> On 12/29/2014 7:26 AM, MH Michael Hammer (5304) wrote:
> > It's still not quite right:
> >
> > DMARC evaluation can only complete and yield a "pass" result when one
> >
> >
> > of the underlying authentication mechanisms passes for an aligned
> >
> > identifier. If this is not the case and either or both of them
> >
> > suffered some kind of temporary error (such as a transient DNS
> >
> > problem), the Receiver evaluating the message is also unable to
> >
> > conclude that the DMARC mechanism failed and thereby apply the
> >
> > advertised DMARC policy. Rather, the Receiver can either skip DMARC
> >
> >
> > processing for this message due to incomplete evaluation, or it can
> >
> >
> > arrange to defer handling of the message in the hope that the
> >
> > temporary error will be resolved when the message is retried. When
> >
> >
> > otherwise appropriate due to DMARC policy, receivers MAY send
> >
> > feedback reports regarding temporary errors.
> >
> >
> > The problem is with:
> >
> > "If this is not the case and either or both of them suffered some
> > kind of temporary error (such as a transient DNS problem),...",
> > Specifically the use of "either or". If only one (SPF or DKIM) has a
> > transient DNS error then presumably the other, which has not had an
> > error, can be evaluated (resulting in a "pass" or "DMARC failure". It
> > only becomes an issue when BOTH SPF and DKIM have concurrent
> > temporary errors. I'm thinking that removing the "either or" is
> > appropriate. I'm still cogitating on the rest of the paragraph.
> Good catch. This is complicated by there really being two conditions.
> The first is the negative that neither method authenticates. The second
> is the affirmative that one of them failed with a temporary error.
> So perhaps something like:
> FROM:
> > DMARC evaluation can only complete and yield a "pass" result when one
> > of the underlying authentication mechanisms passes for an aligned
> > identifier. If this is not the case and either or both of them
> > suffered some kind of temporary error (such as a transient DNS
> > problem), the Receiver evaluating the message is also unable to
> > conclude that the DMARC mechanism failed and thereby apply the
> > advertised DMARC policy.
> TO:
> DMARC evaluation can only complete and yield a "pass" result when one
> of the underlying authentication mechanisms passes for an aligned
> identifier. If neither passes and one or both of them failed due to a
> temporary error, the Receiver evaluating the message is also unable to
> conclude that the DMARC mechanism had a permanent failure and thereby
> can apply the advertised DMARC policy.
This looks good to me.
Ned
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
