On Tue 15/Dec/2020 04:26:03 +0100 Douglas Foster wrote:
Sorry about the confusion caused by my typing failures.
What I meant:
First party - From address aligns with SMTP address. Can be validated with SPF
or DKIM.
Third party - From address and SMTP address are in different domains. Can be
validated with DKIM only.
I am open to suggestions for better nomenclature.
I'm neutral about the nomenclature. However, the definitions lack something.
First party is clear.
Third party is not:
For a nit, albeit unusual, one can use a different bounce address, for any
convenience reason. If SPF helo is aligned it is still a first party message.
There are other considerations that indicate a the presence and the quality of
a third party, such as multiple DKIM signatures, and a Sender: field.
Then there are dumb forwarders, who neither sign nor modify messages, nor even
the bounce addresses. Second parties? Hm... external aliases? Artifacts of
email address portability?
But what I am trying to figure out is under what circumstances a DMARC policy
can be considered actionable. Do I conclude that "p=quarantine" means "domain
is still collecting data, so results are unpredictable"? Or do I conclude
that it means "Domain is fully deployed and failure to validate is a highly
suspicious event?"
I think quarantine is not necessarily an intermediate step. It is adequate for
human mail, where one is not equipped to resend in case of reject. It doesn't
cover first/third party differences. I wish there was an intermediate policy,
call it p=mlm-validate, that directs a third party to reject if not
authenticated, while final recipients can accept it as if p=none.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc