> On Sep 14, 2023, at 7:36 AM, Dotzero <dotz...@gmail.com> wrote: > > On Wed, Sep 13, 2023 at 9:21 PM Hector Santos <hsan...@isdg.net > <mailto:hsan...@isdg.net>> wrote: >> >>> On Sep 13, 2023, at 8:51 PM, Dotzero <dotz...@gmail.com >>> <mailto:dotz...@gmail.com>> wrote: >>> >>> DMARC does one thing and one thing only. It mitigates against direct domain >>> abuse in a deterministic manner, nothing else. It doesn't stop spam and it >>> doesn't depend on or involve reputation. It is but one tool among a number >>> of tools that various parties can choose from. A message passing DMARC >>> validation does not mean the message is "good". There is no question of >>> fault. Perhaps you should recommend changes to incorporate a blame game if >>> your goal is to determine fault. >> >> Deterministic means there is no question - you follow the protocol. Your >> (speaking in general) opinions don’t matter. > > It means that the output of the algorithm is deterministic. It does not mean > that the receiver blindly act on that output. As has been stated many times > by many people, a policy assertion is a request by the sending domain > administrator/owner, not a mandate. That is why local policy on the part of > the receiver overrides a sender policy assertion. >
Over the years, as a supporter of SPF and DKIM Policy, and being the DSAP's author, I've witnessed how deterministic protocols like SSP, DSAP, ADSP, and DMARC pave the way for policy-driven rejections. They operate without subjectivity. But the inclusion of local policies can lead to diverse behaviors among platforms. While Site A might conform strictly to a policy, Site B might diverge. The introduction of RFC 5016, Section 5.3, Item 10 underlines the primacy of local policies. This was especially pertinent for Mailing List systems, which often tampered with the original DKIM author's signature integrity. These systems then re-signed the altered message for list distribution as a 3rd party. At that time, a gap existed as we lacked a deterministic policy catering to these 3rd parties, which could work alongside SSP, ADSP and now DMARC's 1st party only signer algorithm. DMARC has amplified the significance of local policies, given the high likelihood of false positives. The introduction of local policies has somewhat diluted the effectiveness of deterministic protocols. We're still navigating these nuances, even after 15+ years. All the best, Hector Santos
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc