On Monday, September 28, 2020 11:35:58 AM EDT Kurt Andersen (b) wrote: > On Sun, Sep 27, 2020 at 11:23 AM Scott Kitterman <[email protected]> > > wrote: > > On Sunday, September 27, 2020 1:16:11 PM EDT John Levine wrote: > > > > Agreed. Maybe it would help if someone who takes the latter view would > > > > explain what they think RFC 7489, Section 6.6.2, Step 6 is for: > > > 6. Apply policy. Emails that fail the DMARC mechanism check are > > > > > > disposed of in accordance with the discovered DMARC policy of the > > > Domain Owner. See Section 6.3 for details. > > > > I don't think that says "then toss the results into your classifier". > > You completely ignored section 6.7 (Policy Enforcement Considerations) > > which states: > > Final disposition of a message is always a matter of local policy. > > Local policy could be considered "the output of some classifier" or other > mechanics left to the invention of the receiver. > > This is a part of the documented DMARC spec, not a change.
Yes and that would be equally true even if RFC 7489 were silent on the matter. Receiver always gets to decide and there's no way DMARC could pretend to mandate delivery and not get laughed out of the room. It's part of the documented specification, but so is 6.6.2(6). I think that's there to make it clear there's no attempt at a delivery mandate. There's no interoperability or protocol associated with it. My view is that using local policy to override the 6.6.2(d) domain owner policy for disposition of messages that do not pass DMARC checks is in the spirit of the thing, but pretending like DMARC policy doesn't exist is not. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
