To Todd's point, I think the answer on which policy would be applied at least needs to be predictable. If one receiver chooses one policy and a different receiver chooses the other policy, that is going to make it significantly more complicated for complex organizations to implement a DMARC p=reject or even p=quarantine policy.
Thanks, Autumn Tyr-Salvia atyrsal...@agari.com Agari Principal Customer Success Engineer ________________________________ From: dmarc <dmarc-boun...@ietf.org> on behalf of Todd Herr <todd.herr=40valimail....@dmarc.ietf.org> Sent: Tuesday, July 28, 2020 1:58 PM To: John R Levine <jo...@taugh.com> Cc: IETF DMARC WG <dmarc@ietf.org> Subject: Re: [dmarc-ietf] non-mailing list use case for differing header domains On Tue, Jul 28, 2020 at 4:30 PM John R Levine <jo...@taugh.com<mailto:jo...@taugh.com>> wrote: On Tue, 28 Jul 2020, Todd Herr wrote: > Using the Sender header and the "snd" bits in the DMARC policy for > firstbrand.com<https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Ffirstbrand.com%2F&data=02%7C01%7Catyrsalvia%40agari.com%7C92171061501e4c0b556008d833390787%7C05773123385e420d844ef01aee5e37ab%7C0%7C0%7C637315667319827245&sdata=1AHw64v72T7eJ%2BNrnkkUsSnky%2F1H2CqV3tA1t1X0FvM%3D&reserved=0>, > DMARC would pass for the Sender domain and fail for the > From domain. > > Which verdict gets applied to the message? I believe the reasoanble answer is both, and the filtering engine evaluates both based on their reputations. Two responses, two different but equally valid answers, the other (Dave's) being "receiver discretion", which *could* be an umbrella term to include John's answer, but would certainly also include other applications of rules for this scenario. Note that I'm not at all opposed to the idea put forth in https://datatracker.ietf.org/doc/draft-crocker-dmarc-sender/<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-crocker-dmarc-sender%2F&data=02%7C01%7Catyrsalvia%40agari.com%7C92171061501e4c0b556008d833390787%7C05773123385e420d844ef01aee5e37ab%7C0%7C0%7C637315667319827245&sdata=6Z2zUXQD8CB14mF9Tw9bNDVb7k5dyqUAez%2BJ%2B8TPYUs%3D&reserved=0> but I do believe that there will have to evolve a very limited set of known and expected possibilities for how such messages will be handled, or else wails will be wailed, teeth will be gnashed, and garments will be rent, especially among those trying to do the right thing when sending email and the deliverability people they employ. -- Todd Herr | Sr. Technical Program Manager e: todd.h...@valimail.com<mailto:todd.h...@valimail.com> p: 703.220.4153 [https://lh5.googleusercontent.com/_vs__6iRjfmT2Ae5LLNBb8nEopl2M5Tl5QlpS6LS0Lh0vv4TYnZu-Mff2kDFOqe0LhbnSXprAx4yoaTvq_Tc_7n1b8yzGIqoxuhedthDxYQansg8ChT2x5EcZV3rjz19-Dx9rESL] This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
