On 12/10/20 6:01 PM, Kurt Andersen (b) wrote:
On Thu, Dec 10, 2020 at 5:03 PM Dave Crocker <[email protected]
<mailto:[email protected]>> wrote:
On 12/10/2020 4:46 PM, Kurt Andersen (b) wrote:
to quibble with the "*unauthorized use*" situation. This
situation devolves into use-as-imagined vs. use-as-really-used
when one considers various intermediary scenarios.
(to respond to the content...)
So, the driving issue is that it's characterizing problematic
usage; use that did not achieve a DMARC pass.
And, yeah, that doesn't mean the use was unauthorized, given the
other possible explanations for failure.
So, without suggesting a label, I'd describe this factor as "how
serious is a failure to get a DMARC pass"? If that's the right
semantic, what's a reasonable label to use? If it's not the right
semantic, what is?
I think that is much closer to the right semantic but highlights a
problem that the mail coming from a particular domain probably doesn't
rate a single broad-brush characterization of seriousness.
I think this all should be driven by "what are you asking me to do?".
p=quarantine is asking for a specific thing, but it doesn't seem to mean
literally what it's asking for. it seems to mean "i'm not comfortable
with this except in certain situations that i can't enumerate with any
accuracy". maybe p=quarantine is my "only if you trust the intermediary"
state I was talking about the other day.
Mike
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
