I have not forgotten the strong emotions that have been expressed around damage that DMARC has caused and continues to cause to legitimate mail streams.
Let's define "Damage" as: "Messages that are blocked by the Evaluator even though they are harmless to the receiving domain and desired by the intended recipient" and "DMARC Damage" as "Messages that are blocked because of DMARC FAIL with p=REJECT even though they are harmless to the receiving domain and desired by the intended recipient." These definitions focus the problem as being an Evaluator error. DMARC Damage occurs because evaluators treat FAIL with REJECT as a certain result when it is actually an ambiguous result. Therefore, if we want to fix the damage problem, we need to give different instructions to Evaluators, providing guidance on how to investigate and resolve the ambiguity. We know of two current responses to DMARC Damage: (1) Many senders avoid p=REJECT, so that damage-prone evaluators cannot learn anything useful from DMARC evaluation, and (2) sophisticated evaluators throw DMARC results into a proprietary mix with hundreds of other data points to develop a disposition decision that is only loosely related to domain owner policy. Both of these responses indicate that our protocol, as written, does not meet the needs of either senders or evaluators. A result of "DMARC Fail" raises the possibility that a message is from a malicious source. This is an important question, but it only needs to be answered once. If a source is malicious, all messages from the source need to be blocked. If a source is determined to not be malicious, the source needs to be fingerprinted so that future messages from that source are handled as acceptably identified. The question can be answered with either manual effort or sophisticated analysis and artificial intelligence, but once it is answered the evaluator can be protected from malicious messages while recipients are protected from damaged mail. Doug Foster
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
