[dmarc-discuss] Co-ordinating recipient policy?
Michael Adkins
madkins at fb.com
Tue Jan 31 07:59:27 PST 2012
On 1/31/12 7:43 AM, "David Woodhouse" <dwmw2 at infradead.org> wrote:
>One possibility: We already have the 'strict' and 'relaxed' mode for
>DKIM and SPF. Perhaps we could extend that to include a 'mandatory'
>mode, where a failure of that particular authentication technology is
>considered an immediate failure without fallback. And/or an 'off' mode,
>where a given authentication technology is *disabled* for the purpose of
>the DMARC check. (I think I prefer the latter of those two options,
>FWIW, because it would work better with hypothetical extensions to
>support mechanisms like S/MIME for authentication.)
This is unnecessary. DMARC doesn't need options to disable the
consideration of individual underlying authentication technologies. If a
domain owner wishes to have their entire evaluation performed based on
only a single underlying mechanism, they simply need not implement the
unwanted mechanism. A lack of SPF record or public DKIM key gets the
result you are discussing without adding extra syntax to DMARC. Although,
if a domain owner felt so strongly that a single mechanism met all their
needs I would question why they felt they needed a DMARC record in the
first place.
More information about the dmarc-discuss
mailing list