On Wed, May 7, 2025 at 5:42 AM Alessandro Vesely <[email protected]> wrote:
> On Wed 07/May/2025 00:18:41 +0200 Wei Chuang wrote: > > forwarders will likely also want a say in what happens to a message that > fails > > validation. > > > In order to keep it simple, I'd conceive the author domain, the one in > From:, > to be the "owner" of the message. > If DKIM2 header algebra yields more than one valid From header, we may want to consider an algorithm to select which one is the owner. Presumably this should be the earliest, though for DMARC reporting perhaps both can be considered. > > we propose that the forwarder domain be able to publish a policy that > > specifies the forwarder's intent on what enforcement to apply. > > This sounds to me like an affected complication. When authentication > works > well, there will be no reason to specify weal policies. Until then, let > the > owner decide. > To me this is a fair standpoint from a receiver perspective. My guess is that the benefit is marginal to support forwarders compared to the extra DNS policy lookup cost borne by the receivers. The forwarding idea is really a strawman to explore the cost benefit. > > This also calls for DMARC reporting to be generated for forwarders. > > > One can ask for feedback even without trying to override the policy. > > > > By default the "rua=" and "ruf=" tags specify where the forwarder reports > > may go. However forwarders may specify a different location "frua=" and > > "fruf=" to distinguish forwarding traffic from origination traffic in the > > reports. > > Rather than a different reporting address, I'd specify additional report > attributes that identify unambiguously which forwarding chain the messages > belong to. > > It'll be more specification work this way though it may permit additional capabilities to express details around the forwarding as observed by the receiver. -Wei
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
