Is a set of guidelines on when to do an SMTP PERMFAIL vs. an SMTP
TEMPFAIL be something that's added to the design/deployment/operations
document?
Would anyone care to come up with such a set of guidelines? If they're
succinct enough, they could be folded in as part of the IETF Last Call
round.
Tony Hansen
[email protected]
Jim Fenton wrote:
> Mark Martinec wrote:
>> 3. If the query for the public key fails because the corresponding
>> key record does not exist, the verifier MUST immediately return
>> PERMFAIL (no key for signature).
>> [...]
>> A verifier SHOULD NOT treat a message that has one or more bad
>> signatures and no good signatures differently from a message with no
>> signature at all; such treatment is a matter of local policy and is
>> beyond the scope of this document.
>>
>
> Just to be extra clear, PERMFAIL in this context is a verifier result --
> just an inability to verify the signature. In order to satisfy the above
> paragraph, this SHOULD NOT result in an SMTP PERMFAIL. This is different
> from a verifier TEMPFAIL, which may result in an SMTP TEMPFAIL.
>
>> I think it is plain wrong and a bug if a verifier tempfails a message
>> on an authoritative DNS failure.
_______________________________________________
dkim-ops mailing list
[email protected]
http://mipassoc.org/mailman/listinfo/dkim-ops
