Authentication problems can be put into these categories: - Messages with malicious impersonation. - Legitimate message with insufficient credentials at origination. - Legitimate message whose credentials were lost in transit. - Legitimate message from an entity sending on behalf of a domain member but outside of domain owner control.
If an evaluator determines that a message is legitimate, should he send a failure report anyway? Or should the failure be considered a false positive that can and should be ignored? At the moment, I favor encouraging report senders to suppress reporting on messages that are judged to be legitimate. Doug Foster
_______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
