On Sunday, March 31, 2013 10:53 PM [GMT+1=CET],John Levine wrote: > > Yes. But what if the DMARC default were to have that phish vector > > closed, so that it only would be open for those who explicitly did > > open it (because they had a specific problem that needed fixing)? > > This strikes me as a great deal of mechanism to address a very > unlikely problem. > > If people are seeing soft fails on your SPF or DKIM lookups, the most > likely reason is that your DNS servers or intermediate caches are > screwed up. And in that case, your DMARC lookups will fail, too, so > it doesn't matter what they say. > > Speaking as a receiver, if your DMARC is important to you, fix your > DNS, don't ask me to do backflips to sort of work around its failures.
Hmm, I not following you here. My suggestion of a "SoftFail" result for DMARC would happen when both SPF-by-itself passed AND DKIM-by-itself passed, AND when neither is aligned with the RFC5322.From header organizational domain. This suggested DMARC "SoftFail" would only be searched for by the receiver if a DMARC "Fail" has previously been found, i.e. if a DMARC "Pass" has previously been found then all DMARC processing (including searching for this suggested DMARC "SoftFail" condition) should end. Also, this suggested DMARC "SoftFail" processing would only take place if the suggested optional second policy for DMARC has been explicitly declared by the domain owner AND is different from the mandatory DMARC first policy. This suggested DMARC "SoftFail" result is to accommodate for mailing lists in the DMARC specification. (Additionally, it would be interesting to requiere that in this suggested "SoftFail" result for DMARC, the RFC5322.From header had to be part of the DKIM-signed headers in the email, even if its organizational domain was not aligned with the "d=" domain in the DKIM signature.) Obviously, to get SPF-by-itself to pass AND DKIM-by-itself to pass, DNS records for both have to be fine and dandy. So I don't understand your comments about DNS being screwed up. Regards, J. Gomez _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
