Hello Ale,

please explain why this recommendation is done …

On Thu, 2021-07-22 at 20:32 +0200, Alessandro Vesely wrote:
> 
> How about something more or less like the following?
>      For uniform behavior, MLMs are better off applying the same
> mitigation
>      technique irrespective of the current content of any DMARC
> records.
>      However, some MLMs are known to decide whether to apply that
> change or
>      not based on the existence of an author's domain DMARC record and
> the
>      value of the "p" tag therein.  In any case, MLMs MUST NOT consider
> the
>      value of the "pct" tag in order to make such decision.
by appending:

The reason is, that operators can verify the correct setup, before
switching to a strict DMARC policy.  After installing “pct=0;p=reject"
the domain owner can verify by reading the aggregate reports that 100%
of the messages from the owned domain have aligned DKIM.  (Otherwise
MLM-NOT-mаngled messages will be reported as failed, too).


See also the last paragraph of 
https://datatracker.ietf.org/doc/html/draft-ietf-dmarc-dmarcbis-02#section-6.7.4.2
Shortcomings of the "pct" Tag
>>>
   *  "0" - A request that zero percent of messages producing a DMARC
      "fail" result have the specified policy applied.  While this is
      seemingly a non-sensical request, this value has been given
      special meaning by some mailbox providers when combined with
      certain "p=" values to alter DMARC processing and/or reporting
for
      the domain publishing such a policy.
<<<

I think this paragraph needs to be changed.  Proposed new wording:

*  "0" - A request that zero percent of messages producing a DMARC
"fail" result have the specified policy applied.  While this is
seemingly a nonsensical request, MLM modifying the message shall
rewrite the From: header in this case.  This way the initial domain
owners, by evaluating aggregate reports, can verify, that their setup
is correct, before enforcing strict DMARC policy.

Greetings
  Дилян

_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to