I am starting from the viewpoint that (a) reporting is a courtesy provided by the evaluator to the domain owner, and (b) the evaluator will do so in the context of his own interest, which includes filtering messages with maximum possible efficiency.
This WG can certainly impose a requirement that an evaluator MUST evaluate all available identifiers, up to the specified limit of 100, to be compliant. Evaluators that are not willing to be compliant MUST not send aggregate reports. We do not have that language yet. Doug On Sun, Oct 2, 2022 at 5:00 PM Dotzero <dotz...@gmail.com> wrote: > > > On Sun, Oct 2, 2022 at 2:01 PM Douglas Foster < > dougfoster.emailstanda...@gmail.com> wrote: > >> In many cases, an evaluator can determine a DMARC PASS result >> without evaluating every available identifier. >> >> - If a message has SPF PASS with acceptable alignment, the evaluator >> has no need to evaluate any DKIM signatures to know that the message >> produces DMARC PASS. >> - Some identifiers are easily excluded by simple inspection: A " >> sendgrid.net" identifier cannot authenticate "example.com" >> >> When the evaluator has an identifier which is known but not evaluated, he >> does not have a way to document this outcome in the aggregate reports. To >> fix this hole, we should add an authentication result of "not evaluated" >> >> Doug Foster >> > > It is absolutely a wrong thing to suggest not evaluating DKIM if there is > an SPF pass. One of the purposes of aggregated reporting is to help sending > domains to understand the what is breaking in their mail streams. SPF > PASS/DKIM PASS is totally different than SPF PASS/DKIM FAIL. The overhead > cost to perform the DKIM check is relatively low. Why wouldn't you do this. > > Do you believe that preventing a sender from getting this additional piece > of information is a good thing? > > Michael Hammer > > >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
