On Thu 23/Nov/2023 16:41:11 +0100 Dotzero wrote:
On Thu, Nov 23, 2023 at 10:19 AM Douglas Foster wrote:
The gap between what is being attempted and what is needed is a huge
personal disappointment.
[...]
This is from a real-world conversation with a product support tech:
Me: I cannot use your DMARC implementation because it does not have an
exception mechanism.
Him: Why would you need exceptions?
I blame his ignorance, and his product's inadequacies, on RFC 7489, which
defined no exceptions.
[...]
You are absolutely incorrect when you state that there are no exceptions
provided. "Local policy" enables an evaluator to implement any
exception(s) they wish.
I only quoted that snippet of Doug's post, because it's what triggered my
understanding. The gap is between the spec and the implementation.
It is true that local policy allows much leeway. Any implementation should
have an option to just report results, leaving actions to downstream filters.
Yet, it's easier to configure a filter to reject when appropriate. Of course,
whitelisting is the key. (I think that's a better term than exceptions. And
please let's accept it along with whitespace, black friday , and etcetera...)
I wouldn't blame RFC 7489, nor DMARCbis. However, if there is a way to clarify
the role of a DMARC implementation, it may be worth discussing it.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
