If a domain has an enforceable DMARC policy, and the message has no signature, then the policy interpretation would be equivalent to a "DO NOT FORWARD" order on postal mail.
We expect that this action is probably not what the actual sender intends or what the final recipient wants, just what the policy recommends. The forwarding mediator has incentives to please the final recipient, so he is unlikely to enforce a "Do Not Forward" request even if it is legitimately made. Since this situation happens with some regularity, does it warrant some commentary in the specification? On Fri, Sep 24, 2021 at 2:59 PM John Levine <jo...@taugh.com> wrote: > It appears that Douglas Foster <dougfoster.emailstanda...@gmail.com> > said: > >-=-=-=-=-=- > > > >The Zoho situation is an interesting application of ARC. The forwarders > >are not altering the messages, so if the DMARC-enforcing domain was > >configured with signatures, their messages would have passed DMARC at the > >final destination. Without the signature, they should have been blocked > >already. .... > > There are plenty of senders who only use SPF and publish a DMARC policy > anyway. > > We all know why that's a bad idea, but that's what they do. > > R's, > John > -- > Regards, > John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for > Dummies", > Please consider the environment before reading this e-mail. https://jl.ly >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
