If you meant "external ESPs are applying DMARC per spec according to RFC7489 6.6.2 step #5" that would be more accurate.
The prescribed method is, "If *one or more of the Authenticated Identifiers* align with the RFC5322.From domain, the message is considered to pass the DMARC mechanism check." No ESP I'm aware of evaluates a DMARC failure result if *any* of the authentication methods produces a failure. That is definitely not expected behavior. Do you have examples of any ESPs that deviate from this? - Mark Alley On Fri, Apr 14, 2023, 8:42 PM Hector Santos <hsantos= 40isdg....@dmarc.ietf.org> wrote: > On 4/14/2023 7:31 PM, Dotzero wrote: > > On Fri, Apr 14, 2023 at 5:55 PM Hector Santos > > <hsantos=40isdg....@dmarc.ietf.org > > <mailto:40isdg....@dmarc.ietf.org>> wrote: > > > > Yes, it is simple DeMorgan’s Theorem where you use > > short-circuiting logic. > > > > DMARC says that any FAIL calculated via SPF or DKIM is an > > overall DMARC failure. In standard boolean logic is it an OR > > condition: > > > > IF SPF FAILS or DKIM FAILS Then Reject. > > > > > > You have it absolutely backwards. > > > > DMARC says if either (aligned) SPF validates or (aligned) DKIM > > validates, it passes. > I don't follow you, so NO > > a fail of either is a failure as a whole. > > That is how the major EPS of late are applying it - per specs. > > > -- > Hector Santos, > https://santronics.com > https://winserver.com > > -- > Hector Santos, > https://santronics.com > https://winserver.com > > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc