On Wed, Dec 30, 2020 at 10:48 AM Michael Thomas <m...@mtcc.com> wrote:
> > On 12/30/20 7:40 AM, Todd Herr wrote: > > I already said there is a thunderbird extension called dkim-verify that > does exactly that. It says "DMARC: fail". That is highly misleading to the > user. > >> >> I see. > > I wrote "MDAs and local clients (web and mobile) at the mailbox > provider", and I was referring to things such as Gmail's web client, > Gmail's mobile client, etc. > > You are talking about an extension for Thunderbird, which is different > from what I'm talking about. > > Thank you for the clarification. > > This would be a problem for any MUA. That's the point. It's not different, > it's the exact same problem for every MUA. There is no normative mechanism > that gives anything downstream from the DMARC check producing the auth-res > to be able to use that information correctly. And we sure don't want > billions of MUA's doing DMARC checks on their own because of the inadequacy > of auth-res. There is code in that extension to do exactly that. If that > were widespread, it would be disastrous. > > > As I attempted to communicate in a different message, we're making assumptions about the use of the A-R header that may not be entirely valid. RFC 8601 says in its Abstract: Any receiver-side software, such as mail filters or Mail User Agents (MUAs), can use this header field to relay that information in a convenient and meaningful way to users or to make sorting and filtering decisions. It does not say, however, "can use this header field, AND ONLY THIS HEADER FIELD, to relay that information"; it doesn't even require that the header be included. There are quite a number of headers inserted into messages at the major mailbox providers, and I'd wager that some of them are used by the MDAs and local clients instead of the A-R header when executing their message delivery and display actions; I might be wrong, but I imagine the folks who've put together these enormous email systems do things in such a way that maximizes efficiency for them. -- *Todd Herr* | Sr. Technical Program Manager *e:* todd.h...@valimail.com *p:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
