Still not quite correct... > -----Original Message----- > From: dmarc [mailto:[email protected]] On Behalf Of Dave Crocker > Sent: Monday, December 29, 2014 2:32 PM > To: Scott Kitterman; [email protected] > Subject: Re: [dmarc-ietf] Jim Fenton's review of -04 > > On 12/29/2014 10:40 AM, Scott Kitterman wrote: > TO: > >> > > DMARC evaluation can only complete and yield a "pass" result when one of > the underlying authentication mechanisms passes for an aligned identifier. If > neither passes and one or both of them failed due to > >> >a > temporary error, the Receiver evaluating the message is also unable > >> >to > conclude that the DMARC mechanism had a permanent failure and thereby > can apply the advertised DMARC policy. > >> > > >> >This looks good to me. > > Shouldn't it be cannot apply the advertised DMARC policy? > > Actually, no, but I also was confused. It took me some serious effort to > decide that the current wording was correct. And a spec should not require > that sort of linguistic diligence, IMO. > > Looks like a small change can make your form correct... > > So I suggest: > > DMARC evaluation can only yield a "pass" result after one of the > underlying authentication mechanisms passes for an aligned identifier. If > neither passes and one or both of them fails due to a temporary error, the > Receiver evaluating the message is unable to conclude that the DMARC > mechanism had a permanent failure; they therefore cannot (yet) apply the > advertised DMARC policy. > > d/ > --
If neither of them passes and only one of them fails due to a temporary error (but the other one does not fail due to a temporary error) then the other one should (must?, not in the normative sense) be an actual failure. Perhaps the wording should be: "If neither SPF nor DKIM pass and both of them fail due to temporary errors...". The case we seem to be discussing is where we have temporary failures for both SPF and DKIM. The other issue (more than a quibble) I have is leaving it at "; they therefore cannot (yet) apply the advertised DMARC policy." What should they do? I prefer the treat it as a tempfail and allow for retries. The problem with that approach is if the mail has been accepted for delivery. I don't like the idea of DSNs or out of band bounces. Mike _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
