It appears that Seth Blank <[email protected]> said: >More accurate language that alleviates the concern would be "It is >therefore critical that domains that host users who wish for their messages >to be modified and spoofed by downstream intermediaries, such as alumni >forwarders or mailing lists, SHOULD NOT publish p=reject. Such spoofed >messages may still be rejected, regardless of a domain owner's published >DMARC policy."
There is nothing "spoofed" when a mailing list adds a subject tag. This sort of misuse of languge just makes us look silly. Sure, say it breaks the DKIM signature and makes DMARC fail, but that's because of a fundamental design problem with DMARC, not because anyone's spoofing anything. >OLD: Given the above, to ensure maximum usefulness for DMARC across the >email ecosystem, Mail Receivers SHOULD generate and send aggregate reports >with a frequency of at least once every 24 hours. > >NEW: In order for domain owners to properly collect and analyze reports >(section 5.5.5) in order to authenticate their mail and publish a policy if >they wish (section 5.5.6), mail receivers need to supply those reports. To >ensure maximum usefulness for DMARC across the email ecosystem, >understanding that some receivers may find this an undue burden, Mail >Receivers SHOULD generate and send aggregate reports with a frequency of at >least once every 24 hours. I don't see that the extra words add anything useful. SHOULD already means do it unless you have a good reason to do something else. If people aren't already inclined to send reports I don't think that trying to make them feel sorry for the senders will change their minds. >3. 4.4. Identifier Alignment Explained > >If we ever open alignment again for a future document, I hope we do away >with strict alignment. It would also simplify the document and the examples >greatly. Agreed, but that horse ain't in the barn. Strict DKIM canonicalization is equally useless, but same thing. >OLD: The choice of relaxed or strict alignment is left to the Domain Owner >and is expressed in the domain's DMARC policy record. > >NEW: The choice of relaxed or strict alignment is left to the Domain Owner >and is expressed in the domain's DMARC policy record. In practice, nearly >all domain owners have found relaxed alignment sufficient to meet their >needs. That seems OK. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
