On 7/5/25 10:46, Dotzero wrote:
On Fri, Jul 4, 2025 at 3:01 PM Douglas Foster <[email protected]> wrote:Authentication problems can be put into these categories: - Messages with malicious impersonation. Yes, a failure report should be sent. - Legitimate message with insufficient credentials at origination. ... Yes, a failure report should be sent. - Legitimate message whose credentials were lost in transit. Yes, a failure report should be sent. ... - Legitimate message from an entity sending on behalf of a domain member but outside of domain owner control. Yes, a failure report should be sent. ... If an evaluator determines that a message is legitimate, should he send a failure report anyway? Or should the failure be considered a false positive that can and should be ignored? Yes, a failure report should be sent. ...
I agree - if the message receiver is participating in failure reports and the domain owner has requested them, then send them when there's a failure.
There is always the caveat of local policy, but that is out of our hands. The focus of the document should be on how those parties choosing to participate should interoperate.
--S.
_______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
