On Mar 31, 2013, at 2:32 PM, "J. Gomez" <[email protected]> wrote:
> My suggestion of a "SoftFail" result for DMARC would happen when both > SPF-by-itself passed AND DKIM-by-itself passed, AND when neither is aligned > with the RFC5322.From header organizational domain. This suggested DMARC > "SoftFail" would only be searched for by the receiver if a DMARC "Fail" has > previously been found, i.e. if a DMARC "Pass" has previously been found then > all DMARC processing (including searching for this suggested DMARC "SoftFail" > condition) should end. Also, this suggested DMARC "SoftFail" processing would > only take place if the suggested optional second policy for DMARC has been > explicitly declared by the domain owner AND is different from the mandatory > DMARC first policy. This suggested DMARC "SoftFail" result is to accommodate > for mailing lists in the DMARC specification. > > (Additionally, it would be interesting to requiere that in this suggested > "SoftFail" result for DMARC, the RFC5322.From header had to be part of the > DKIM-signed headers in the email, even if its organizational domain was not > aligned with the "d=" domain in the DKIM signature.) > > Obviously, to get SPF-by-itself to pass AND DKIM-by-itself to pass, DNS > records for both have to be fine and dandy. So I don't understand your > comments about DNS being screwed up. > Regards, The main point of DMARC is to make decisions based on the content of the From: header. If you're not looking at the From header, you're outside the scope of DMARC. As far as defending against hostile attackers is concerned you've raised the bar solely to requiring them to have a domain name, or having access to a smarthost with a domain name. That's a low enough bar as to be pretty much useless. Cheers, Steve _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
