Hi,
I have a few nits about this section:
This section describes Domain Owner actions to fully implement the
DMARC mechanism.
Actually, the section doesn't mention DMARC checking, adhering to policies
found in DMARC records, and sending feedback reports. Hence I'd strike
"fully". It describes sender side actions.
While it is possible to secure a DMARC pass verdict based on only SPF
or DKIM, it is commonly accepted best practice to ensure that both
authentication mechanisms are in place in order to guard against
failure of just one of them.
SPF normally fails on forwarding. Should we mention that?
The Domain Owner SHOULD choose a DKIM-
Signing domain (i.e., the d= domain in the DKIM-Signature header)
that aligns with the Author Domain and configure its system to sign
using that domain, to include publishing a corresponding DKIM public
key in DNS.
Maybe it's me, but I cannot understand "to include" in the last phrase of that
sentence.
Should any overlooked systems be found in the
reports, the Domain Owner can adjust the SPF record and/or configure
DKIM signing for those systems.
I'd s/overlooked systems/failures/, since surprises can also arise from systems
that the Domain Owner considered to have been set up well.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
