On 7/6/12 6:48 AM, "Chris Lamont Mankowski" <[email protected]> wrote:
>Frank, I re-read the draft and see you're absolutely correct: > >>Section 5 >> >> A Mail Receiver MUST consider an arriving message to pass the DMARC >> test if and only if one or more of the underlying message >> authentication mechanisms pass with proper identifier alignment. > > >For senders who are using a shared MTA like Postini or Microsoft >FrontBridge, should DMARC allow the option for multiple identifiers to >align? > >I can think of a few ways to accommodate that: > > 1. Using the p1= p2= arguments mentioned in my previous post > 2. List the technologies in a semicolon delimited parameter in the >DNS record, such as z=spf;dkim; > Someone else suggested very early on that it should be possible to have the Domain Owner be able to say explicitly which checks should be done by Receivers. I don't recall there being much support for the notion, chiefly because of the "at least one must pass" property of DMARC. That means if you're turning off checks, it probably means the ones you want to disable are broken (or improperly deployed). This seems to be a bigger problem than we should be trying to fix here; simply turn off the broken ones. I'm skeptical about the p1= p2= option. When eventually support for more authentication methods are added, this won't scale as it eventually runs into limitations of DNS. -MSK > _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
