishes certain DMARC policies.
  • Draft ARC specification (updated December 2016)
  • Draft Recommended Usage of ARC (updated June 2016)
  • The arc-spec.org website may have more information.

Authentication Failure Reporting Format (AFRF) (RFC6591)

  • A new report sub-type extension for the Abuse Report Format (ARF) (see: RFC 5965)
  • Allows for relaying of forensic details regarding an authentication failure
  • Supports reporting of SPF and/or DKIM failures
    • For SPF, reports the client IP address and the SPF record(s) that were retrieved, producing a “fail” result
    • For DKIM, reports the canonicalized header and body that produced a failed signature, allowing forensic analysis by the signer to detect why the failure occurred
    • Also supports ADSP reporting of messages that weren’t signed but should have been
  • This will be used by DMARC sites for reporting per-message failure details.
  • An aggregate reporting format is suggested within an appendix of the DMARC specification.

Conditional DKIM Signatures

  • An extension of DKIM that allows the sender to specify that they are sending messages through an intermediary, and that a valid DKIM signature from that intermediary should also be present when the message reaches its destination.
  • Intended to address situations where certain indirect mailflows are adversely affected when the sending domain publishes certain DMARC policies.
  • Draft of Mandatory Tags for DKIM Signatures v02 (September 28, 2015)

DomainKeys Identified Mail (DKIM) (RFC6376)

  • DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication.
  • DMARC uses DKIM results as one method (SPF being the other) for receivers to check email.
  • More Information: DKIM.org

Sender Policy Framework (SPF) (RFC7208)

  • SPF provides a method for validating the envelope sender domain identity that is associated with a message through path-based authentication.
  • DMARC uses SPF results as one method (DKIM being the other) for receivers to check email.
  • More Information: OpenSPF.org

 

One thought on “Specifications

Leave a Reply