On Sun, Sep 17, 2023 at 2:47 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> We have established that the normative implementation of DMARC is > (unfortunately) a fully-automated solution which implements RFC 7489 > exactly and nothing more. > Sure, but why would you do that, especially in the presence of all of the context that's come to light since March 2015? Given the language in Section 6.7 of RFC 7489, I find your statement confusing. That section goes to some lengths to lead the reader to the conclusion that there are going to be false positives and false negatives, and that DMARC should be one input to a larger policy decision. How, then, could an operator that implements DMARC and nothing else claim to be fully compliant? DMARC's brilliance was the use of an authenticated identifier to provide > proxy verification of another identifier. It is the identifiers that > provide the authentication, not the policy. The policy influences only > the strictness of the alignment rule. This means that any message with > strict alignment on SPF PASS or DKIM PASS is DMARC authenticated, with or > without a policy. "No result" in this situation is the result of a > choice, but not a necessary one, and not one that is easily justified. > I'm not following here either. The fourth sentence contradicts RFC 7489. The absence of a policy is all the justification you need to say it's "no result" rather than "authenticated"; you're otherwise willingly discarding the fact that the RFC5322.From domain's owner has either neglected or deliberately omitted to publish a policy, which may itself be a useful signal (and Section 6 talks about this). For those who have implemented to the specification, "No Result" means > "Content Filtering must carry the whole load," which it cannot do. So I > reject the notion that "No Result" is harmless. > This appears to be an assertion that everyone should be advertising a policy. That's different from asserting that all receivers should infer a policy where none is advertised. The outcomes are very different. -MSK, p11g
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
