Indeed. Besides content filtering there could be knowledge that the message came from a mailing list, there could be ARC or another mechanism of that nature, there could be knowledge of the sending domain and its user base, there could be knowledge of the specific recipient and her preferences, there could be allow lists of various sorts based on sender or recipient, and I'm sure there are additional things I haven't thought of here. And how are we "respecting the semantics" if we're not rejecting as requested?
No, let's please not make this change. Barry On Tue, Sep 19, 2023 at 5:20 AM Scott Kitterman <[email protected]> wrote: > > > > On September 19, 2023 8:50:02 AM UTC, Alessandro Vesely <[email protected]> > wrote: > >Hi all, > > > >the second sentence of the second paragraph of Section 5.8: > > > >OLD > > In particular, because of the considerations discussed > > in [RFC7960] and in Section 8.6 of this document, it is important > > that Mail Receivers not reject messages solely because of a published > > policy of "reject", but that they apply other knowledge and analysis > > to avoid situations such as rejection of legitimate messages sent in > > ways that DMARC cannot describe, harm to the operation of mailing > > lists, and similar. > > > >I have the feeling that most readers understand that allusion to /other > >knowledge and analysis/ to mean content filtering. Thence the lemma that if > >we can relay on content filtering then we don't need strong authentication. > >Instead, referenced Section 8.6 presents forwarding as /the/ scenario where > >DMARC fails. Accordingly, this section could be more precise on the kind of > >semantically acceptable enforcement exceptions. Let me try a wording: > > > >NEW > > In particular, because of the considerations discussed > > in [RFC7960] and in Section 8.6 of this document, it is important > > that Mail Receivers seek additional knowledge and mechanisms whereby > > published policies of "reject" and "quarantine" can be safely overridden. > > Mailing lists, and forwarding in general present cases where messages are > > legitimately sent beyond the author domain's reach, breaking SPF and > > possibly also DKIM. The combined effort of Mail Receivers and Forwarders > > can lead to establishing a strong recognition of such mail flows, > > warranting > > discharge from DMARC policy enforcement while still respecting the > > semantics of the author domain policy, thus avoiding the harm that > > otherwise DMARC causes to the operation of mailing lists. > > > > > >Is that cool? > > No. I think this section is currently, correctly, focused on what to do with > only references to why. I don't think we should change that. If the current > references are inadequate, then we should improve them, not attempt to > restate them. > > I don't think "other knowledge" is limited to content filtering and your > attempt to be more precise is problematic because it doesn't actually achieve > the goal. > > "The combined effort of Mail Receivers and Forwarders ...", for example, > leaves out mailing lists, which is one of the things you said you were trying > to solve. > > Scott K > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
