On December 6, 2021 1:04:44 PM UTC, Todd Herr
<[email protected]> wrote:
>On Sat, Dec 4, 2021 at 5:35 PM Douglas Foster <
>[email protected]> wrote:
>
>> I have multiple objections to this paragraph in section 5.7.2
>>
>> "Heuristics applied in the absence of use by a Domain Owner of either SPF
>> or DKIM (e.g., [Best-Guess-SPF
>> <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-04.html#Best-Guess-SPF>
>> ]) SHOULD NOT be used, as it may be the case that the Domain Owner wishes
>> a Message Receiver not to consider the results of that underlying
>> authentication protocol at all."
>>
>> [snip]
>>
>>
>> I think this text was inserted because of an open ticket when discussion
>> was going nowhere and a new draft was created. Perhaps the originator of
>> that ticket can elaborate on his thinking.
>>
>>
>To be clear, the text at issue is present in RFC 7489, Section 6.6.2.
>
>That doesn't make it immutable, of course...
Thanks for the clarification. I'd forgotten that was there. I definitely
think it should be removed, regardless of the origin.
In addition to my comments about leaving SPF best guess out, I think the DKIM
part is problematic too. There really aren't any DKIM heuristics to use "in
the absence of use by a domain owner". The only DKIM related heuristics that
might apply to this section are the ones we've discussed about recovering
signatures that failed due to in transit modification. Those are a good thing,
even if they aren't broadly applicable enough to warrant standardization.
I think what better goes in this spot is a more general comment about local
policy (it doesn't seem to be discussed elsewhere). That would include
mentioning ARC as an input to local policy. I have also suggested an appendix
or possibly a separate document on things mail senders, intermediaries, and
receivers can do to improve the reliability of DMARC through indirect mail
flows. This would be one place that should be referenced.
I'll provide text if people like the concept.
Scott K
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
