Consider: A message has a verified DKIM or SPF domain which exactly matches the RFC5322.From domain.
In this case, the only applicable information in a policy record is the reporting address(es). But the specification does not require evaluators to send reports and does not require domain owners to request reports, so these three situations are functionally equivalent: 1) The reporting address is not used because the evaluator does not send reports. 2) The reporting address is not used because the policy does not provide an address. 3) The reporting address is not used because a policy has not been published. However, our specification says that for the third option, the evaluator must ignore the exact-match verification and therefore treat the message as having authentication status "unknown". This makes no sense. More generally, I object to any imposition of "must" on an evaluator. His only "must" is to act in his own best interest to protect himself from harm. Ignoring obviously favorable data is not in his interest. Doug Foster
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
