I recognize that the changes in DMARCbis without also changing v=2 are possible and don't cause a security problem as ignoring "pct" when parsers are updated should result in the more restricive policy being applied. I think however there is a practical problem. As a mailbox provider I would not want to just switch parsers but will need to examine the DMARC record and actually support both pct and t for backward compatibility just in order to not change the behavior overnight for our users.
I also noticed by looking at some recent data in our logs that there is a significant number of emails received with p=quarantine or p=reject where the pct value that is neither 0 nor 100 (so not 1:1 compatible with t). I think having DMARCbis actually changing the version would simplify and keep the interpretation of DMARC records consistent. What do you think? /E
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
