+1 on Scott's comment. Michael Hammer
On Mon, Jul 22, 2019 at 6:44 AM Scott Kitterman <[email protected]> wrote: > > > On July 22, 2019 4:31:40 AM UTC, "Douglas E. Foster" < > [email protected]> wrote: > >About this paragraph: > > > >>> The original pre-standardization version of this protocol included a > > >> mandatory check of this nature. It was ultimately removed, as the > >>> method's error rate was too high without substantial manual tuning > >>> and heuristic work. There are indeed use cases this work needs to > >>> address where such a method would return a negative result about a > >>> domain for which reporting is desired, such as a registered domain > >>> name that never sends legitimate mail and thus has none of these > >>> records present in the DNS. > > > >This section seems to give a free pass to senders who use non-existent > >domains, as if such behavior had no impact on the risk posture of the > >recipient. > >It seems to say, "You can keep doing this, because so is everyone > >else." > > > > I would think better language would be along the following lines: > > > > > > > >"Senders SHOULD register all domains in DNS, as MTA operators MAY block > > > >messages that appear to come from non-existent domains. > >Developers of MTA filtering software SHOULD provide MTA operators with > >the > >ability to block non-existent domains. > > If such ability is provided, the MTA filtering system MUST provide a > >mechanism for overriding the filter rule for messages that are > >acceptable > >to the recipient organization." > > > >In short, the evaluation of whether manual tuning is worthwhile should > >be > >left to the discretion of the MTA operator, based on his organization's > >risk tolerance and message characteristics. > > I think that it is well outside the scope of this document to impose such > a requirement. > > Scott K > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
