On Thu, Dec 16, 2021 at 12:58 AM Douglas Foster < [email protected]> wrote:
> Yes, this is important stuff. > > This is one of my problem scenarios: > > A record arrives at the first hop and obtains DMARC PASS, based on SPF > and/or DKIM interpreted by a DMARC policy. Based on DMARC PASS, the > RFC5322.From address is confidently judged to be "Honestly identified" > DMARC checks SPF and DKIM, but not MX or A/AAAA. > > But then it is forwarded and loses its credentials during forwarding. > > On reception, because of DMARC FAIL, it is tested against NP. NP checks > MX and A/AAAA but does not check SPF or DKIM. The message fails this test > and is confidently judged to be "Fraudulently identified". > > Which is true? Was the message From address always fraudulent or always > honest? > > <SNIP> DMARC does not assess "honesty" nor does it assess "fraudulence". It only determines whether something passes or fails the validation check. You are apparently trying to overload your value interpretations in a manner that does not exist in the standard. Michael Hammer
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
