MARID

MARID was an IETF working group in the applications area tasked to propose standards for email authentication in 2004. The name is an acronym of MTA Authorization Records In DNS.

Background

[edit]

Lightweight MTA Authentication Protocol (LMAP)[1] was a generic name for a set of 'designated sender' proposals that were discussed in the ASRG in the Fall of 2003, including:

  • Designated Mailers Protocol (DMP)
  • Designated Relays Inquiry Protocol (DRIP)
  • Flexible Sender Validation (FSV)
  • MTAMARK
  • Reverse MX (RMX)
  • Sender Policy Framework (SPF)

These schemes attempt to list the valid IP addresses that can send mail for a domain. The "lightweight" in LMAP essentially stands for "no crypto", as opposed to DomainKeys and its successor, DKIM.[2] In March 2004, the Internet Engineering Task Force IETF held a BoF on these proposals. As the result of that meeting, the task force chartered the MARID working group.[3]

Controversy

[edit]

Microsoft's Caller-ID proposal was a late and highly controversial addition to this mix. It came with the following features:

  • Use of XML policies with DNS - this was reduced to what is now known as Sender ID
  • Piggybacking and extension of the existing SPF
  • Use of RFC 2822 mail header fields as by DomainKeys (All other LMAP drafts used the SMTP envelope.)
  • Specific questions about patents and licensing [4]

Proceedings

[edit]

The working group decided to postpone the question of RFC 2821 SMTP identities - i.e. MAIL FROM covered by SPF, or HELO covered by CSV and SPF - in favour of RFC 2822 identities covered by Caller-ID's and later Sender-ID's Purported Responsible Address (PRA). The WG arrived at a point where sender policies could be split into different scopes, like the 2821 MAIL FROM or the 2822 PRA. The MARID spf2.0 syntax also allowed to join different scopes into one policy record, if the sets of permitted IPs are identical, as is often the case.

Less than a week after the publication of a first mfrom or MAIL FROM draft, the WG was terminated unilaterally by its leadership. MARID existed only seven months, and no RFCs were published.[5][4]

The responsible IETF Area Director agreed to sponsor the publication of some of the unfinished MARID discussions as IETF experiments; these happened in 2005, as both the pre-MARID SPF[6] and Sender ID[7] were approved as experimental RFCs. The latter is to a certain degree a result of MARID, growing out of the Caller-ID proposal.

The ongoing disputes on technical issues and incompatibilities in Sender ID resulted later in appeals[8] to the IESG and the IAB.

References

[edit]
  1. ^ Lightweight MTA Authentication Protocol (LMAP) Discussion and Comparison
  2. ^ "How to Read DMARC Reports?". powerdmarc.com. Retrieved 2023-07-25.
  3. ^ MTA Authorization Records in DNS - MARID charter Retrieved 25 July 2023
  4. ^ a b Levine, John R. "An analysis of Microsoft's MARID patent applications". John R. Levine. Retrieved 15 May 2019.
  5. ^ Seltzer, Larry (22 September 2004). "Internet Task Force Shuts Down Anti-Spam Working Group". eWeek. Retrieved 15 May 2019.
  6. ^ Sender Policy Framework (SPF) for Authorizing Use of Domains in E-MAIL, version 1
  7. ^ Purported Responsible Address in E-Mail Messages
  8. ^ Mehnle, Julian (August 25, 2005). "Appeal: Publication of draft-lyon-senderid-core-01 in conflict with referenced draft-schlitt-spf-classic-02". Archived from the original on August 22, 2009.
[edit]