forked from ietf-wg-dmarc/draft-ietf-dmarc-psd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
draft-kitterman-dmarc-psd-from-psd_dmarc_r6.diff.html
362 lines (361 loc) · 70.8 KB
/
draft-kitterman-dmarc-psd-from-psd_dmarc_r6.diff.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- Generated by rfcdiff 1.41: rfcdiff -->
<!-- <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional" > -->
<!-- System: Linux kitterma-E6430 3.13.0-158-generic #208-Ubuntu SMP Fri Aug 24 17:07:38 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux -->
<!-- Using awk: /usr/bin/gawk: GNU Awk 4.0.1 -->
<!-- Using diff: /usr/bin/diff: diff (GNU diffutils) 3.3 -->
<!-- Using wdiff: /usr/bin/wdiff: wdiff (GNU wdiff) 1.2.1 -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<title>Diff: psd_dmarc_r6.txt - draft-kitterman-dmarc-psd.txt</title>
<style type="text/css">
body { margin: 0.4ex; margin-right: auto; }
tr { }
td { white-space: pre; font-family: monospace; vertical-align: top; font-size: 0.86em;}
th { font-size: 0.86em; }
.small { font-size: 0.6em; font-style: italic; font-family: Verdana, Helvetica, sans-serif; }
.left { background-color: #EEE; }
.right { background-color: #FFF; }
.diff { background-color: #CCF; }
.lblock { background-color: #BFB; }
.rblock { background-color: #FF8; }
.insert { background-color: #8FF; }
.delete { background-color: #ACF; }
.void { background-color: #FFB; }
.cont { background-color: #EEE; }
.linebr { background-color: #AAA; }
.lineno { color: red; background-color: #FFF; font-size: 0.7em; text-align: right; padding: 0 2px; }
.elipsis{ background-color: #AAA; }
.left .cont { background-color: #DDD; }
.right .cont { background-color: #EEE; }
.lblock .cont { background-color: #9D9; }
.rblock .cont { background-color: #DD6; }
.insert .cont { background-color: #0DD; }
.delete .cont { background-color: #8AD; }
.stats, .stats td, .stats th { background-color: #EEE; padding: 2px 0; }
</style>
</head>
<body >
<table border="0" cellpadding="0" cellspacing="0">
<tr bgcolor="orange"><th></th><th> psd_dmarc_r6.txt </th><th> </th><th> draft-kitterman-dmarc-psd.txt </th><th></th></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Network Working Group S. Kitterman</td><td> </td><td class="right">Network Working Group S. Kitterman</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Internet-Draft fTLD Registry Services</td><td> </td><td class="right">Internet-Draft fTLD Registry Services</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0001" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock">Updates: 7489 (if approved) October <span class="delete">13</span>, 2018</td><td> </td><td class="rblock">Updates: 7489 (if approved) October <span class="insert">25</span>, 2018</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Intended status: Informational</td><td> </td><td class="right">Intended status: Informational</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0002" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock">Expires: April <span class="delete">16</span>, 2019</td><td> </td><td class="rblock">Expires: April <span class="insert">28</span>, 2019</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">DMARC (Domain-based Message Authentication, Reporting, and Conformance)</td><td> </td><td class="right">DMARC (Domain-based Message Authentication, Reporting, and Conformance)</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Extension For PSDs (Public Suffix Domains)</td><td> </td><td class="right"> Extension For PSDs (Public Suffix Domains)</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> draft-kitterman-dmarc-psd-00</td><td> </td><td class="right"> draft-kitterman-dmarc-psd-00</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Abstract</td><td> </td><td class="right">Abstract</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> DMARC (Domain-based Message Authentication, Reporting, and</td><td> </td><td class="right"> DMARC (Domain-based Message Authentication, Reporting, and</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Conformance) is a scalable mechanism by which a mail-originating</td><td> </td><td class="right"> Conformance) is a scalable mechanism by which a mail-originating</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> organization can express domain-level policies and preferences for</td><td> </td><td class="right"> organization can express domain-level policies and preferences for</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> message validation, disposition, and reporting, that a mail-receiving</td><td> </td><td class="right"> message validation, disposition, and reporting, that a mail-receiving</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> organization can use to improve mail handling. DMARC policies can be</td><td> </td><td class="right"> organization can use to improve mail handling. DMARC policies can be</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> applied at the individual domain level or for a set of domains at the</td><td> </td><td class="right"> applied at the individual domain level or for a set of domains at the</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> organizational level. The design of DMARC precludes grouping</td><td> </td><td class="right"> organizational level. The design of DMARC precludes grouping</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> policies for a set of domains above the organizational level, such as</td><td> </td><td class="right"> policies for a set of domains above the organizational level, such as</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> TLDs (Top Level Domains). These types of domains (which are not all</td><td> </td><td class="right"> TLDs (Top Level Domains). These types of domains (which are not all</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> at the top level of the DNS tree) can be collectively referred to as</td><td> </td><td class="right"> at the top level of the DNS tree) can be collectively referred to as</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Public Suffix Domains (PSDs). For the subset of PSDs that require</td><td> </td><td class="right"> Public Suffix Domains (PSDs). For the subset of PSDs that require</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0003" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> DMARC usage, <span class="delete">it is appropriate to provide PSD level DMARC capability</span></td><td> </td><td class="rblock"> DMARC usage, <span class="insert">this</span> memo describes an extension to DMARC to enable</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> to provide policy and collect feedback for a set of domains. This</span></td><td> </td><td class="rblock"> DMARC functionality for such domains.