----- Original Message -----
> From: "Scott Kitterman" <[email protected]>
> To: [email protected]
> Sent: Wednesday, December 24, 2014 2:48:17 PM
> Subject: Re: [dmarc-ietf] Jim Fenton's review of -04
>
> On Wednesday, December 24, 2014 10:46:42 Murray S. Kucherawy wrote:
> > On Wed, Dec 24, 2014 at 4:04 AM, Scott Kitterman <[email protected]>
> >
> > wrote:
> > > The draft strongly encourages DMARC implementers to ignore SPF policy, so
> > > I don't think assuming messages will be deferred due only due to SPF or
> > > DKIM results indicating a temporary DNS error is appropriate.
> >
> > If there's a transient DNS error getting the SPF policy, then there's no
> > SPF policy to be ignored. That's quite a different situation.
> >
> > > I think that in the case of a temporary DNS error in one of the lower
> > > level protocols, insufficient inputs are available to conclude a message
> > > has failed DMARC tests.
> >
> > I agree.
> >
> > > Receivers can either ignore DMARC for this message due to incomplete
> > > evaluation or they can defer the message in the hope that the temporary
> > > error will be resolved when the message is retried. Receivers MUST NOT
> > > apply DMARC policy and reject or quarantine because the DMARC evaluation
> > > is
> > > incomplete.
> >
> > Can you provide specific changes, with section numbers, that you'd like to
> > see applied to resolve this?
>
> Here's my suggestion. Replace this text at the end of section 5.6.2:
>
> Handling of messages for which SPF and/or DKIM evaluation encounters
> a DNS error is left to the discretion of the Mail Receiver. Further
> discussion is available in Section 5.6.3.
>
> with:
>
> Messages for which SPF and/or DKIM evaluation encounters a temporary
> DNS error have not received a definitive result for steps 3 and/or 4
> above.
> If the message has not passed the the DMARC mechanism check due to
> an SPF or DKIM check that did not have a DNS error, receivers can either
> ignore DMARC for this message due to incomplete evaluation or they
> can defer the message in the hope that the temporary error will be
> resolved when the message is retried. Receivers MUST NOT apply DMARC
> policy and reject or quarantine the message because the DMARC
> evaluation is incomplete. When otherwise appropriate due to DMARC
> policy, receivers MAY send feedback reports regarding temporary errors.
>
> Handling of messages for which SPF and/or DKIM evaluation encounters
> a permanent DNS error is left to the discretion of the Mail Receiver.
>
> How's that?
>
What about pointing it may be a security issue to let these messages through?
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
