On September 19, 2023 8:50:02 AM UTC, Alessandro Vesely <[email protected]> wrote:
>Hi all,
>
>the second sentence of the second paragraph of Section 5.8:
>
>OLD
> In particular, because of the considerations discussed
> in [RFC7960] and in Section 8.6 of this document, it is important
> that Mail Receivers not reject messages solely because of a published
> policy of "reject", but that they apply other knowledge and analysis
> to avoid situations such as rejection of legitimate messages sent in
> ways that DMARC cannot describe, harm to the operation of mailing
> lists, and similar.
>
>I have the feeling that most readers understand that allusion to /other
>knowledge and analysis/ to mean content filtering. Thence the lemma that if
>we can relay on content filtering then we don't need strong authentication.
>Instead, referenced Section 8.6 presents forwarding as /the/ scenario where
>DMARC fails. Accordingly, this section could be more precise on the kind of
>semantically acceptable enforcement exceptions. Let me try a wording:
>
>NEW
> In particular, because of the considerations discussed
> in [RFC7960] and in Section 8.6 of this document, it is important
> that Mail Receivers seek additional knowledge and mechanisms whereby
> published policies of "reject" and "quarantine" can be safely overridden.
> Mailing lists, and forwarding in general present cases where messages are
> legitimately sent beyond the author domain's reach, breaking SPF and
> possibly also DKIM. The combined effort of Mail Receivers and Forwarders
> can lead to establishing a strong recognition of such mail flows, warranting
> discharge from DMARC policy enforcement while still respecting the
> semantics of the author domain policy, thus avoiding the harm that
> otherwise DMARC causes to the operation of mailing lists.
>
>
>Is that cool?
No. I think this section is currently, correctly, focused on what to do with
only references to why. I don't think we should change that. If the current
references are inadequate, then we should improve them, not attempt to restate
them.
I don't think "other knowledge" is limited to content filtering and your
attempt to be more precise is problematic because it doesn't actually achieve
the goal.
"The combined effort of Mail Receivers and Forwarders ...", for example, leaves
out mailing lists, which is one of the things you said you were trying to solve.
Scott K
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
