Yes, I seem to be out if step with others underlying assumptions about "What is DMARC?"
What I am hearing is: "DMARC permits evaluators to meet the needs of certain domain owners, specifically domain owners who publish a DMARC policy." I am disappointed with the perceived indifference to the needs of evaluators. If the intent is to also meet the needs of evaluators, then there is opportunity to adjust scope in ways that accomplish that purpose. For example, this section provides a way to block "fakedomain.gov.uk", but it is indifferent to "fakedomain.com", because com does not have a DMARC policy. I cannot understand the usefulness of that distinction. Doug On Sat, Aug 6, 2022, 1:30 AM Murray S. Kucherawy <[email protected]> wrote: > On Fri, Aug 5, 2022 at 5:02 AM Douglas Foster < > [email protected]> wrote: > >> The second principle in my discussion about NP is that an unregistered >> organization is by definition an unacceptable impersonation. When >> organization existence has not been demonstrated by discovery of a DMARC >> policy (or SPF policy or DKIM key), then it should be explicitly tested for >> existence and blocked on failure. >> > > This feels like it exceeds the scope of what DMARC should be saying. > > If no policy can be found for the RFC5322.From domain or from the > Organizational Domain (however determined), DMARC handling ends. If you > want to do whatever existence tests make sense to you, you're within your > right to do them and take whatever action you wish based on the result, but > that isn't being done as part of DMARC. > > -MSK, participating >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
