On Sunday, January 04, 2015 12:38:51 Jim Fenton wrote: > On 12/24/14 10:08 PM, Scott Kitterman wrote: > > On Thursday, December 25, 2014 00:02:41 Murray S. Kucherawy wrote: > >> On Wed, Dec 24, 2014 at 5:48 PM, Scott Kitterman <[email protected]> > >> > >> wrote: > >>> Messages for which SPF and/or DKIM evaluation encounters a temporary > >>> DNS error have not received a definitive result for steps 3 and/or 4 > >>> > >>> above. > >>> > >>> If the message has not passed the the DMARC mechanism check due to > >>> an SPF or DKIM check that did not have a DNS error, receivers can > >>> either > >>> ignore DMARC for this message due to incomplete evaluation or they > >>> can defer the message in the hope that the temporary error will be > >>> resolved when the message is retried. Receivers MUST NOT apply DMARC > >>> policy and reject or quarantine the message because the DMARC > >>> evaluation is incomplete. When otherwise appropriate due to DMARC > >>> policy, receivers MAY send feedback reports regarding temporary > >>> errors. > >>> > >>> Handling of messages for which SPF and/or DKIM evaluation encounters > >>> a permanent DNS error is left to the discretion of the Mail Receiver. > >>> > >>> How's that? > >> > >> I think it pretty much says what's there, but is a lot more clear about > >> it. I also think the second sentence is a bit convoluted, so I reworked > >> it > >> into this. Does it match what you're trying to say? > >> > >> <t> Messages for which SPF and/or DKIM evaluation > >> encounters > >> > >> a temporary DNS error have not received a definitive result for steps 3 > >> and/or 4 above. When such an evaluation > >> > >> is done in conjunction with an aligned identifier, > >> completion of the DMARC algorithm is not possible. > >> In this case, receivers can either skip DMARC for > >> this > >> message due to incomplete evaluation, or they can > >> > >> arrange > >> > >> to defer handling of the message in the hope that the > >> temporary error will be resolved when the message is > >> retried. In any case, Receivers cannot apply DMARC > >> policy and reject or quarantine the message because > >> the > >> DMARC evaluation is incomplete. When otherwise > >> appropriate due to DMARC policy, receivers MAY send > >> feedback reports regarding temporary errors. </t> > >> > >> -MSK > > > > I don't think it does. What I was trying to say is that if you already > > got an aligned pass from one method, you're done. It doesn't matter if > > they other one gets a DNS error, you already have a definitive result. I > > don't think your text says that, but I may be wrong. > > It's a bit more complicated than that, unfortunately. While an aligned > pass from one method does yield an overall DMARC "pass", depending on > the setting of the "fo" flag, you might still need to send a failure > report for the other method. If fo=1, should a report be sent for the > temporary failure, or should the message be held to see if the failure > clears?
I think we covered that down thread from here. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
