What is so hard to grasp'? "Treated in a manner that is consistent with the reputation of the responsible party" means that "the message is safe to whitelist if whitelisting is desired."
I was not saying that DMARC=PASS was a basis for whitelisting. I said that DMARC=PASS and a trusted identifier is a basis for whitelisting (when necessary to avoid false positives.) Any product can do whitelisting based on a single attribute, but whitelisting requires at least two attributes: a trusted identifier or set of identifiers, and a verification status which indicates that the identifiers are not spoofed. Therefore the primary value-add from sender authentication is that it allows me to whitelist messages from trusted senders to avoid false positives. As we have both said, sender authentication=FAIL is a can of worms, but it is not identical with Repudiate. BUT MORE TO THE POINT If you believe that the ex'sting NP language is sufficient and effective, just explain why you believe this is so. A justification is all that my original topics requested, and this has not been done. For my part, I don't see a test definition that can be implemented reliably, all I see is a test name. Any attempt to code the test introduces questions that have not been addressed, such as SP="-ALL" and MX= ".". Similarly, I see a concept name, "non-existent", which is also undefined. Any attempt to interpret "non-existent" will expose ambiguities. This language is simply not up to IETF standards. When I try to fix the language, I find that the design is not merely vague, it is wrong. So please answer these questions: - Do you believe the problem and the solution are well defined in the current specification? - Can you explain why the solution is the best possible fit for the problem? - Have you evaluated the problem and solution against an actual mail stream to see if it works? - Have you asked someone to attempt an implementation of this part of the specification? In short, the group needs to stop telling me why I don't think straight, or why I am incomprehensible, why I should shut up, and instead start telling me what they believe and why. Those who cannot or will not do these things, should let someone who has evaluated this idea against a real mail stream take the lead. Doug Foster
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
