— Section 5.8 — Mail Receivers MAY choose to accept email that fails the DMARC mechanism check even if the published Domain Owner Assessment Policy is "reject". Mail Receivers need to make a best effort not to increase the likelihood of accepting abusive mail if they choose not to honor the published Domain Owner Assessment Policy. At a minimum, addition of the Authentication-Results header field (see [RFC8601]) is RECOMMENDED when delivery of failing mail is done.
As we discussed at IETF 114, I think it’s important that we be a bit stronger here, and call the reader’s attention to RFC 7960. Here’s my text proposal, going with the “SHOULD” version, rather than the “MUST” version: NEW Mail Receivers MAY choose to accept email that fails the DMARC mechanism check even if the published Domain Owner Assessment Policy is "reject". In particularly, because of considerations discussed in [RFC7960], it is important that Mail Receivers SHOULD NOT reject messages solely because of a published policy of “reject”, but that they apply other knowledge and analysis to avoid rejection of legitimate messages, harm to the operation of mailing lists, and the like. Mail Receivers need to make a best effort not to increase the likelihood of accepting abusive mail if they choose not to honor the published Domain Owner Assessment Policy. At a minimum, addition of the Authentication-Results header field (see [RFC8601]) is RECOMMENDED when delivery of failing mail is done. END (This also needs an informative reference to 7960 added.) -- Barry _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
