The DMARC "T=" tag replaces the "PCT" tag in DMARCBIS

[mdabuhasan]

In the evolving world of email security, DMARC (Domain-based Message Authentication, Reporting and Conformance) has been an important tool for domain owners to protect their email domains from abuse and phishing. Over time, the protocol has undergone multiple updates, and one of the foreseeable changes was the replacement of the "pct" tag with the "t" tag reported by the IETF in its DMARCbis technical draft. This article will explore the reasoning behind this modification and its impact on email security.

Early versions of the DMARC protocol

An early version of the DMARC protocol documented in RFC7489 introduced the "pct" tag. This tag allowed phone number data
domain owners to specify a percentage of emails that would be subject to a stricter DMARC policy, such as "none" to "quarantine". The intent was to provide a gradual transition process that would allow domain owners to easily adopt stricter email policies.

Questions tagged with "pct"

However, operational experience has shown that the "pct" tag presents various challenges. Except when the value is "0" or "100" (the default), it is often applied inaccurately. The default value of "100" requires no special processing on the part of the email recipient, so many people simply choose that value. On the other hand, a "pct" value of "0" is associated with deviations from the standard processing, primarily by middlemen and mailbox providers rewriting the RFC5322 From header to avoid DMARC failures downstream. Curiously, this unintentional use of "pct=0" is valuable to the email community. When middlemen rewrite headers with "pct=0", domain owners gain insight into how much of their email traffic is being routed through middlemen that have not made the RFC5322 changes. While this comparison requires effort, it is an important source of information for domain owners. Domain owners can make informed decisions when they understand the number of messages that may fail DMARC due to middlemen rewriting headers due to the absence of RFC5322. They can assess their tolerance for DMARC failures and decide whether to transition from "p=none" to "p=quarantine" or "p=reject".

The "t" flag in the DMARCbis technical draft

Recognizing the value of "pct=0" to domain owners, it makes sense to keep this functionality in the DMARC protocol. However, it no longer makes sense to keep a tag called "pct" that only has two valid values. To address this, the latest version of the DMARC protocol may introduce a "t" tag that stands for "test". The "t" tag has two valid values: "y" and "n". Comparison of the "t" tag with the "pct" tag

The "t" tag will be similar to the "pct" tag values ​​"0" and "100" in the mailbox provider and broker's applications, respectively. Here is how they compare:

Overall, the introduction of the "t" tag simplifies the handling of DMARC policies. While this may initially appear to be a minor change, it also simplifies the setup and implementation of DMARC policies. The new tag may help ensure that policies are applied more accurately and resolve issues that existed previously