----- Original Message -----
> From: "Dave Crocker" <[email protected]>
> To: "R E Sonneveld" <[email protected]>, "Scott Kitterman"
> <[email protected]>
> Cc: [email protected]
> Sent: Monday, December 22, 2014 11:16:01 AM
> Subject: Re: [dmarc-ietf] Jim Fenton's review of -04
>
> On 12/22/2014 11:11 AM, Rolf E. Sonneveld wrote:
> >>
> >> Perhaps 5.6.3 needs something like "SHOULD NOT act on DMARC policy if a
> >> temporary error in SPF or DKIM processing prevents a full evaluation."
> >
> > +1
>
>
> We need to be careful about how this is phrased. I specifically suspect
> that the above suggested wording is a bad idea, or worse, probably wrong.
>
> DMARC /requires/ prior validation of the author From domain via a
> lower-level mechanism. SPF and DKIM are defined for now. If neither of
> them validates the domain, then DMARC fails.
>
> There is no 'should' about it. It fails.
>
> Failing means that the polices are not applied. As in MUST NOT be applied.
>
You are opening an attack vector here. I could DDoS your domain Name servers
and then send emails on your behalf... As a receiver, It would be better to
tempfail emails until DNS is restored.
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
