Is a set of guidelines on when to do an SMTP PERMFAIL vs. an SMTP
TEMPFAIL be something that's added to the design/deployment/operations
document?
Would anyone care to come up with such a set of guidelines? If they're
succinct enough, they could be folded in as part of the IETF Last Call
round.
Tony Hansen
tony(_at_)att(_dot_)com
Jim Fenton wrote:
Mark Martinec wrote:
3. If the query for the public key fails because the corresponding
key record does not exist, the verifier MUST immediately return
PERMFAIL (no key for signature).
[...]
A verifier SHOULD NOT treat a message that has one or more bad
signatures and no good signatures differently from a message with no
signature at all; such treatment is a matter of local policy and is
beyond the scope of this document.
Just to be extra clear, PERMFAIL in this context is a verifier result --
just an inability to verify the signature. In order to satisfy the above
paragraph, this SHOULD NOT result in an SMTP PERMFAIL. This is different
from a verifier TEMPFAIL, which may result in an SMTP TEMPFAIL.
I think it is plain wrong and a bug if a verifier tempfails a message
on an authoritative DNS failure.
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops