On Thu 06/Jan/2022 12:32:17 +0100 Douglas Foster wrote:
The point of a specification like this is to understand each participant's best interest and channel that toward the common goal. I perceive a false assumption that when a sender does not publish p=reject, then his messages cannot be blocked for failure to validate, and therefore DKIM signatures are unnecessary.
Or we could devise a protocol whereby a sender can supply customized policies to different (kinds of) receivers. For example, I might want to publish p=reject for, say, ietf.org and some other receivers that I trust to verify correctly. Queries could be arranged similar to external reporting authorization, exposing the receiver's FQDN: ; <<>> DiG 9.16.1-Ubuntu <<>> ietfa.amsl.com._dmarc.tana.it txt ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58470 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;ietfa.amsl.com._dmarc.tana.it. IN TXT ;; ANSWER SECTION: _dmarc.tana.it. 86400 IN TXT "v=DMARC1; p=reject; " "rua=mailto:dmarca...@tana.it; " "ruf=mailto:dmarcf...@tana.it;" Hm... no fooling. Best Ale -- _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc