Petr Novák wrote: > I wonder what do you guys think about it's DMARC implementation. If you > enable DMARC check in FortiMail it rejects(or performs other configured > action) any mail that fails DMARC check no matter what policy source > domain has configured. So it also rejects mails from domains that have > policy p=none. After contacting their support I was told that this > implementation is by desing and they dont have any plans to change it.
To clarify, does enabling the setting cause the rejection of: - all messages that fail DMARC-like tests whether or not they have a DMARC record; or - just all of those that fail checks whose 5322.From address domain has any DMARC record, while not performing DMARC-like tests on domains who don't. ? That a p=none record have the same impact as no record is an important property, as the ability to turn on p=none without impact is an important enabler for domain owner/registrants to explore implementation. If FortiMail is implementing feature that breaks this property then it would be worth addressing (sadly, I have no relevant contacts). If it's simply applying the same overzealous rules to domains with no record as to those with a p=none record then this is a poor choice, but not as harmful in that it won't affect decision-making by implementing domain owner/registrants. > In DMARC RFC there is: > "To enable Domain Owners to receive DMARC feedback without impacting > existing mail processing, discovered policies of "p=none" SHOULD NOT > modify existing mail disposition processing." > > So I guess it doesn't break RFC if there is "SHOULD NOT" and not "MUST > NOT"? But I still think this implementation of DMARC is wrong. What do > you guys think? The implementation is poor, but it's complying. The p= value is a request by the domain-owner/registrant to the receiver to do a certain thing rather than an instruction; the receiver retains full discretion about whether or not they do as asked, which is why the specification says SHOULD NOT rather than MUST NOT. This doesn't mean that harmful implementations wouldn't benefit from being improved, just that receiver discretion is a high priority. - Roland _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
