Side note: DMARC is not a BCP, nor a Proposed Standard. It has an
Informational Status. DMARC is very much incomplete.
On 4/29/2015 8:04 AM, Stephen J. Turnbull wrote:
J. Gomez suggests:
> > > That would force DMARC-compliant Mediators to reject (or accept
> > > but not resend) incoming email from p=reject domains,
> > > irrespective of whether such mail passes or not the initial
> > > incoming DMARC checks.
Something about having mediators (ie, non-MTAs) implement this check
was bothering me. I realized that the nagging thought was the
*Mediator* doesn't have to do it.
In the SMTP world, all receivers are expected to play by the same
"interop" rules. We have "standard" expectations and best practices
among SMTP mail systems. A SMTP receiver is a SMTP receiver. It is
really all mechanical. The "Mediator" is just one or many types of
"mail services" that is a post SMTP operation. There is no such thing
as a MLM receiver unless its behaving like an "open relay." The goal
with any SMTP level deterministic policy protocol is to:
1) Protect Receivers from Abuse
2) Protect Originator Domain from abuse
3) Protect End-Users from Abuse
All three have benefits when everyone is expected to follow the
"protocol standard" and its really in the above order. In other
words, I'm adding support not to just protect domains or the end-user,
its controlling and helping to reduce the tremendous abuse the
receiver sees on a constant basis.
We are looking for a persistent, consistent protocol that ALL SMTP
receivers can run and the end results is expected to be the same from
node to node. Like SPF, the DNS published rules, when applied
corrected per specification, the result is the same at Receiver Nodes
X, Y and Z.
Variation A: Outgoing Checking...
Variation B: Incoming Checking....
These are specific vendor implementation design details. It generally
does not apply to IETF Protocol design because it wouldn't be
applicable to all systems, including small guys. Look at our
integrated design (attached!) Very complicated due to the history.
In other words, it doesn't matter how its done, whether you can do it
or not or where, but from a functional protocol specification
standpoint, that it is done, and that mean all nodes in the mail
network, otherwise there are loopholes.
--
HLS
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc