About this paragraph: >> The original pre-standardization version of this protocol included a >> mandatory check of this nature. It was ultimately removed, as the >> method's error rate was too high without substantial manual tuning >> and heuristic work. There are indeed use cases this work needs to >> address where such a method would return a negative result about a >> domain for which reporting is desired, such as a registered domain >> name that never sends legitimate mail and thus has none of these >> records present in the DNS. This section seems to give a free pass to senders who use non-existent domains, as if such behavior had no impact on the risk posture of the recipient. It seems to say, "You can keep doing this, because so is everyone else." I would think better language would be along the following lines:
"Senders SHOULD register all domains in DNS, as MTA operators MAY block messages that appear to come from non-existent domains. Developers of MTA filtering software SHOULD provide MTA operators with the ability to block non-existent domains. If such ability is provided, the MTA filtering system MUST provide a mechanism for overriding the filter rule for messages that are acceptable to the recipient organization." In short, the evaluation of whether manual tuning is worthwhile should be left to the discretion of the MTA operator, based on his organization's risk tolerance and message characteristics.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
