On 4/27/2015 4:23 PM, J. Gomez wrote:
Smooth operation?
Mediators don't really need to change, but their entry points need to
support DKIM+POLICY. For example, the Mediator receiver can simply
support honoring restrictive policies and it doesn't need to bother
with much else.
That is interesting.
Couldn't the DMARC specification spell out that Receivers claiming to be
DMARC-compliant, when choosing to *accept* incoming messages from Senders
publishing p=reject (irrespective of whether such accepted messages passed or
not the DMARC checks), CANNOT after-the-fact reinject such received messages
into the public email infrastructure in any way that could render them (or
reveal them to be) DMARC-rejectable?
Yes. To be protocol Z-ORDER correct, yes.
So that if any Receiver-turned-Originator (i.e., Mediator) does otherwise, they
CANNOT claim to be DMARC-compliant?
It would be violation of he protocol engine -- causing potential grief.
That would force DMARC-compliant Mediators to reject (or accept but not resend)
incoming email from p=reject domains, irrespective of whether such mail passes
or not the initial incoming DMARC checks.
As DMARC is written yes, this is why we need the 3rd party
authorization. It is incomplete otherwise.
Then, if the market deems DMARC valuable by itself, pressure would be applied by the
"invisible hand" there were it needs to be applied (so that reputable actors in
the email ecosystem could claim to be DMARC-compatible).
Can't have it both ways. If a MLM has resigning and touching based
with DKIM, it needs to filter the unauthorized DMARC mail at the MLM
receiver just like their is a presumption the distribution end-user
MDA receivers will also apply DMARC.
--
HLS
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
