On Sat 08/Jul/2023 02:44:19 +0200 Murray S. Kucherawy wrote:
On Thu, Jul 6, 2023 at 7:55 AM Barry Leiba <barryle...@computer.org> wrote:
It is therefore critical that domains that host users who might
post messages to mailing lists SHOULD NOT publish p=reject.
Domains that choose to publish p=reject SHOULD implement
policies that their users not post to Internet mailing lists.
Some of my IETF mentors (ahem) taught me some stuff about the use of SHOULD
[NOT] that have stuck with me, and I'm going to pressure test this against
that advice. Let's see how this goes. :-)
"SHOULD" leaves the implementer with a choice. You really ought to do what
it says in the general case, but there might be circumstances where you
could deviate from that advice, with some possible effect on
interoperability. If you do that, it is expected that you fully understand
the possible impact you're about to have on the Internet before
proceeding. To that end, we like the use of SHOULD [NOT] to be accompanied
by some prose explaining when one might deviate in this manner, such as an
example of when it might be okay to do so.
Does anyone have such an example in mind that could be included here?
Specifically: Can we describe a scenario where (a) a sender publishes
p=reject (b) with users that post to lists (c) that the community at large
would be willing to accept/tolerate?
The preceding, non-indented paragraph seems to devise a tolerance boundary in
the future:
Domains that have general users who send routine email are
particularly likely to create interoperability issues if they
publish p=reject. For example, domains that serve as mailbox hosts
and give out email addresses to the general public are best advised
to delay adoption of p=reject until the authentication ecosystem
becomes more mature and deliverability issues are better resolved.
/More/ mature and /better/ resolved might still be obscure. For the time
being, IME, the ecosystem is mature enough to resolve the mailing list
interoperability issues by From: munging. I agree it might become more mature
and find out better ways. Yet, the current level might seem enough to permit
p=reject where it is necessary —unless there are situations (unknown to me)
where the damage is still serious or substantial.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
