>> I'm not sure that any issue with mailing lists is documented in >> draft-kucherawy-dmarc-base at all, well or otherwise. A search for >> "mailing list" (or even "mailing") shows hits in three places, all in >> back matter, none of substance. >> >> There's nothing that I can see anywhere that warns of possible >> consequences (neither considerations for the domain publishing the >> policy nor discussion of collateral damage to mailing lists) of using >> "p=reject" -- not in the explanation of "p=reject", not in Section 6 >> ("Policy Enforcement Considerations"), not in Section 15.4 ("Rejecting >> Messages"), not in the Security Considerations. >> >> Where is [it] well documented? > > In the upcoming BCP
1. I don't see it adequately covered there, on a quick scan. I haven't read it thoroughly, though. 2. There is no reference from dmarc-base to dmarc-bcp, not even an informative one. And this is an important enough consideration that I think it should be a normative reference. > Should we also document in this Murray's draft that MS-Exchange > breaks DKIM on forwarding, inventory all the operational cases? I > don't think so. The draft is to describe the protocol, the BCP is here > to document on how to operationally deploy and use it. I can't parse the first sentence, nor figure out what you're trying to refer to. But to answer the question that's behind what I think you're asking: Yes, we should document, either in the specification or in an Applicability Statement that the specification cites as a normative reference, considerations that are critical to getting the configuration right. It's fine to separate the protocol bits and the "other information" into different documents, but it *all* has to be there in order to fight against misconfiguration and the damage that can cause. Barry _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc