> -----Original Message----- > From: dmarc [mailto:[email protected]] On Behalf Of Steven M Jones > Sent: Monday, December 29, 2014 5:00 PM > To: [email protected] > Subject: Re: [dmarc-ietf] Jim Fenton's review of -04 > > On 12/29/2014 12:32 PM, MH Michael Hammer (5304) wrote: > > > >> -----Original Message----- > >> From: dmarc [mailto:[email protected]] On Behalf Of Scott > >> Kitterman [...] I think the only two reasonable choices are defer and > >> see what happens on retry or to treat it as DMARC none and press on > >> with other checks. > >> > > I suppose it's ultimately another example of local policy. I feel like a > DMARC "none" opens the door to abuse (I'm thinking of abused financials for > example). How easily can an abuser induce temporary failures for DNS for a > given host/domain? I'd prefer a recommendation of "defer and retry" rather > than a fail open (DMARC none). > > Is this a point where the phrase "documenting existing common practice" > should guide us? That sounded a lot like recommending a practice versus > documenting... >
The first question is whether this is a matter of local policy. If the answer is yes (Which I believe and invoke King Canute), then anything written IS a recommendation (even if it is only documenting what "We" - for some definition of "we" - believe is existing common practice. Personally I don't believe it IS existing common practice if we look at the number of validators implementing (vs percentage of mail it is applied to). We know, or should know, that many implementers on the validation side are struggling with implementing local policy for things like white listing. I have not seen any data to indicate that tempfail on temporary DNS failures is truly an existing common practice. So we are back to "What do we believe validators should do when encountering temporary failures?" For an implementation such as DMARC I prefer tempfail which is fail closed rather than DMARC none which is fail open. Based on visibility into our own mail streams and DMARC reporting, this particular case represents (for our domains) a very low number on an absolute basis /percentage of mail that I view it as generally a corner case of an edge case. Others may have different data. Mike _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
