On 3/30/13 12:46 PM, "J. Gomez" <[email protected]> wrote: >And what about including into the DMARC specification a "SoftFail" >result, in which it would be required that both SPF and DKIM tests give a >'pass' result AND are aligned between themselves but not aligned with the >RFC5322.From header? This will buy time for mailing list software to >catch up with DMARC requirements and become, given enough time and as >familiarity with DMARC becomes more widespread, full DMARC compatible.
That would allow anyone to arrange that a message passes SPF and DKIM using any domain they like, but then use a From: of the "SoftFail" domain. This would totally defeat the purpose by handing attackers a successful phish vector. -MSK _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