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> memo describes an extension to DMARC to enable <span class="delete">a subset of</span> DMARC</td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> functionality for such domains.</td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Status of This Memo</td><td> </td><td class="right">Status of This Memo</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This Internet-Draft is submitted in full conformance with the</td><td> </td><td class="right"> This Internet-Draft is submitted in full conformance with the</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> provisions of BCP 78 and BCP 79.</td><td> </td><td class="right"> provisions of BCP 78 and BCP 79.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Internet-Drafts are working documents of the Internet Engineering</td><td> </td><td class="right"> Internet-Drafts are working documents of the Internet Engineering</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Task Force (IETF). Note that other groups may also distribute</td><td> </td><td class="right"> Task Force (IETF). Note that other groups may also distribute</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> working documents as Internet-Drafts. The list of current Internet-</td><td> </td><td class="right"> working documents as Internet-Drafts. The list of current Internet-</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Drafts is at https://datatracker.ietf.org/drafts/current/.</td><td> </td><td class="right"> Drafts is at https://datatracker.ietf.org/drafts/current/.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Internet-Drafts are draft documents valid for a maximum of six months</td><td> </td><td class="right"> Internet-Drafts are draft documents valid for a maximum of six months</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> and may be updated, replaced, or obsoleted by other documents at any</td><td> </td><td class="right"> and may be updated, replaced, or obsoleted by other documents at any</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> time. It is inappropriate to use Internet-Drafts as reference</td><td> </td><td class="right"> time. It is inappropriate to use Internet-Drafts as reference</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> material or to cite them other than as "work in progress."</td><td> </td><td class="right"> material or to cite them other than as "work in progress."</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0004" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> This Internet-Draft will expire on April <span class="delete">16</span>, 2019.</td><td> </td><td class="rblock"> This Internet-Draft will expire on April <span class="insert">28</span>, 2019.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Copyright Notice</td><td> </td><td class="right">Copyright Notice</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Copyright (c) 2018 IETF Trust and the persons identified as the</td><td> </td><td class="right"> Copyright (c) 2018 IETF Trust and the persons identified as the</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> document authors. All rights reserved.</td><td> </td><td class="right"> document authors. All rights reserved.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This document is subject to BCP 78 and the IETF Trust's Legal</td><td> </td><td class="right"> This document is subject to BCP 78 and the IETF Trust's Legal</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Provisions Relating to IETF Documents</td><td> </td><td class="right"> Provisions Relating to IETF Documents</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> (https://trustee.ietf.org/license-info) in effect on the date of</td><td> </td><td class="right"> (https://trustee.ietf.org/license-info) in effect on the date of</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> publication of this document. Please review these documents</td><td> </td><td class="right"> publication of this document. Please review these documents</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr bgcolor="gray" ><td></td><th><a name="part-l2" /><small>skipping to change at</small><em> page 2, line 49</em></th><th> </th><th><a name="part-r2" /><small>skipping to change at</small><em> page 2, line 49</em></th><td></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7</td><td> </td><td class="right"> 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 6.1. DMARC Public Suffix Domain (PSD) Registry 7</td><td> </td><td class="right"> 6.1. DMARC Public Suffix Domain (PSD) Registry 7</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 8</td><td> </td><td class="right"> 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 8</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 7.1. Normative References . . . . . . . . . . . . . . . . . . 8</td><td> </td><td class="right"> 7.1. Normative References . . . . . . . . . . . . . . . . . . 8</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 7.2. Informative References . . . . . . . . . . . . . . . . . 