On Wednesday, December 24, 2014 10:46:42 Murray S. Kucherawy wrote: > On Wed, Dec 24, 2014 at 4:04 AM, Scott Kitterman <skl...@kitterman.com> > > wrote: > > The draft strongly encourages DMARC implementers to ignore SPF policy, so > > I don't think assuming messages will be deferred due only due to SPF or > > DKIM results indicating a temporary DNS error is appropriate. > > If there's a transient DNS error getting the SPF policy, then there's no > SPF policy to be ignored. That's quite a different situation. > > > I think that in the case of a temporary DNS error in one of the lower > > level protocols, insufficient inputs are available to conclude a message > > has failed DMARC tests. > > I agree. > > > Receivers can either ignore DMARC for this message due to incomplete > > evaluation or they can defer the message in the hope that the temporary > > error will be resolved when the message is retried. Receivers MUST NOT > > apply DMARC policy and reject or quarantine because the DMARC evaluation > > is > > incomplete. > > Can you provide specific changes, with section numbers, that you'd like to > see applied to resolve this?
Here's my suggestion. Replace this text at the end of section 5.6.2: Handling of messages for which SPF and/or DKIM evaluation encounters a DNS error is left to the discretion of the Mail Receiver. Further discussion is available in Section 5.6.3. with: Messages for which SPF and/or DKIM evaluation encounters a temporary DNS error have not received a definitive result for steps 3 and/or 4 above. If the message has not passed the the DMARC mechanism check due to an SPF or DKIM check that did not have a DNS error, receivers can either ignore DMARC for this message due to incomplete evaluation or they can defer the message in the hope that the temporary error will be resolved when the message is retried. Receivers MUST NOT apply DMARC policy and reject or quarantine the message because the DMARC evaluation is incomplete. When otherwise appropriate due to DMARC policy, receivers MAY send feedback reports regarding temporary errors. Handling of messages for which SPF and/or DKIM evaluation encounters a permanent DNS error is left to the discretion of the Mail Receiver. How's that? Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc