I think Richard’s suggestion would be a fine addition to what’s there now, but not a replacement. I would really prefer MUST in Richard’s text over the SHOULD, given the “trusted attestation”.
Barry On Sat, Jul 29, 2023 at 12:09 PM Richard Clayton <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In message <[email protected]>, Alessandro > Vesely <[email protected]> writes > > >Section 8.6, *Interoperability Considerations* > > > >OLD > > | It is therefore critical that receiving domains MUST NOT reject > > | incoming messages solely on the basis of a p=reject policy by the > > | sending domain. Receiving domains must use the DMARC policy as > > | part of their disposition decision, along with other knowledge and > > | analysis. > > > > > >NEW > > | It is therefore REQUIRED that receiving domains exempt from DMARC > > | disposition messages forwarded by trusted third parties, either > > | aliases or mailing lists, provided that forwarders are authenticated > > | by a secure method. Receiving domains must seek methods to > > | acknowledge forwarders' quality and grant trust where deserved. > > I think that wording is a better approach ... but the issue is not > whether the forwarder is trusted per se, but whether it reports the > origin of the email in a trusted manner and that origin leads one to > believe that the DMARC failure is to be overlooked. > > A forwarder may have accumulated all the trust in the world, but if an > authorised user is compromised and sends email From: [email protected] > then PayPal's p=reject should be honoured. > > The second part of the paragraph is aspirational and can be omitted > > so: > > Receiving domains SHOULD exempt from DMARC disposition messages > forwarded from third parties where there is a trusted attestation by the > third party that the email met the requirements for a DMARC pass when it > was received by them. > > - -- > richard Richard Clayton > > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 > > -----BEGIN PGP SIGNATURE----- > Version: PGPsdk version 1.7.1 > > iQA/AwUBZMU5Rt2nQQHFxEViEQKXxwCcDLxrP46oAluJh5yRvkR3QkY36KUAn02X > fnGnu8q4Mi6uPJI+Aox+CqU8 > =hJTb > -----END PGP SIGNATURE----- > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