8</td><td> </td><td class="right"> 7.2. Informative References . . . . . . . . . . . . . . . . . 8</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 8</td><td> </td><td class="right"> Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 8</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9</td><td> </td><td class="right"> Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">1. Introduction</td><td> </td><td class="right">1. Introduction</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0005" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> DMARC [RFC7489] provides <span class="delete">email sending</span> organizational policy</td><td> </td><td class="rblock"> DMARC [RFC7489] provides <span class="insert">a mechanism for publishing</span> organizational</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> information to email receivers. DMARC [RFC7489] allows policy to be</td><td> </td><td class="rblock"> policy information to email receivers. DMARC [RFC7489] allows policy</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> specified for both individual domains and sets of domains within a</td><td> </td><td class="rblock"> to be specified for both individual domains and sets of domains</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> single organization. For domains above the organizational level in</td><td> </td><td class="rblock"> within a single organization. For domains above the organizational</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> the DNS tree, <span class="delete">they are currently limited to expressing</span> policy for the</td><td> </td><td class="rblock"> level in the DNS tree, policy <span class="insert">can only be published</span> for the exact</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> exact domain. There is no method available to such domains to</td><td> </td><td class="rblock"> domain. There is no method available to such domains to express</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> express lower level policy or receive feedback reporting for sets of</td><td> </td><td class="rblock"> lower level policy or receive feedback reporting for sets of domains.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> domains. This prevents policy <span class="delete">declarations for</span> non-existent domains</td><td> </td><td class="rblock"> This prevents policy <span class="insert">application to</span> non-existent domains and</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> and identification of domain abuse in email, which can be important</td><td> </td><td class="rblock"> identification of domain abuse in email, which can be important for</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> for brand and consumer protection.</td><td> </td><td class="rblock"> brand and consumer protection.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0006" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> As an example, imagine a country code TLD (ccTLD) which has</td><td> </td><td class="rblock"> As an example, imagine a country code TLD (ccTLD) which has<span class="insert"> public</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> subdomains for government and commercial use (.gov.example and</td><td> </td><td class="right"> subdomains for government and commercial use (.gov.example and</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> .com.example). Within the .gov.example public suffix, use of DMARC</td><td> </td><td class="right"> .com.example). Within the .gov.example public suffix, use of DMARC</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> [RFC7489] has been mandated and .gov.example has published its own</td><td> </td><td class="right"> [RFC7489] has been mandated and .gov.example has published its own</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> DMARC [RFC7489] record:</td><td> </td><td class="right"> DMARC [RFC7489] record:</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> "v=DMARC1;p=reject;rua=mailto:[email protected]"</td><td> </td><td class="right"> "v=DMARC1;p=reject;rua=mailto:[email protected]"</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> at</td><td> </td><td class="right"> at</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> _dmarc.gov.example.</td><td> </td><td class="right"> _dmarc.gov.example.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This would provide policy and feedback for mail sent from</td><td> </td><td class="right"> This would provide policy and feedback for mail sent from</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> @gov.example, but not @tax.gov.example and there is no way to publish</td><td> </td><td class="right"> @gov.example, but not @tax.gov.example and there is no way to publish</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> an organizational level policy that would do so. While, in theory,</td><td> </td><td class="right"> an organizational level policy that would do so. While, in theory,</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0007" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> receivers could reject mail from non-existent domains, <span class="delete">in practice</span></td><td> </td><td class="rblock"> receivers could reject mail from non-existent domains, <span class="insert">not all</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> there are operational issues with doing so that make it impractical.</span></td><td> </td><td class="rblock"><span class="insert"> receivers do so.</span> Non-existence of the sending domain <span class="insert">can be</span> a factor</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> Non-existence of the sending domain <span class="delete">is often</span> a factor in a mail</td><td> </td><td class="rblock"> in a mail delivery decision, but <span class="insert">is</span> not generally treated as</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> delivery decision, but not generally treated as definitive on its</td><td> </td><td class="rblock"> definitive on its own.