— Section 5 — A Mail Receiver implementing the DMARC mechanism SHOULD make a best- effort attempt to adhere to the Domain Owner's or PSO's published DMARC Domain Owner Assessment Policy when a message fails the DMARC test. Since email streams can be complicated (due to forwarding, existing RFC5322.From domain-spoofing services, etc.), Mail Receivers MAY deviate from a published Domain Owner Assessment Policy during message processing and SHOULD make available the fact of and reason for the deviation to the Domain Owner via feedback reporting, specifically using the "PolicyOverride" feature of the aggregate report defined in [DMARC-Aggregate-Reporting]
I think “SHOULD do what the domain owner says” is too strong, and propose to change it. By making it that strong we vary from the policy that recipients use all the input they have to make their handling decision, and we tell them that using this input alone is normatively required for interoperability/security. I think that’s wrong. I suggest this alternative text: NEW A Mail Receiver implementing the DMARC mechanism gets the Domain Owner’s or PSO's published DMARC Domain Owner Assessment Policy when a message fails the DMARC test, and uses it as an important factor in deciding how to handle the message. Mail Receivers should make a best-effort attempt to comply with the published policy, but email streams can be complicated (due to forwarding, existing RFC5322.From domain-spoofing services, etc.) and Mail Receivers may have other information that can inform their decisions. When Mail Receivers deviate from a published Domain Owner Assessment Policy during message processing they SHOULD make available the fact of and reason for the deviation to the Domain Owner via feedback reporting, specifically using the "PolicyOverride" feature of the aggregate report defined in [DMARC-Aggregate-Reporting]. END -- Barry _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
