On Thu, Apr 13, 2023 at 9:52 PM Barry Leiba <barryle...@computer.org> wrote:
> > I don’t think folks are objecting to cautionary language. I think > > folks are objecting to a blanket MUST NOT. If we're going to qualify > > the MUST NOT with a bunch of language, that's a bit different. The > > original proposal was: "To be explicitly clear: domains used for > > general-purpose email MUST NOT deploy a DMARC policy of p=reject." > > I'm still fuzzy on what constitutes general purpose, or perhaps more > > accurately when p=reject is acceptable? Is it acceptable to use > > p=quarantine in those cases? If a domain (such as comcast.com) > > decides p=reject is what they really want .. then what? (I know, we're > > not the protocol police..) > > The idea is MUST NOT because it harms interop with long-standing > deployments. If you decide you're more important than that, you do > what you want and there it is. It's as simple as that. The "then > what" is that you don't interoperate with mailing lists (and perhaps > other things, depending upon the exact configuration). That's the > definition of MUST NOT. It doesn't mean that someone will come down > on you if you do. It means you will likely fail to interoperate if > you do. > > As to "what constitutes general purpose", if you are providing email > addresses to the general public, that qualifies. If your domain is > sending email only from employees, and you have policies about > employees using their email addresses to conduct business, then that's > a different issue. Of course, if their business involves posting to > mailing lists, you have some decisions to make. > > Again, none of this is on pain of death. We're just talking about how > to use the protocol interoperably. If you have reasons you think are > important to do otherwise, you can do what you want. The protocol > specification needs to define interoperability clearly and strictly. > > Barry > Barry wrote: " The idea is MUST NOT because it harms interop with long-standing deployments. If you decide you're more important than that, you do what you want and there it is. It's as simple as that" I could live with the normative MUST NOT if there were some non-normative text recognizing that there are domains that violate the MUST NOT but not in any way attempting to validate violating the MUST NOT. Is there any potential that such wordsmithing could break the apparent impasse? Just sort of noodling on this. Michael Hammer
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