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> own.</td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This memo provides a simple extension to DMARC [RFC7489] to allow</td><td> </td><td class="right"> This memo provides a simple extension to DMARC [RFC7489] to allow</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> operators of Public Suffix Domains (PSDs) to express policy for</td><td> </td><td class="right"> operators of Public Suffix Domains (PSDs) to express policy for</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> groups of subdomains, extends the DMARC [RFC7489] policy query</td><td> </td><td class="right"> groups of subdomains, extends the DMARC [RFC7489] policy query</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> functionality to detect and process such a policy, describes receiver</td><td> </td><td class="right"> functionality to detect and process such a policy, describes receiver</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> feedback for such policies, and provides controls to mitigate</td><td> </td><td class="right"> feedback for such policies, and provides controls to mitigate</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> potential privacy considerations associated with this extension.</td><td> </td><td class="right"> potential privacy considerations associated with this extension.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> There are two types of Public Suffix Operators (PSOs) for which this</td><td> </td><td class="right"> There are two types of Public Suffix Operators (PSOs) for which this</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> extension would be useful and appropriate:</td><td> </td><td class="right"> extension would be useful and appropriate:</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o Branded PSDs (e.g., ".google"): These domains are effectively</td><td> </td><td class="right"> o Branded PSDs (e.g., ".google"): These domains are effectively</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0008" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">organizational domains</span> as discussed in DMARC [RFC7489]. They</td><td> </td><td class="rblock"> <span class="insert">Organizational Domains</span> as discussed in DMARC [RFC7489]. They</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> control all subdomains of the tree. <span class="delete">The ".gov.example" used above</span></td><td> </td><td class="rblock"> control all subdomains of the tree. <span class="insert">These are effectively private</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> is an example of this class.</span></td><td> </td><td class="rblock"><span class="insert"> domains, but listed in the Public Suffix List. They are treated</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> as Public for DMARC [RFC7489] purposes. They require the same</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> protections as DMARC [RFC7489] Organizational Domains, but are</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> currently excluded.</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o Multi-organization PSDs that require DMARC usage (e.g., ".bank"):</td><td> </td><td class="right"> o Multi-organization PSDs that require DMARC usage (e.g., ".bank"):</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0009" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> Because existing <span class="delete">organizational d</span>omains using this PSD have their</td><td> </td><td class="rblock"> Because existing <span class="insert">Organizational D</span>omains using this PSD have their</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> own DMARC policy, the applicability of this extension is for non-</td><td> </td><td class="right"> own DMARC policy, the applicability of this extension is for non-</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> existent domains. The extension allows the brand protection</td><td> </td><td class="right"> existent domains. The extension allows the brand protection</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> benefits of DMARC [RFC7489] to extend to the entire PSD, including</td><td> </td><td class="right"> benefits of DMARC [RFC7489] to extend to the entire PSD, including</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0010" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> cousin domains of registere organizations.</td><td> </td><td class="rblock"> cousin domains of registere<span class="insert">d</span> organizations.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Due to the design of DMARC [RFC7489] and the nature of the Internet</td><td> </td><td class="right"> Due to the design of DMARC [RFC7489] and the nature of the Internet</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> email architecture [RFC5598], there are interoperability issues</td><td> </td><td class="right"> email architecture [RFC5598], there are interoperability issues</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> associated with DMARC [RFC7489] deployment. These are discussed in</td><td> </td><td class="right"> associated with DMARC [RFC7489] deployment. These are discussed in</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Interoperability Issues between DMARC and Indirect Email Flows</td><td> </td><td class="right"> Interoperability Issues between DMARC and Indirect Email Flows</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0011" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> [RFC7960]. These issues are not applicable to PSDs, since they do</td><td> </td><td class="rblock"> [RFC7960]. These issues are not applicable to PSDs, since they</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> not send mail.</td><td> </td><td class="rblock"> <span class="insert">(e.g., the ".gov.example" used above)</span> do not send mail.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0012" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> DMARC [RFC7489], by design, does not support <span class="delete">requirements of</span> PSD</td><td> </td><td class="rblock"> DMARC [RFC7489], by design, does not support <span class="insert">usage by</span> PSD operators.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> operators. For PSDs that require use of DMARC [RFC7489], <span class="delete">a subset</span> of</td><td> </td><td class="rblock"> For PSDs that require use of DMARC [RFC7489], <span class="insert">an extension</span> of DMARC</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> DMARC reporting and enforcement capability is needed for PSD</td><td> </td><td class="rblock"> reporting and enforcement capability is needed for PSD operators to</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> operators to effectively manage and monitor implementation of PSD</td><td> </td><td class="rblock"> effectively manage and monitor implementation of PSD requirements.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> requirements.</td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">2. Terminology and Definitions</td><td> </td><td class="right">2. Terminology and Definitions</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This section defines terms used in the rest of the document.</td><td> </td><td class="right"> This section defines terms used in the rest of the document.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">2.1. Conventions Used in This Document</td><td> </td><td class="right">2.1. Conventions Used in This Document</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",</td><td> </td><td class="right"> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and</td><td> </td><td class="right"> "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> "OPTIONAL" in this document are to be interpreted as described in</td><td> </td><td class="right"> "OPTIONAL" in this document are to be interpreted as described in</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr bgcolor="gray" ><td></td><th><a name="part-l3" /><small>skipping to change at</small><em> page 4, line 44</em></th><th> </th><th><a name="part-r3" /><small>skipping to change at</small><em> page 4, line 44</em></th><td></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> The global Internet Domain Name System (DNS) is documented in</td><td> </td><td class="right"> The global Internet Domain Name System (DNS) is documented in</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> numerous Requests for Comment (RFC). It defines a tree of names</td><td> </td><td class="right"> numerous Requests for Comment (RFC). It defines a tree of names</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> starting with root, ".", immediately below which are Top Level Domain</td><td> </td><td class="right"> starting with root, ".", immediately below which are Top Level Domain</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> names such as ".com" and ".us". They are not available for private</td><td> </td><td class="right"> names such as ".com" and ".us". They are not available for private</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> registration. In many cases the public portion of the DNS tree is</td><td> </td><td class="right"> registration. In many cases the public portion of the DNS tree is</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> more than one level deep. PSD DMARC includes all public domains</td><td> </td><td class="right"> more than one level deep. PSD DMARC includes all public domains</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> above the organizational level in the tree, e.g., ".gov.uk".</td><td> </td><td class="right"> above the organizational level in the tree, e.g., ".gov.uk".</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">2.3. Longest PSD</td><td> </td><td class="right">2.3. Longest PSD</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0013" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> Organizational Domain with one label removed.</td><td> </td><td class="rblock"> Organizational Domain <span class="insert">(DMARC [RFC7489] Section 3.2)</span> with one label</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> removed.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">2.4. Public Suffix Operator (PSO)</td><td> </td><td class="right">2.4. Public Suffix Operator (PSO)</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> A Public Suffix Operator manages operations within their PSD.</td><td> </td><td class="right"> A Public Suffix Operator manages operations within their PSD.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">2.5. PSO Controlled Domain Names</td><td> </td><td class="right">2.5. PSO Controlled Domain Names</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> PSO Controlled Domain Names are names in the DNS that are managed by</td><td> </td><td class="right"> PSO Controlled Domain Names are names in the DNS that are managed by</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> a PSO and are not available for use as Organizational Domains (the</td><td> </td><td class="right"> a PSO and are not available for use as Organizational Domains (the</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0014" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> term <span class="delete">organizational domains</span> is defined in DMARC <span class="delete">[RFC7489]).</span></td><td> </td><td class="rblock"> term <span class="insert">Organizational Domains</span> is defined in DMARC <span class="insert">[RFC7489]</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> Depending on PSD policy, these will have one (e.g., ".com") or more</td><td> </td><td class="rblock"><span class="insert"> Section 3.2).