On Nov 6, 2012, at 7:26 AM, Murray Kucherawy <[email protected]> wrote: > This is essentially correct, as is Mason's observation that this falls into > the realm of UI design. DMARC can't determine a policy of any kind because > no such policy is retrieved under the DMARC algorithm. The incoming message > is, by RFC5322, garbage to begin with. It thus falls to the receiver's local > policies in terms of a decision about what to do with the message and what to > show the user when viewed.
From my PoV, Mason's observation points out that Receivers need to consider how they're processing emails that are malformed as per RFC5322. Although outside of the scope of DMARC, this does raise the issue of "how low do you set the bar on the acceptance of email". This is a local decision, but it would behoove every email operator to investigate whether or not they actually accept email that they want to receive that is malformed per RFC5322. My understanding is that only a few of the very largest mailbox providers cannot put in place blanket "reject email that does not contain From: header" rules. It would be nice to have this scenario become one of a "fail closed" as opposed to "fail open", but this likely won't happen until more awareness is brought to the issue. To start, maybe this scenario can become part of email vulnerability testing. =- Tim
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
