On Tue, Sep 19, 2023 at 8:24 AM Alessandro Vesely <ves...@tana.it> wrote:
> My wording can certainly be improved. Before denying the idea, please > consider > a couple of facts: > > 1) We want ARC to override DMARC, yet we don't say so. Not in such a way > that, > when a receivers does so, he can say he's following the letter of the > protocol. > Do we need to say that expressly? Isn't it just another input that a filtering engine could consider? > 2) Content filtering cannot override DMARC, can it? By "override", I mean > the > author domain publishes a hard policy, both SPF and DKIM fail, and there > is no > deterministic sign (signature or IP) that the message comes from a > recognized > forwarder (including MLs). What kind of content could ever suggest that a > receiver conscientiously overrides DMARC? > Is that for this document to stipulate? The actual, final logic of an operator's filtering engine is not our affair. > "Other knowledge and analysis", as currently in the draft, certainly > includes > content filtering. Do we mean it? Can we think of an example? Sure. Think of the opposite case: DMARC passes for spam. Content filtering absolutely should override the DMARC result. Unless you want to go down the road of proposing that a "pass" should always win out over any other result while a "fail" should be just one of many dimensions of analysis, I think the way things are is both correct and simpler. -MSK, participating
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