</span> Depending on PSD policy, these will have one (e.g.,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> (e.g., ".co.uk") name components.</td><td> </td><td class="rblock"> ".com") or more (e.g., ".co.uk") name components.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">2.6. Non-existent Domains</td><td> </td><td class="right">2.6. Non-existent Domains</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> For DMARC [RFC7489] purposes, a non-existent domain is a domain name</td><td> </td><td class="right"> For DMARC [RFC7489] purposes, a non-existent domain is a domain name</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0015" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> that publishes none of A, AAAA, or MX <span class="delete">records.</span> This is a broader</td><td> </td><td class="rblock"> that publishes none of A, AAAA, or MX <span class="insert">records that the receiver is</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> definition than that in NXDOMAIN [RFC8020].</td><td> </td><td class="rblock"><span class="insert"> willing to accept.</span> This is a broader definition than that in</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> NXDOMAIN [RFC8020].</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">3. PSD DMARC Updates to DMARC Requirements</td><td> </td><td class="right">3. PSD DMARC Updates to DMARC Requirements</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This document updates DMARC [RFC7489] as follows:</td><td> </td><td class="right"> This document updates DMARC [RFC7489] as follows:</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">3.1. General Updates</td><td> </td><td class="right">3.1. General Updates</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> References to "Domain Owners" also apply to PSOs.</td><td> </td><td class="right"> References to "Domain Owners" also apply to PSOs.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">3.2. Section 6.1 DMARC Policy Record</td><td> </td><td class="right">3.2. Section 6.1 DMARC Policy Record</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> PSD DMARC records are published as a subdomain of the PSD. For the</td><td> </td><td class="right"> PSD DMARC records are published as a subdomain of the PSD. For the</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0016" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> PSD ".example", the PSO would post DMARC <span class="delete">preferences</span> in a TXT record</td><td> </td><td class="rblock"> PSD ".example", the PSO would post DMARC <span class="insert">policy</span> in a TXT record at</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> at "_dmarc.example".</td><td> </td><td class="rblock"> "_dmarc.example".</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">3.3. Section 6.5. Domain Owner Actions</td><td> </td><td class="right">3.3. Section 6.5. Domain Owner Actions</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> In addition to the DMARC [RFC7489] domain owner actions, PSOs will</td><td> </td><td class="right"> In addition to the DMARC [RFC7489] domain owner actions, PSOs will</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> need to update the "DMARC Public Suffix Domain (PSD) Registry". This</td><td> </td><td class="right"> need to update the "DMARC Public Suffix Domain (PSD) Registry". This</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> registry is defined in Section 6.1.</td><td> </td><td class="right"> registry is defined in Section 6.1.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">3.4. Section 6.6.3. Policy Discovery</td><td> </td><td class="right">3.4. Section 6.6.3. Policy Discovery</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> A new step between step 3 and 4 is added:</td><td> </td><td class="right"> A new step between step 3 and 4 is added:</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr bgcolor="gray" ><td></td><th><a name="part-l4" /><small>skipping to change at</small><em> page 6, line 18</em></th><th> </th><th><a name="part-r4" /><small>skipping to change at</small><em> page 6, line 19</em></th><td></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Note: Because the PSD policy query comes after the Organizational</td><td> </td><td class="right"> Note: Because the PSD policy query comes after the Organizational</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Domain policy query, PSD policy is not used for Organizational</td><td> </td><td class="right"> Domain policy query, PSD policy is not used for Organizational</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> domains that have published a DMARC [RFC7489] policy. Specifically,</td><td> </td><td class="right"> domains that have published a DMARC [RFC7489] policy. Specifically,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> this is not a mechanism to provide feedback addresses (RUA/RUF) when</td><td> </td><td class="right"> this is not a mechanism to provide feedback addresses (RUA/RUF) when</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> an Organizational Domain has declined to do so.</td><td> </td><td class="right"> an Organizational Domain has declined to do so.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">3.5. Section 7. DMARC Feedback</td><td> </td><td class="right">3.5. Section 7. DMARC Feedback</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Operational note for PSD DMARC: For PSOs, feedback for non-existent</td><td> </td><td class="right"> Operational note for PSD DMARC: For PSOs, feedback for non-existent</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> domains is desired and useful. Because of the constraints on PSD</td><td> </td><td class="right"> domains is desired and useful. Because of the constraints on PSD</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0017" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> DMARC scope, there are no<span class="delete">t</span> significant privacy considerations</td><td> </td><td class="rblock"> DMARC scope, there are no significant privacy considerations</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> associated with this reporting (See Section 4).