Re: [dmarc-ietf] Jim Fenton's review of -04

Mon, 22 Dec 2014 11:47:58 -0800 

On 12/22/2014 08:16 PM, Dave Crocker wrote:

On 12/22/2014 11:11 AM, Rolf E. Sonneveld wrote:

Perhaps 5.6.3 needs something like "SHOULD NOT act on DMARC policy if a
temporary error in SPF or DKIM processing prevents a full evaluation."

+1


We need to be careful about how this is phrased.  I specifically suspect
that the above suggested wording is a bad idea, or worse, probably wrong.

DMARC /requires/ prior validation of the author From domain via a
lower-level mechanism.  SPF and DKIM are defined for now.  If neither of
them validates the domain, then DMARC fails.


What do you mean with 'validates'?:


a) confirm that the domain exists and that the required information for 
the lower-level mechanism(s) could successfully be determined?

b) 'authenticates'
c) something else?


Assuming you mean a) (or something that is close to it), then the 
problem here is: what if SPF cannot be 'validated' while DKIM can, and 
vice versa?




There is no 'should' about it.  It fails.

Failing means that the polices are not applied.  As in MUST NOT be applied.



This seems to me to be contradictory of the way the word 'fails' is used 
in http://tools.ietf.org/id/draft-kucherawy-dmarc-base-08.txt. For 
example: how should I interpret these last two lines, when comparing 
this with what is being said about 'fails'  in the context of 
'p=quarantine' and 'p=reject':



       quarantine:  The Domain Owner wishes to have email that fails the
          DMARC mechanism check to be treated by Mail Receivers as
          suspicious.  Depending on the capabilities of the Mail
          Receiver, this can mean "place into spam folder", "scrutinize
          with additional intensity", and/or "flag as suspicious".


and


       reject:  The Domain Owner wishes for Mail Receivers to reject
          email that fails the DMARC mechanism check.  Rejection SHOULD
          occur during the SMTP transaction.  See Section 9.3 for some
          discussion of SMTP rejection methods and their implications.



Please read http://tools.ietf.org/id/draft-kucherawy-dmarc-base-08.txt 
again and mark every occurrence of he word 'fail' or 'fails'. Often it 
is used in the context of DKIM and SPF checks, sometimes in the context 
of DMARC mechanisms etc.


I'm confused.

/rolf

_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc























					Reply via email to