Re: [dmarc-ietf] DMARC policy overrides
"Murray S. Kucherawy" <superuser@gmail.com> Tue, 02 July 2013 20:42 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F53D21F9B87 for <dmarc@ietfa.amsl.com>; Tue, 2 Jul 2013 13:42:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rHRRpD0W2IXa for <dmarc@ietfa.amsl.com>; Tue, 2 Jul 2013 13:42:50 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) by ietfa.amsl.com (Postfix) with ESMTP id DA2A921F9B35 for <dmarc@ietf.org>; Tue, 2 Jul 2013 13:42:49 -0700 (PDT)
Received: by mail-wi0-f181.google.com with SMTP id hq4so4587434wib.2 for <dmarc@ietf.org>; Tue, 02 Jul 2013 13:42:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=yQcCUexuGaXycLOuugos0+fXZ+waku4YyjnPZkO2aaU=; b=Ujn5K0dZA/F/YegUorGtiayHeSCDOBEsWhX1IqAvo4wBldCiFJ2BRHhNsvASKmqHOH NOBd7m+WGe0Z6yWVZuknvrgO0ydztBcF1IJzDSy+EW/nztB2GLBafZL6p0ckogJPYvpB v6Fis0VhKbHBGhrc/pdsHr3gAgm1nY3he5/0dhss6raIq1EBhRa/T1tvey+9SOp2PT6G wAX665ZIy6iB9g/UTVPZG34ZZ1Il7bZOGohbXs3U2JUu8R/bujVz0Bo7mH0GbJ5uEEgs ylbmHzfTnKwDYFiMLxYCyeAN1Y+Kr4UO7mH//hC53eNmJMu3dmiPZ+2kkA1vYkevU+1/ BMDg==
MIME-Version: 1.0
X-Received: by 10.180.189.102 with SMTP id gh6mr2274244wic.19.1372797769023; Tue, 02 Jul 2013 13:42:49 -0700 (PDT)
Received: by 10.180.90.16 with HTTP; Tue, 2 Jul 2013 13:42:48 -0700 (PDT)
In-Reply-To: <51D32B7F.40007@gmail.com>
References: <77426B543150464AA3F30DF1A91365DE533DD678@ESV4-MBX01.linkedin.biz> <51D32B7F.40007@gmail.com>
Date: Tue, 02 Jul 2013 13:42:48 -0700
Message-ID: <CAL0qLwbYYEjrnnQby9iMFOz1Vm-Azcbu2vVXigMauED+mUwSHw@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
To: Dave Crocker <dcrocker@gmail.com>
Content-Type: multipart/alternative; boundary="001a11c3436a5f06b204e08d6312"
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Subject: Re: [dmarc-ietf] DMARC policy overrides
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2013 20:42:50 -0000
On Tue, Jul 2, 2013 at 12:35 PM, Dave Crocker <dcrocker@gmail.com> wrote: > My own view is that we should not call this anything as formal as 'policy > overrides'. > > What it is is simply leaving the DMARC spec. Let me repeat: If someone > does something differently than the DMARC says they need to do, they are no > longer performing DMARC. > > Anyone can do that whenever they want. The results will be outside the > spec, too. > > DMARC dictates some behaviors. Participants choose to... participate. > They can choose not to. > > If they choose to participate only partially, they risk unknown results > including non-interoperability. That's their choice. It seems to me that prose which spells this out, including the costs of the "override" (namely processing through to the end of DATA), is potentially a fine compromise. I also think it's necessary to consider some current realities. In an architecture such as the one I use, filters operate serially on the data. The SPF module runs ahead of DKIM, which in turn runs ahead of DMARC. If the SPF module decides to act on a "-all" and reject the message, DMARC and DKIM simply can't happen. DMARC, by saying SHOULD over SPF, is attempting to require that the SPF module change what it's doing. That means, at least in my local example, that DMARC is not a pure overlay atop SPF and DKIM. -MSK
- [dmarc-ietf] DMARC policy overrides Franck Martin
- Re: [dmarc-ietf] DMARC policy overrides Scott Kitterman
- Re: [dmarc-ietf] DMARC policy overrides Franck Martin
- Re: [dmarc-ietf] DMARC policy overrides Dave Crocker
- Re: [dmarc-ietf] DMARC policy overrides Murray S. Kucherawy
- Re: [dmarc-ietf] DMARC policy overrides Dave Crocker
- Re: [dmarc-ietf] DMARC policy overrides Scott Kitterman
- Re: [dmarc-ietf] DMARC policy overrides Franck Martin
- Re: [dmarc-ietf] DMARC policy overrides Matt Simerson
- Re: [dmarc-ietf] DMARC policy overrides Scott Kitterman
- Re: [dmarc-ietf] DMARC policy overrides Dave Crocker
- Re: [dmarc-ietf] DMARC policy overrides Scott Kitterman