Specifications

DMARC Technical Specification

• Current Version: (Updated on February 5, 2015)
  • Domain-based Message Authentication, Reporting and Conformance (DMARC) RFC 7489
  • Interoperability Issues between DMARC and Indirect Email Flows (RFC7960)

 

• Previous Versions: (Historical Reference Only)
  • Historical record related to the IETF (Starting with the first version contributed by DMARC.org on March 31, 2013)
  • “draft-dmarc-base-00” rev.02 (Published by DMARC.org on March 30, 2012)
  • “draft-dmarc-base-00” rev.01 (Published by DMARC.org on December 16, 2011)

---

Related Specifications

The following specifications, listed alphabetically, are related to DMARC in various ways.

Authenticated Received Chain (ARC)

• ARC preserves initial authentication results across subsequent intermediaries (“hops”) that modify the message and thus will cause email authentication to fail to verify when the message reaches its destination
• Intended to address situations where certain indirect mailflows are adversely affected when the sending domain publishes certain DMARC policies.
• Draft ARC specification (updated December 2016)
• Draft Recommended Usage of ARC (updated June 2016)
• The arc-spec.org website may have more information.

Authentication Failure Reporting Format (AFRF) (RFC6591)

• A new report sub-type extension for the Abuse Report Format (ARF) (see: RFC 5965)
• Allows for relaying of forensic details regarding an authentication failure
• Supports reporting of SPF and/or DKIM failures
  • For SPF, reports the client IP address and the SPF record(s) that were retrieved, producing a “fail” result
  • For DKIM, reports the canonicalized header and body that produced a failed signature, allowing forensic analysis by the signer to detect why the failure occurred
  • Also supports ADSP reporting of messages that weren’t signed but should have been
• This will be used by DMARC sites for reporting per-message failure details.
• An aggregate reporting format is suggested within an appendix of the DMARC specification.

Conditional DKIM Signatures

• An extension of DKIM that allows the sender to specify that they are sending messages through an intermediary, and that a valid DKIM signature from that intermediary should also be present when the message reaches its destination.
• Intended to address situations where certain indirect mailflows are adversely affected when the sending domain publishes certain DMARC policies.
• Draft of Mandatory Tags for DKIM Signatures v02 (September 28, 2015)

DomainKeys Identified Mail (DKIM) (RFC6376)

• DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication.
• DMARC uses DKIM results as one method (SPF being the other) for receivers to check email.
• More Information: DKIM.org

Sender Policy Framework (SPF) (RFC7208)

• SPF provides a method for validating the envelope sender domain identity that is associated with a message through path-based authentication.
• DMARC uses SPF results as one method (DKIM being the other) for receivers to check email.
• More Information: OpenSPF.org