John Levine writes: > It appears that Michael Thomas <[email protected]> said: > >Didn't Tero say that there used to be a MUST somewhere that made > >explicit that both SPF and DKIM MUST be evaluated? If so, why was it > >taken out and why can't it be put back in to clear his issue? There is a > >like absolutely no rationale for receivers to not verify DKIM these > >days. Even 20 years ago it wasn't an issue. > > I think the current language is clear enough.
I really like words MUST when you are making mandatory requirements. I know lots of people who only search for those MUST/SHOULD etc keywords when they read RFCs, so having proper MUST in 5.3.3 is MUST... > If you disagree, please send text. As should be evident when reading the > draft, this part has been reorganized so even if you wanted to put back > some sentence from 7489, there's no place for it to go. Change first sentence of 5.3.3 from: For each Authentication Mechanism underlying DMARC, perform the required check to determine if an Authenticated Identifier (#authenticated-identifier) exists for the message if such check has not already been performed. to For each Authentication Mechanism underlying DMARC (currently SPF and DKIM), the Mail Receivers (#mail-receiver) MUST perform the required check to determine if an Authenticated Identifier (#authenticated-identifier) exists for the message. (I removed the "if such check has not already been performed, as this does not specify when this check is done, it can be done in this phase or it could have been done earlier, it is just enough that required checks are done at some point. Having that text there is just confusing.) -- [email protected] _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
