On 12/29/20 11:35 AM, Todd Herr wrote:
None of the validation checks bothered with the p= value in the
mrochek.com <http://mrochek.com> DMARC policy record, because the p=
value is immaterial to the validation check. Whether DMARC passes or
fails is based on whether SPF or DKIM passes or fails with an aligned
domain, full stop.
Once the DMARC validation result is determined, then the mailbox
provider or entity performing the DMARC validation check can refer to
the p= value in determining how to dispose of the message, but it
doesn't have to. It's worth noting perhaps that Google does record
message disposition in the auth-res header, though:
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mrochek.com
<http://mrochek.com/>
Unless those values in parens are a MUST requirement, the dmarc=fail is
highly misleading. I haven't even seen any specification for the dmarc
part of auth res in rfc 7601, which may be part of the problem. I don't
see any normative language which would update rfc7601 in dmarc with the
syntax and semantics of the dmarc field.
At the very least this needs to be straightened out because auth-res, to
Ned's earlier point, can have consumers in the form of MUA's.
Mike
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc