A change is expected in the DMARC policy settings as IETF has introduced a draft that reports replacing the ‘pct’ tag with the ‘t=’ tag to overcome some challenges. Things are not certain yet, as the document is under discussion and consideration. Nonetheless, let’s see what can we expect.
What is DMARC?
DMARC is an acronym for Domain-based Message Authentication Reporting and Conformance. It is an email authentication protocol that instructs recipients’ servers on how they should deal with emails that fail SPF and/or DKIM checks. It includes mechanisms for reporting and conformance to help domain owners monitor and enforce their email authentication policies.
It was developed by a group of leading IT companies that wanted to establish a mechanism to fight against phishing and fraudulent emails on the Internet. As of 2022, more than 1.28 million domain owners have strengthened their domains with DMARC, and the number is expected to grow at a fast pace, owing to Google and Yahoo’s new policy.
What is the ‘pct’ Tag in DMARC?
The DMARC ‘pct’ tag is short for the percentage tag that is used for advancing policies and reaching the highest level of protection. This tag helps specify the percentage of email messages that should be subjected to DMARC authentication checks so that you can gradually increase the percentage with minimal false positives.
Domain owners typically start with as low as 20% or 30% so that only a small chunk of outgoing messages undergo the authentication test. At this point, they evaluate aggregate (RUA) and forensic (RUF) reports to catch insights into email activities, which allows them to understand how many messages are experiencing false positives. They gradually increase the percentage as the number of false positives goes down.
What is the Challenge With the ‘pct’ Tag?
The ‘pct’ tag has been in use for a long time; however, there has always been a challenge of its improper application, except when the percentage is either ‘0’ or ‘100’, as these are the default values. This is because when the percentage is set to 100, the mail receiver doesn’t have to perform a special function, leaving no room for improper application.
On the other side, setting the pct tag value to 0 is linked with deviations from the standard management process by intermediaries and mailbox providers involved in the development of RFC5322.
Much surprisingly, the accidental use of the ‘pct=0’ tag proved to be beneficial for the email community. When headers were modified by intermediaries with “pct=0,” domain owners could gain valuable insights into the proportion of their email traffic passing through intermediaries that adhered to RFC5322 standards. Despite the effort required for this comparison, it became an invaluable source of information for domain owners.
With knowledge about the volume of emails susceptible to potential DMARC failure due to the absence of RFC5322 in header rewriting by intermediaries, domain owners could make well-informed decisions. They could assess their tolerance for DMARC failures and determine whether to transition from “p=none” to “p=quarantine” or “p=reject.”
Image sourced from spamresource.com
Consideration of the ‘t=’ Tag
Now, the decision-makers are retaining the functionality of the ‘pct=0’ tag; however, they are reconsidering the name of the tag as it doesn’t make sense to call it a ‘percentage’ tag with only two valid values, which are 0 and 100.
The ‘t=’ tag stands for ‘testing,’ and it has two values- ‘y’ and ‘n.’
The ‘t=y’ value is equivalent to ‘pct=0’. So, emails subjected to ‘t=y’ specify that the domain owner is currently in the testing phase of implementing their policy rollout. So, during this phase, the receiver conducting the check should not enforce the policy.
On the other hand, ‘t=n’ and ‘pct=100’ convey the same instructions. Emails subjected to “t=n” will follow the default DMARC policy, which is the same as the previous “pct=100” setting.
The introduction of the new tag is expected to make it easier to imply DMARC policies by aligning settings. It has the potential to resolve the previous challenges, ensuring your domain stays protected from malicious email activities.
In summary, the DMARC policy settings may see changes with IETF’s proposal to replace the ‘pct’ tag with ‘t=.’ While the document is under discussion, the industry continues to evolve.
The proposed ‘t=’ tag retains ‘pct=0’ functionality, signaling a testing phase (‘t=y’) where policy enforcement is withheld. ‘t=n’ aligns with default DMARC policy, akin to ‘pct=100.’ The email community stays vigilant, ready to adapt to evolving standards for enhanced email security.
This foreseeable development reflects the adaptive nature of the DMARC protocol and commitment to making the email ecosystem a better and safer place to communicate.