Attribution of email is made difficult by the exact properties that make email valuable as a technology - a heterogeneous network of systems with different owners, different software, different update lifecycles - and of course different bugs! Emails also often flow indirectly through these networks, undergoing redirection, expansion into multiple copies via aliases and mailing lists, as well as rewriting and filtering before eventually arriving at a mailbox or being processed by a receiving software agent.

DKIM gave us good tools for attributing the source of messages that were not modified between originator and destination. Several attempts have been made to address the issues that arise with intermediaries. For various reasons, these technologies have failed to fully address the issues that arise when changes are legitimately made or when bad actors alter or replay messages, and we do not have well-specified mechanisms that ensure that error reports reach all the entities that need to be aware of them.

This working group will take a holistic approach to the underlying problems of attribution, error signalling, and trust relationships between the entities involved in handling an email - from its inception to arrival at its final destination. The working group will use the mechanisms of DKIM as a basis, extending it to solve the problems that have been identified in real-world usage.

It will be necessary for any new mechanism to work in parallel with the existing attribution mechanisms, and have a clean upgrade path. This work will have a wide scope and the design may supersede, modify, or replace many parts of the current email attribution techniques and associated reporting mechanisms - while retaining the ability to support the same use-cases.

To gain widespread adoption, it is expected that design proposals will be tested during the development of specifications. The working group will favor designs that are tested at scale and may dismiss those that are not.

This working group will produce the following document(s):

* A design overview describing the problem area and proposed mechanism

* An algebra for describing how to reverse common changes to email content

* A specification for authenticated email flow through multiple sites.

* A specification for error and bounce handling with the authenticated email flow.

* A best practices guide for implementation during the changeover period, in which interoperability with existing standards needs to be maintained.

This working group will also update the following existing document(s):

* DMARC to add DKIM2 as an additional authentication mechanism