On Sunday, September 27, 2020 11:44:11 PM EDT Dave Crocker wrote: > On 9/27/2020 11:22 AM, Scott Kitterman wrote: > > This seems to me to be an odd view because no RFC is needed to use From > > and > > it's relationship to either DKIM signing domain or SPF validated Mail > > From. > > The DKIM d= value establishes no relationship with any other identifer, > such as the From: field. At all. None. > > DMARC establishes the relationship. DMARC does other things, but for the > above suggested alternative, this is the functional difference that > requires DMARC. > > To reiterate: Among currently published specifications, without DMARC > there is no relationship between DKIM's d= value and the rfc5322.From > domain name. > > > Feeding data into an algorithm has no interoperability requirements. > > > > That doesn't mean one can't use the data this way, because anyone can that > > wants to can. That doesn't make it the specified protocol. > > It's not clear what your point is. It's clear you believe it's a > fundamental point, but I'm not understanding it's import. > > > ... Maybe it would help if someone who takes the latter view would > > > > explain what they think RFC 7489, Section 6.6.2, Step 6 is for: > >> 6. Apply policy. Emails that fail the DMARC mechanism check are > >> > >> disposed of in accordance with the discovered DMARC policy of the > >> Domain Owner. See Section 6.3 for details. > > > > I don't think that says "then toss the results into your classifier". > > The issue is not what it says -- though it worth considering whether > that's what it /should/ say. > > The issue is how receivers actually /use/ DMARC. > > There has always be a tension about how to write these statements > seeking to affect receiver behavior. The natural tendency is to write > language of simple directives, such as Step 6 -- after all, that's > common language for basic protocol behavior. > > However Step 6 moves from protocol into policy. It is based on the myth > that receivers will blindly follow the instructions that are provided by > sites with which the receiver has no relationship, never mind a > contractual one. > > The reality is that Step 6 results in a mandate that often produces > unacceptable results. > > Receivers, having their own quality assurance models, immediately > adapted their actions to their own operating criteria, rather than > following the simple, blind directives of random DMARC publishers.
So we agree that you claim DMARC practice is in variance with what is specified and we should base the update to the specification on the usage you have claimed is popular? Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
