>> I'm not sure that any issue with mailing lists is documented in
>> draft-kucherawy-dmarc-base at all, well or otherwise. A search for
>> "mailing list" (or even "mailing") shows hits in three places, all in
>> back matter, none of substance.
>>
>> There's nothing that I can see anywhere that warns of possible
>> consequences (neither considerations for the domain publishing the
>> policy nor discussion of collateral damage to mailing lists) of using
>> "p=reject" -- not in the explanation of "p=reject", not in Section 6
>> ("Policy Enforcement Considerations"), not in Section 15.4 ("Rejecting
>> Messages"), not in the Security Considerations.
>>
>> Where is [it] well documented?
>
> In the upcoming BCP
1. I don't see it adequately covered there, on a quick scan. I
haven't read it thoroughly, though.
2. There is no reference from dmarc-base to dmarc-bcp, not even an
informative one. And this is an important enough consideration that I
think it should be a normative reference.
> Should we also document in this Murray's draft that MS-Exchange
> breaks DKIM on forwarding, inventory all the operational cases? I
> don't think so. The draft is to describe the protocol, the BCP is here
> to document on how to operationally deploy and use it.
I can't parse the first sentence, nor figure out what you're trying to
refer to. But to answer the question that's behind what I think
you're asking: Yes, we should document, either in the specification or
in an Applicability Statement that the specification cites as a
normative reference, considerations that are critical to getting the
configuration right.
It's fine to separate the protocol bits and the "other information"
into different documents, but it *all* has to be there in order to
fight against misconfiguration and the damage that can cause.
Barry
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
