Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

Sun, 27 Sep 2020 20:45:03 -0700 

On 9/27/2020 11:22 AM, Scott Kitterman wrote:

This seems to me to be an odd view because no RFC is needed to use From and
it's relationship to either DKIM signing domain or SPF validated Mail From.



The DKIM d= value establishes no relationship with any other identifer, 
such as the From: field.  At all.  None.



DMARC establishes the relationship. DMARC does other things, but for the 
above suggested alternative, this is the functional difference that 
requires DMARC.



To reiterate: Among currently published specifications, without DMARC 
there is no relationship between DKIM's d= value and the rfc5322.From 
domain name.




Feeding data into an algorithm has no interoperability requirements.

That doesn't mean one can't use the data this way, because anyone can that
wants to can.  That doesn't make it the specified protocol.



It's not clear what your point is.  It's clear you believe it's a 
fundamental point, but I'm not understanding it's import.




...  Maybe it would help if someone who takes the latter view would
explain what they think RFC 7489, Section 6.6.2, Step 6 is for:


    6.  Apply policy.  Emails that fail the DMARC mechanism check are
        disposed of in accordance with the discovered DMARC policy of the
        Domain Owner.  See Section 6.3 for details.

I don't think that says "then toss the results into your classifier".



The issue is not what it says -- though it worth considering whether 
that's what it /should/ say.


The issue is how receivers actually /use/ DMARC.


There has always be a tension about how to write these statements 
seeking to affect receiver behavior.  The natural tendency is to write 
language of simple directives, such as Step 6 -- after all, that's 
common language for basic protocol behavior.



However Step 6 moves from protocol into policy.  It is based on the myth 
that receivers will blindly follow the instructions that are provided by 
sites with which the receiver has no relationship, never mind a 
contractual one.



The reality is that Step 6 results in a mandate that often produces 
unacceptable results.



Receivers, having their own quality assurance models, immediately 
adapted their actions to their own operating criteria, rather than 
following the simple, blind directives of  random DMARC publishers.



d/

--
Dave Crocker
Brandenburg InternetWorking
bbiw.net


_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc





























					Reply via email to