-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <[email protected]>, Alessandro Vesely <[email protected]> writes
>Section 8.6, *Interoperability Considerations* > >OLD > | It is therefore critical that receiving domains MUST NOT reject > | incoming messages solely on the basis of a p=reject policy by the > | sending domain. Receiving domains must use the DMARC policy as > | part of their disposition decision, along with other knowledge and > | analysis. > > >NEW > | It is therefore REQUIRED that receiving domains exempt from DMARC > | disposition messages forwarded by trusted third parties, either > | aliases or mailing lists, provided that forwarders are authenticated > | by a secure method. Receiving domains must seek methods to > | acknowledge forwarders' quality and grant trust where deserved. I think that wording is a better approach ... but the issue is not whether the forwarder is trusted per se, but whether it reports the origin of the email in a trusted manner and that origin leads one to believe that the DMARC failure is to be overlooked. A forwarder may have accumulated all the trust in the world, but if an authorised user is compromised and sends email From: [email protected] then PayPal's p=reject should be honoured. The second part of the paragraph is aspirational and can be omitted so: Receiving domains SHOULD exempt from DMARC disposition messages forwarded from third parties where there is a trusted attestation by the third party that the email met the requirements for a DMARC pass when it was received by them. - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBZMU5Rt2nQQHFxEViEQKXxwCcDLxrP46oAluJh5yRvkR3QkY36KUAn02X fnGnu8q4Mi6uPJI+Aox+CqU8 =hJTb -----END PGP SIGNATURE----- _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
