On October 19, 2022 12:44:16 PM UTC, Dotzero <[email protected]> wrote: >On Tue, Oct 18, 2022 at 11:18 PM Scott Kitterman <[email protected]> >wrote: > >> >> >> On October 18, 2022 10:16:44 PM UTC, Neil Anuskiewicz < >> [email protected]> wrote: >> > >> > >> >> On Oct 2, 2022, at 11:01 AM, Douglas Foster < >> [email protected]> wrote: >> >> >> >> >> >> In many cases, an evaluator can determine a DMARC PASS result without >> evaluating every available identifier. >> >> If a message has SPF PASS with acceptable alignment, the evaluator has >> no need to evaluate any DKIM signatures to know that the message produces >> DMARC PASS. >> >I think it’s critical to DMARC that receivers do things like evaluate and >> report on DKIM whether or not SPF passes and is alignment. Without this, it >> would make it harder for senders to notice and remediate gaps in their >> authentication. Since there’s not a downside (that I know of), I’d say this >> should be a MUST if at all possible. >> >> >> What is the interoperability problem that happens if evaluators don't do >> that? >> >> Scott K >> > >Scott, What is the interoperability problem is evaluators didn't provide >reports at all? Reporting isn't a "must" for interoperability but it >certainly helps improve outcomes instead of senders flying blind.
I read the email as suggesting a MUST for reporting both SPF and DKIM results if you report results at all, which would, I think lead to exactly the situation you're concerned about. I'm skeptical of any kind of MUST around reporting since that's generally reserved for things that impact interoperability. I do agree it should be encouraged. Mostly, at the moment, I'm trying to understand the proposed change and the rationale. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
