Re: [dmarc-ietf] Author vs Signer Domains

2023-04-14 Thread Mark Alley 
If you meant "external ESPs are applying DMARC per spec according to
RFC7489 6.6.2 step #5" that would be more accurate.

The prescribed method is, "If *one or more of the Authenticated
Identifiers* align with the RFC5322.From domain, the message is considered
to pass the DMARC mechanism check."

No ESP I'm aware of evaluates a DMARC failure result if *any* of the
authentication methods produces a failure. That is definitely not expected
behavior.

Do you have examples of any ESPs that deviate from this?

- Mark Alley

On Fri, Apr 14, 2023, 8:42 PM Hector Santos  wrote:

> On 4/14/2023 7:31 PM, Dotzero wrote:
> > On Fri, Apr 14, 2023 at 5:55 PM Hector Santos
> >  > > wrote:
> >
> > Yes, it is simple DeMorgan’s Theorem where you use
> > short-circuiting logic.
> >
> > DMARC says that any FAIL calculated via SPF or DKIM is an
> > overall DMARC failure.  In standard boolean logic is it an OR
> > condition:
> >
> > IF SPF FAILS or DKIM FAILS Then Reject.
> >
> >
> > You have it absolutely backwards.
> >
> > DMARC says if either (aligned) SPF validates or (aligned) DKIM
> > validates, it passes.
> I don't follow you, so NO
>
> a fail of either is a failure as a whole.
>
> That is how the major EPS of late are applying it - per specs.
>
>
> --
> Hector Santos,
> https://santronics.com
> https://winserver.com
>
> --
> Hector Santos,
> https://santronics.com
> https://winserver.com
>
>
>
> ___
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Author vs Signer Domains

2023-04-14 Thread Neil Anuskiewicz 


> On Apr 14, 2023, at 6:42 PM, Hector Santos 
>  wrote:
> 
> On 4/14/2023 7:31 PM, Dotzero wrote:
>> On Fri, Apr 14, 2023 at 5:55 PM Hector Santos 
>> mailto:40isdg@dmarc.ietf.org>> wrote:
>> 
>>Yes, it is simple DeMorgan’s Theorem where you use
>>short-circuiting logic.
>> 
>>DMARC says that any FAIL calculated via SPF or DKIM is an
>>overall DMARC failure.  In standard boolean logic is it an OR
>>condition:
>> 
>>IF SPF FAILS or DKIM FAILS Then Reject.
>> 
>> 
>> You have it absolutely backwards.
>> 
>> DMARC says if either (aligned) SPF validates or (aligned) DKIM validates, it 
>> passes.
> I don't follow you, so NO
> 
> a fail of either is a failure as a whole.
> 
> That is how the major EPS of late are applying it - per specs.

Hector, you’re wrong on this one. Check out 
https://datatracker.ietf.org/doc/html/rfc7489#section-6.6.2. How would you 
interpret the following (follow link above for more context):
DMARC evaluation can only yield a "pass" result after one of the underlying 
authentication mechanisms passes for an aligned identifier.
Neil___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

[dmarc-ietf] Author vs Signer Domains

2023-04-14 Thread Hector Santos 

On 4/14/2023 7:31 PM, Dotzero wrote:
On Fri, Apr 14, 2023 at 5:55 PM Hector Santos 
> wrote:


Yes, it is simple DeMorgan’s Theorem where you use
short-circuiting logic.

DMARC says that any FAIL calculated via SPF or DKIM is an
overall DMARC failure.  In standard boolean logic is it an OR
condition:

IF SPF FAILS or DKIM FAILS Then Reject.


You have it absolutely backwards.

DMARC says if either (aligned) SPF validates or (aligned) DKIM 
validates, it passes.

I don't follow you, so NO

a fail of either is a failure as a whole.

That is how the major EPS of late are applying it - per specs.


--
Hector Santos,
https://santronics.com
https://winserver.com

--
Hector Santos,
https://santronics.com
https://winserver.com



___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc