On Sat 02/Jan/2021 19:53:41 +0100 Douglas Foster wrote:
Regarding this section:
Experience with DMARC has revealed some issues of interoperability
with email in general that require due consideration before
deployment, particularly with configurations that can cause mail to
be rejected. These are discussed in Section 9.
I suggest replacing it with a scope statement, such as this:
DMARC checks are applicable when a message is received directly from
the domain owner, or received indirectly from a mediator without
in-transit modification. As discussed in Section 9, these two
criteria do not cover all legitimate email flows. When a message is
received indirectly with modification, DMARC cannot produce a usable
result, and the message should be evaluated using alternate criteria.
When messages may have been forwarded with modifications, the
algorithm for distinguishing between authorized and unauthorized
messages becomes difficult to define.
I disagree. Limiting the applicability of DMARC is not going to boost its
actionable usage. The above wording boils down to suggesting a sequence of
operations as follows:
1: check SPF. If not pass then the message is indirect.
2: check DKIM. If not pass then the message is with modification. Hence
DMARC results are not usable.
That would nullify the whole protocol.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
