[mail-vet-discuss] Auth-Results issue #4 method=value values

Murray S. Kucherawy msk at sendmail.com
Wed Apr 19 14:42:50 PDT 2006 

Tony Hansen wrote:
> These comments are about the values specified for the method=value:
> pass, fail, softfail, neutral, temperror and permerror.
> 
> First pass:
>         sending domain publishes an authentication policy of some kind,
>         and the message passed the authentication tests
> 
> Why is a policy being required? Not all methods have policies, and some
> methods can be used without a published policy.

The policy may not be explicit.  For example, a DKIM-signed message which fails 
will generate a policy query, and DKIM specifies a default to assert if none is 
found.  That's what I meant by "of some kind".

> Instead say something like
> 
> 	The message passed the authentication tests. (This may require
> 	accessing an authentication policy of some kind published by the
> 	sending domain.)

Works for me.

> The same comments go for fail:
 > [...]

Works for me.

> The other value definitions are different, but need to recognize that
> not all authentication methods require policies. I'd suggest this rewording:
>     softfail
> 	The authentication method requires a policy to be accessed, but
> 	the policy does not require authentication of all messages from
> 	that domain, and the message failed the authentication tests

How about:

	The authentication method has either an explicit (i.e. published
	by the sending domain) or implicit policy, but the policy being
	used doesn't require successful authentication of all messages
	from that domain, and the message failed the authentication tests.

>     neutral
> 	The authentication method requires a policy to be accessed, but
>         the sending domain does not publish any sender authentication
> 	policy.

What if the method doesn't require a policy be accessed?

Actually in light of that question, maybe we don't need "neutral" at all.  For 
methods that have a policy, the verification attempt will produce one of the 
other results.  For those that don't have some queryable policy, "neutral" never 
happens.

>     temperror
 > [...]

Works for me.

>     permerror
> [...]

Works for me.

More information about the mail-vet-discuss mailing list