Hi Satan Thank you for your comment.
The first one is that we need to consider more negative impacts, but basically this mechanism will be well becasue this supports only emails which would potentially be "dmarc=pass", I think. The second is that > The second option, in practice, results in bulk, unsolicited email. I’m on the same page. We listed this in discussion points, but that may be a trivial solution. Regards, Genki --- Genki YASUTAKA <genki.yasut...@rakuten.com> Rakuten, Inc. From: Stan Kalisch [mailto:s...@glyphein.mailforce.net] Sent: Saturday, March 10, 2018 12:06 PM To: Satoru Kanno <ka...@lepidum.co.jp> Cc: dmarc@ietf.org; Takehito Akagiri <akag...@regumi.net>; Yasutaka, Genki | Dkim | OPS <genki.yasut...@rakuten.com> Subject: Re: [dmarc-ietf] [Request] Presentation in IETF101 Hi Satoru, On Mar 7, 2018, at 3:21 AM, Satoru Kanno <ka...@lepidum.co.jp<mailto:ka...@lepidum.co.jp>> wrote: Dear DMARC WG Chairs, I'm sending to you on behalf of Genki Yasutaka-san. As I asked you last November, we are preparing for the next track, with the intention of not only reviewing this draft, but also implementing for verification of vDMARC. If possible, I'd like to discuss this at IETF 101. [Details] ---------------------- - What I want to talk? Draft Overview and Implementation of vDMARC - Time required 10 minutes (*even for 5 minutes, if your schedule is too busy to adjust.) - Internet Draft https://datatracker.ietf.org/doc/draft-akagiri-dmarc-virtual-verification/ I've only been able to give this draft a brief initial look, but I do have comments regarding two issues. First, regarding this text: "In this draft, we propose to explicitly mark emails which are potentially "dmarc=pass", but are not marked as such via regular DMARC verification (None(2)), as "dmarc=pass"." What could happen as the result of this behavior, in the cases of forwarding or mailing lists, one could end up with one Authentication-Results header which contains, "dmarc=pass", but another which contains, "dmarc=none". Which bizarrely, in this kind of scenario, bypasses the mailing-list problem DMARC presently suffers from, but, well, arguably further confuses the issue, and calls into question the draft's assertion that "simply utilizing "dmarc=pass" makes it easier to leverage the field...for end users without enough expertise..." (I suppose you could still make that argument if the end user is viewing the "DMARC-ish" result via a UI like, say, GMail's, and that UI presents some kind of calibrated result.) Second, regarding this text: "There would be differing opinions regarding DMARC reports. One is the opinion that reports without explicitly published DMARC records are harmful, while another one is that without reports, virtual DMARC verification can not be called DMARC. Currently, we are siding with the first opinion in this draft." I don't see how you have a choice. The second option, in practice, results in bulk, unsolicited email. Thanks, Stan
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc