Any single message has three verification states and five policy states. Verification states: MATCH - The message has at least one identifier that is verified and exactly matches the FROM domain. INEXACT - The message has at least one verified identifier that may pass relaxed alignment because it has a match on the right-most two labels of the FROM domain. NONE - The messages has no verified identifiers, or no verified identifiers that match the right-most two labels of the FROM domain
Policy States 1) An exact match policy exists and specifies only strict alignment 2) An exact match policy exists and specifies (some or both) relaxed alignment. 3) An exact match policy does not exist and the org-default policy specifies only strict alignment. 4) An exact match policy does not exist and the org-default policy specifies (some or both) relaxed alignment 5) No policy exists. Does our document really handle all 15 of these combinations? One thing that falls out of this recap is that when the verification state is MATCH, the policy is only used for a reporting destination. If the evaluator sends RUF reports, then the reporting destination is needed immediately. If the evaluator only sends RUA reports, then then the reporting destination lookup can be deferred to report processing time, where it can be retrieved once per aggregate rather than once per message. If the evaluator does not send reports, the reporting destination, and therefore the policy, is not needed at all. Doug Foster
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
