Thanks for the update Scott, and your wording on the 'np' tag in the Appendix works.
I just want to call out your statement: I think changing existing defined behavior for non-participants in an experiment is not appropriate. It's even more unacceptable in a case like this where we absolutely don't need it to achieve the desired behavior within the experiment. I agree very strongly on this, and this is the right way to view this. While we all are confident that the 'np' tag will be a wild success, there is the case this is not true, and we need to not upset current working behavior. Tim (probably chair'ing a little here) On Wed, Jul 17, 2019 at 2:27 AM Scott Kitterman <skl...@kitterman.com> wrote: > > > On July 17, 2019 5:54:41 AM UTC, Seth Blank <s...@sethblank.com> wrote: > >On Tue, Jul 16, 2019 at 10:40 PM Scott Kitterman <skl...@kitterman.com> > >wrote: > > > >> Yes, the point of 'np' is to allow for a stricter sub-domain policy, > >but > >> that's to support early deployment of strict PSD level policies > >without > >> breaking org domains that are still deploying/have not deployed > >DMARC. > >> > > > >I absolutely agree with this. > > > > > >> Case: > >> > >> PSO mandates all orgs deploy DMARC, but that's not done yet. PSO > >wants to > >> deploy PSD DMARC for reject at the PSD level and for non-existent > >domains, > >> but > >> leave non-DMARC deployed existing domains at none. PSO publishes > >these > >> policieis for the PSD: > >> > >> p=reject, sp=none, np=reject > >> > > > >Ah, I see what you're saying here. I honestly couldn't understand why > >you > >were talking about sp=none at all within a PSD context. I thought the > >solution to this scenario was to do as the PSO p=none; np=reject. I > >actually like p=reject; sp=none; better here, because that lets the PSD > >lock itself down as a sending domain. But to me, this also makes it > >clear > >that np= should use the p= not the sp= as its default. > > See if you still feel that way after considering backward compatibility ... > > >That said, I feel less strongly about this now, and can see merit in > >inheritance from either side (or from a hard default of none, for that > >matter, although I'd strongly argue against that personally...). > > > > > >> Having 'np' fall back to 'p' doesn't actually solve the problem you > >claim > >> to > >> be solving since it only affects non-implementers. > >> > > > >This I don't understand. The results you outlined are exactly what I > >think > >should happen. > > I think we agree on the goal, the difference is only about implementation > details and impact on non-particpants in the experiment. > > > >> I believe that's the exact requested case and the changeset I've > >provided > >> supports that without creating a situation where every implementer of > >the > >> experiment suddenly starts processing existing DMARC records > >differently > >> (which > >> I think would be very bad). > >> > > > >I don't think I properly understand what you're saying. Can you clarify > >this point? > > Keep in mind that senders do send from what we call non-existent domains > for reasons that seem good and sufficient to them. Let's take that as a > fact, whether it makes sense to us or not. > > Sender (who knows nothing of our experiment) has published a DMARC record > that includes: > > p=reject, sp=none > > When a DMARC compliant receiver receives mail from a subdomain of that > organization domain, the policy to apply is none. > > If our experiment has 'np' fall back to 'sp', then the non-particpant gets > the same result. An experiment participating receiver would use 'sp' > directly (none) for an existing sub-domain and also use 'sp' (none - 'np' > fallback) for a non-existing sub-domain. > > If our experiment has 'np' fall back to 'p', then the non-particpant gets > a different result. An experiment participating receiver would use 'sp' > directly (none) for an existing sub-domain and also use 'p' (reject - 'p' > fallback) for a non-existing sub-domain. > > Keep in mind, this isn't just about receiver processing. The policy > applied is also in the aggregate reports. > > I think changing existing defined behavior for non-participants in an > experiment is not appropriate. It's even more unacceptable in a case like > this where we absolutely don't need it to achieve the desired behavior > within the experiment. > > Scott K > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc