On 2/1/2021 10:25 AM, Michael Thomas wrote:
On 2/1/21 10:13 AM, Dave Crocker wrote:
The model that a receiving site is not allowed to report DMARC
traffic unless that site is also generating DMARC authentication is
Procrustean. And as I noted, is likely counter-productive.
There is no such thing as "DMARC authentication".
Actually, there is. DMARC's requirement for alignment with the author's
From: field domain name asserts a specific bit of authenticated
semantics that does not exist elsewhere.
The paragraph quoted is poorly written and should be rewritten to say
that the report should pass either SPF or DKIM authentication as I
wrote in issue #98.
It might be written better, but its requirement is for support of
applying DMARC to generated reports. That's more than just requiring
SPF or DKIM.
This is separate from not asserting the requirement at all, of course.
d/
--
Dave Crocker
[email protected]
408.329.0791
Volunteer, Silicon Valley Chapter
American Red Cross
[email protected]
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