</td><td> </td><td class="right"> associated with this reporting (See Section 4).</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">4. Privacy Considerations</td><td> </td><td class="right">4. Privacy Considerations</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This document does not significantly change the Privacy</td><td> </td><td class="right"> This document does not significantly change the Privacy</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Considerations of [RFC7489].</td><td> </td><td class="right"> Considerations of [RFC7489].</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">4.1. Feedback leakage</td><td> </td><td class="right">4.1. Feedback leakage</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Providing feedback reporting to PSOs can, in some cases, create</td><td> </td><td class="right"> Providing feedback reporting to PSOs can, in some cases, create</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> leakage of information outside of an organization to the PSO. There</td><td> </td><td class="right"> leakage of information outside of an organization to the PSO. There</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> are roughly three cases to consider:</td><td> </td><td class="right"> are roughly three cases to consider:</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o Branded PSDs (e.g., ".google"), RUA and RUF reports based on PSD</td><td> </td><td class="right"> o Branded PSDs (e.g., ".google"), RUA and RUF reports based on PSD</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> DMARC have the potential to contain information about emails</td><td> </td><td class="right"> DMARC have the potential to contain information about emails</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> related to entities managed by the organization. Since both the</td><td> </td><td class="right"> related to entities managed by the organization. Since both the</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> PSO and the Organizational Domain owners are common, there is no</td><td> </td><td class="right"> PSO and the Organizational Domain owners are common, there is no</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0018" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> privacy risk for either normal or <span class="delete">N</span>on-existent Domain reporting.</td><td> </td><td class="rblock"> privacy risk for either normal or <span class="insert">n</span>on-existent Domain reporting.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o Multi-organization PSDs that require DMARC usage (e.g., ".bank"):</td><td> </td><td class="right"> o Multi-organization PSDs that require DMARC usage (e.g., ".bank"):</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> PSD DMARC based reports will only be generated for domains that do</td><td> </td><td class="right"> PSD DMARC based reports will only be generated for domains that do</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0019" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> not publish a DMARC policy at the organizational level. For</td><td> </td><td class="rblock"> not publish a DMARC policy at the organizational <span class="insert">or host</span> level.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> domains that do publish the required DMARC policy records, the</td><td> </td><td class="rblock"> For domains that do publish the required DMARC policy records, the</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> feedback reporting addresses (RUA and RUF) of the organization</td><td> </td><td class="rblock"> feedback reporting addresses (RUA and RUF) of the organization <span class="insert">(or</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> will be used. Since PSD DMARC is limited to PSDs that mandate</td><td> </td><td class="rblock"><span class="insert"> hosts)</span> will be used. Since PSD DMARC is limited to PSDs that</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">organizational domains</span> publish DMARC policy for existing domains,</td><td> </td><td class="rblock"> mandate <span class="insert">Organizational Domains</span> publish DMARC policy for existing</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> the risk of this issue is limited to <span class="delete">organizational domains</span> that</td><td> </td><td class="rblock"> domains, the risk of this issue is limited to <span class="insert">Organizational</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> are out of compliance with PSD policy.</td><td> </td><td class="rblock"><span class="insert"> Domains</span> that are out of compliance with PSD policy.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o Multi-organization PSDs (e.g., ".com") that do not mandate DMARC</td><td> </td><td class="right"> o Multi-organization PSDs (e.g., ".com") that do not mandate DMARC</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0020" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> usage. Privacy risks for <span class="delete">organizational d</span>omains within such PSDs</td><td> </td><td class="rblock"> usage. Privacy risks for <span class="insert">Organizational D</span>omains within such PSDs</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> would be significant. This is mitigated by the limitation to only</td><td> </td><td class="right"> would be significant. This is mitigated by the limitation to only</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> include PSDs listed in the public IANA DMARC PSD Registry</td><td> </td><td class="right"> include PSDs listed in the public IANA DMARC PSD Registry</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> described in Section 6.1.