On Mon 28/Dec/2020 22:20:55 +0100 Todd Herr wrote:
>
> DMARC validation failures can be caused either due to legitimate mail
> (i.e., mail originated by or on behalf of the publisher of the DMARC
> policy, a.k.a., the domain owner) failing authentication checks due to a
> shortcoming in the authentication practices of the domain owner or some
> other hiccup that occurs in transit, OR by illegitimate mail (i.e., mail
> not originated by or on behalf of the domain owner, so mail intended to
> fraudulently impersonate the domain), specifically the kind of mail that
> DMARC is purported to be designed to stop.
That kind of analysis seems to be missing from the draft. After some years of
experience, we should be able to provide some, I'd hope. If not, we'd better
bluntly drop the draft.
I think a list of possible failure causes would be nice to have, because
a lot of people seem to think that DMARC is a completely reliable mechanism.
I'm not entirely convinced this document is the place for it, but OTOH
I'm not convinced it isn't.
It also strikes me as more of an exercise in enumeration of possibilities than
an actual analysis.
Let's see. We have:
o Illegitimate mail
o Message changed in transit, invalidating DKIM signature
o Incorrect DKIM signing
o Incorrect SPF setup
o Unintentional domain misalignment
o Improper assertion of DMARC policy
We get regularly get problem reports whose root cause turns out to be one of
these things.
I've probably missed a bunch, and this may not be the best way to compose the
list.
Ned
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
