I continue to not understand the defect you're highlighting here. I think you've expressed yourself primarily in the abstract. Could you craft a sample message, sample envelope, and sample DNS context that highlights the problem you're talking about? Maybe then it'll snap into focus.
On Wed, Jun 16, 2021 at 2:43 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote: > NXDomain on RFC5322.From is a completely different issue. It means that > the name is only used for service provider messaging, and is therefore not > linked to any IP address or other physical infrastructure. It affects the > ability to define a meaningful NP test. The issue becomes irrelevant to > DMARC if and only if we drop the NP policy idea completely. > > The proposed MX/A/AAAA/SPF test has two significant problems: > - It incorrectly classifies some names as NP because they do not need > MX/A/AAAA/SPF records because they are not tied to an IP address, and we > have provided a very poor mechanism for a domain owner to come into > compliance. > There's a workaround here: If I want to use a name that is not represented in the DNS according to that test, all I need to do is DKIM sign with my parent domain. That makes "p" apply because now you have an aligned "pass", which presumably trumps any "np" that's set. If you aren't signing with DKIM in that scenario, and you obviously can't pass SPF either, then you can't possibly hope to pass DMARC irrespective of any test being done on the name's validity. - It incorrectly classifies some names that are not used for email as not > NP, simply because they have an A/AAAA record. It provides no method for > the domain owner to signal that the name is not used for email and > therefore should be treated as NP. > If they're not used for email, then they're not in DMARC's problem space. At any rate, since PSD has been approved, I'm hoping the experiment is underway, or will be soon, and then we might have some actual data about the severity of this defect and thus also possibly some hints about ways it can be mitigated. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
