On Wed 24/Aug/2022 07:56:41 +0200 Murray S. Kucherawy wrote:
I believe your "policy is useful when present but not required" remark is a
re-statement of your claim that DMARC should yield a "pass" for any aligned
identifier irrespective of the presence or absence of a published policy.
The theory thus far was that dmarc=fail calls for possibly make a decision.
Does dmarc=pass bear different values depending on the policy?
However, the charter, at paragraph 4, demands that any change made by this
working group which does not preserve compatibility with the deployed base
has to be justified. If suddenly the absence of a published policy can
result in a DMARC "pass" or "fail" when this was not previously the case,
and this results in different handling decisions by receivers, I would say
compatibility has not been preserved.
We already made a change by allowing a default policy. DMARC records in
the installed base were illegal if they had no p= tag. So, at this time,
we are discussing of the difference between a record saying just v=DMARC1
and no record at all.
The striking difference is that without record we cannot determine
alignment. However, this doesn't impinge on compatibility, as the
installed base used the PSL.
The working group is able to make that change, but (a) consensus must exist
to do so, and (b) we need to justify the resulting potential disruption
adequately.
I see no disruption.
Anyway, we should fix Authentication-Results:, because it is currently not
clear enough. For example: say the filter can be configured to enable
DMARC or not (possibly on a per-domain base). Now a message gets
dmarc=fail with p=quarantine. This has to be enacted by downstream agents,
after the SMTP session is over. The rMDA filter must then know if
quarantining is enabled. What is the A-R?
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
