Todd Herr writes: > On Tue, Jan 7, 2025 at 10:48 AM Tero Kivinen <[email protected]> wrote: > > Change first sentence of 5.3.3 from: > > For each Authentication Mechanism underlying DMARC, perform the > required check to determine if an Authenticated Identifier > (#authenticated-identifier) exists for the message if such check has > not already been performed. > > to > > For each Authentication Mechanism underlying DMARC (currently SPF > and DKIM), the Mail Receivers (#mail-receiver) MUST perform the > required check to determine if an Authenticated Identifier > (#authenticated-identifier) exists for the message. > > (I removed the "if such check has not already been performed, as this > does not specify when this check is done, it can be done in this phase > or it could have been done earlier, it is just enough that required > checks are done at some point. Having that text there is just > confusing.) > > Noting that rev -38 with a Conformance Requirements section now exists, I > disagree with two bits of your proposed text here:
After send my email I noticed that -38 has been published. The text in Conformance Requirements is mostly ok (there is typo /reportging/reporting/). On the other hand it does not describe what "Full DMARC Participation" is supposed to mean? It looks that "Full DMARC Participation" is actually "Minimal DMARC Participation" + aggregate reports daily, as everything else listed is MUST, so are part of Minimal DMARC Participation. In my opinion Full DMARC Participation would include all optional features too... I would change the section to just say "Conformance Requirements". > 1. I see no need for the parenthetical "(currently SPF and DKIM)", as it is my > opinion that not mentioning SPF and DKIM specifically here future proofs this > part of the document against the need for a change if and when the list of > Authentication Mechanisms underlying DMARC changes. Thats why it was using word "currently". Currently we have SPF and DKIM. If we add other authentication mechanisms I would expect this text to change anyways, as at some point we might not want to make all of them mandatory to check. Text that I want to have is to clearly say that Mail Receivers MUST perform checks for both SPF and DKIM. Note, that new Conformance Requirements did not say that Mail Receivers MUST do SPF and MUST do DKIM. It does say that for Domain Owners. > 2. I submit that the "if such check has not already been performed" is > necessary language to guard against the possible confusion on the part of an > implementer who might wonder why an SPF check performed early in the SMTP > transaction (right after MAIL FROM) would have to be performed again at this > point, as your proposed language seems to indicate it should in my reading. I am fine adding that back, I do not care when it was done as long as it is done at some point. -- [email protected] _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
