> On Nov 14, 2016, at 9:49 AM, Petr Novák via dmarc-discuss > <dmarc-discuss@dmarc.org> wrote: > > Hello, > > I saw that FortiNet's FortiMail is listed as a product that has a DMARC > support here: "https://dmarc.org/resources/products-and-services/" . > > I wonder what do you guys think about it's DMARC implementation. If you > enable DMARC check in FortiMail it rejects(or performs other configured > action) any mail that fails DMARC check no matter what policy source domain > has configured. So it also rejects mails from domains that have policy > p=none. After contacting their support I was told that this implementation is > by desing and they dont have any plans to change it. > > In DMARC RFC there is: > "To enable Domain Owners to receive DMARC feedback without impacting existing > mail processing, discovered policies of "p=none" SHOULD NOT modify existing > mail disposition processing." > > So I guess it doesn't break RFC if there is "SHOULD NOT" and not "MUST NOT"? > But I still think this implementation of DMARC is wrong. What do you guys > think?
Speaking only as an enterprise trying to use DMARC, FortiMail’s implementation as described above is wrong and serves only to discourage others from implementing a DMARC policy. p=none is vital. That said, I would have no objection to fortimail customers having the option to treat p=none as p=quarantine or p=reject -> that’s completely up to them. But by default no thank you! _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)