Re: Amavis and OpenDMARC

Tue, 28 Nov 2023 01:45:17 -0800 

I agree that DKIM designers messed this up quite much.
But again, we are here talking about DMARC.



On 21.11.23 12:06, Noel Butler wrote:

But they are inter-twined, DMARC just does what DKIM and SPF declare, 
so any perceived DMARC issues *do* include DKIM and SPF


but this is irelevant here.


On 21/11/2023 20:08, Matus UHLAR - fantomas wrote:

I believe the issue lies in bad formulation of condition for fo:



The problem I see is that with "fo=1" it should be reported, even if 
everything is okay.


On 28.11.23 10:36, Noel Butler wrote:

Well, if there is a pass and a failure not "everything" is OK.


Not "a pass and a failure". A DKIM pass and SPF pass.


But when the SPF is not aligned, DMARC wording requires sending report for 
"fo=1", because of RFC 
	something other than an aligned "pass" result.



reporting 2 passes but inaligned is non-sense and quite common for mail 
forwarding, and mailing lists, including this one.



Perhaps RFC 7489 needs clarification of what exactly needs to be 
reported and what not.



7489  makes fo=1|s|d clear, perhaps fo=0 could be worded differently, 



most of us, or perhaps just many of us,  understand 0 means only if 


I did a mistake before and corrected it:

Wording of fo=0 is fine, report is only send for failed DMARC check.
The unaligned SPF is only issue when DKIM fails.



everything fails then send a report because thats how I see it and how 
it seemed to work when first ran DMARC until I moved fo=1 because I 
want to get failure reports - remember, not all failure reports go to 
humans ;)



Generally people who halve some idea of what they are doing don't 
bother with RFC's, perhaps the problem is with the software 
documentation as that's what they tend to go for.



So, generally do you recommend us not to follow RFC and risk possible issues 
that are currently unseen?

I prefer fixing the RFC instead.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states.


























					Reply via email to