Dear DMARC WG members, I don't understand the choice made when writing the point 6. of the policy discovery mechanism (Dmarcbis : [ https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-28.html#section-4.7 | https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-28.html#section-4.7 ] )
```If a retrieved policy record does not contain a valid "p" tag, or contains an "sp" or "np" tag that is not valid, then: * If a "rua" tag is present and contains at least one syntactically valid reporting URI, the Mail Receiver MUST act as if a record containing "p=none" was retrieved and continue processing; * Otherwise, the Mail Receiver applies no DMARC processing to this message.``` According to this text, the record : 'v=DMARC1; p=reject; sp=quarantin;' (an 'e' is missing at 'quarantine') MUST be interpreted as 'v=DMARC1; p=none;' because the "sp" tag is not valid. It implies that domain name owners who had made a spelling mistake on the sp tag see their 'p' tag downgrade to 'none'.. Even though the domain owner will receive the aggregate report containing the 'p' DispositionType, I am not sure he/she will catch the issue. I would then propose to set the invalid tag to none instead of the 'p' tag such as : [Old Version] * If a "rua" tag is present and contains at least one syntactically valid reporting URI, the Mail Receiver MUST act as if a record containing "p=none" was retrieved and continue processing; [/Old Version] [Proposition] * If a "rua" tag is present and contains at least one syntactically valid reporting URI, the Mail Receiver MUST act as if the invalid tag was set to none and continue processing; [\ Proposition ] The situation for RFC 7489 is slightly the same, with the keyword SHOULD instead of MUST: [ https://datatracker.ietf.org/doc/html/rfc7489#section-6.6.3 | https://datatracker.ietf.org/doc/html/rfc7489#section-6.6.3 ] Best regards, Olivier Hureau
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
