On Mon, Dec 22, 2014 at 10:44 AM, Scott Kitterman <skl...@kitterman.com> wrote:
> There was a recent thread on postfix-users about DMARC rejections when > there > are DNS errors that caused me to review -08 to see what it says on the > matter. > > At the end of section 5.6.2, it says: > > Handling of messages for which SPF and/or DKIM evaluation encounters > a DNS error is left to the discretion of the Mail Receiver. Further > discussion is available in Section 5.6.3. > > My reading of 5.6.3 though is that it only discusses DNS errors in the > context > of failing to retrieve the DMARC record. Any discussion about handling DNS > errors for SPF/DKIM seems to be missing. > Yes, DMARC punts on what to do when SPF or DKIM encounter transient failures. I imagine that's because those modules would arrange to temp-fail a message that has that problem. I suppose my experience is that messages don't even get to the point of DMARC evaluation when that happens, because the message has already been temp-failed. If you think about DKIM and SPF as being part of a layer below DMARC, then I'm not sure it's wise of us to be making any kind of normative statement about what to do when the lower layers fail. What do you suggest? -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