</td><td> </td><td class="right"> described in Section 6.1.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> PSOs will receive feedback on non-existent domains, which may be</td><td> </td><td class="right"> PSOs will receive feedback on non-existent domains, which may be</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0021" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> similar to existing <span class="delete">organizational d</span>omains. Feedback related to such</td><td> </td><td class="rblock"> similar to existing <span class="insert">Organizational D</span>omains. Feedback related to such</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> cousin domains have a small risk of carrying information related to</td><td> </td><td class="right"> cousin domains have a small risk of carrying information related to</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0022" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> an actual <span class="delete">organizational d</span>omain. To minimize this potential concern,</td><td> </td><td class="rblock"> an actual <span class="insert">Organizational D</span>omain. To minimize this potential concern,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> PSD DMARC feedback is best limited to Aggregate Reports. Feedback</td><td> </td><td class="right"> PSD DMARC feedback is best limited to Aggregate Reports. Feedback</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Reports carry more detailed information and present a greater risk.</td><td> </td><td class="right"> Reports carry more detailed information and present a greater risk.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">5. Security Considerations</td><td> </td><td class="right">5. Security Considerations</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This document does not change the Security Considerations of</td><td> </td><td class="right"> This document does not change the Security Considerations of</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> [RFC7489].</td><td> </td><td class="right"> [RFC7489].</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">6. IANA Considerations</td><td> </td><td class="right">6. IANA Considerations</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr bgcolor="gray" ><td></td><th><a name="part-l5" /><small>skipping to change at</small><em> page 8, line 4</em></th><th> </th><th><a name="part-r5" /><small>skipping to change at</small><em> page 7, line 47</em></th><td></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> The initial set of entries in this registry is as follows:</td><td> </td><td class="right"> The initial set of entries in this registry is as follows:</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> +-------------+----------------+---------------+</td><td> </td><td class="right"> +-------------+----------------+---------------+</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> | PSD | Reference | Status |</td><td> </td><td class="right"> | PSD | Reference | Status |</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> +-------------+----------------+---------------+</td><td> </td><td class="right"> +-------------+----------------+---------------+</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> | .bank | this document | current |</td><td> </td><td class="right"> | .bank | this document | current |</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> +-------------+----------------+---------------+</td><td> </td><td class="right"> +-------------+----------------+---------------+</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> | .insurance | this document | current |</td><td> </td><td class="right"> | .insurance | this document | current |</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> +-------------+----------------+---------------+</td><td> </td><td class="right"> +-------------+----------------+---------------+</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0023" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> <span class="insert">| .gov.uk | this document | current |</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> +-------------+----------------+---------------+</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">7. References</td><td> </td><td class="right">7. References</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">7.1. Normative References</td><td> </td><td class="right">7.1. Normative References</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate</td><td> </td><td class="right"> [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Requirement Levels", BCP 14, RFC 2119,</td><td> </td><td class="right"> Requirement Levels", BCP 14, RFC 2119,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> DOI 10.17487/RFC2119, March 1997,</td><td> </td><td class="right"> DOI 10.17487/RFC2119, March 1997,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> <https://www.rfc-editor.org/info/rfc2119>.</td><td> </td><td class="right"> <https://www.rfc-editor.org/info/rfc2119>.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td></td><td class="left"></td><td> </td><td class="right"></td><td></td></tr>
<tr bgcolor="gray"><th colspan="5" align="center"><a name="end"> End of changes. 23 change blocks. </a></th></tr>
<tr class="stats"><td></td><th><i>55 lines changed or deleted</i></th><th><i> </i></th><th><i>58 lines changed or added</i></th><td></td></tr>
<tr><td colspan="5" align="center" class="small"><br/>This html diff was produced by rfcdiff 1.41. The latest version is available from <a href="http://www.tools.ietf.org/tools/rfcdiff/" >http://tools.ietf.org/tools/rfcdiff/</a> </td></tr>
</table>
</body>
</html>