imo, what all current DMARC deployments lack is notice to end receiver mailbox about any DMARC validation done on a particular message, and how it validated.
thus, similarly to Franck's Advice to MUAs, i would propose adding this kind of txt to DMARC draft: "DMARC participating MTAs SHOULD include Authentication Results for all underlying protocols (SPF/DKIM), as well as such results for DMARC validation itself, among headers of original messages, during DMARC processing, so they are delivered to end user's mailbox with the message. If a participating MTA decides to uphold this advisory, it MUST at least display: 1. IP address used for SPF validation, 2. domain used for DKIM validation, 3. domain used for DMARC alignment validation, 4. strings used to perform these validations against: a. MAIL-FROM and HELO/EHLO in case of SPF, b. DKIM signature domain, c. Domain-Owner's "asfp", "adkim", "p=" and "sp" DMARC tags, in case of DMARC validation, 5. results of each validation and human readable version of it, if provided by corresponding protocol and if possible, including any policy overrides. " be free to take my txt and fix it, i know it needs refinement. but i hope the general idea is understood and considered valid and useful. this requirement may be more realistic to happen than MUA design change, imo. -- Vlatko Salaj aka goodone http://goodone.tk _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
