John Levine wrote: >>John Levine wrote: >> >>> This would be a good time to reread RFC 7489, particularly section >>> 6.6.3, and very particularly numbered item 3 in that section. >> >>This is simply the DNS record discovery mechanism. It doesn't explain the >>apparent overriding of the behaviour of >>the sub-domain policy specified in the record discovered via that mechanism. > > Hmmn. I wonder if anyone ever tested sp=none. More typically you > don't expect your subdomains to be sending mail so it's sp=reject.
Actually, this is a good point: setting aside any apparent inconsistency between the language of the specification and the response of gmail, it's not at all clear why "p=reject sp=none" would ever be a good idea. There may be specific cases where it may make sense to carve out a single sub-domain with a weaker policy for specific, closely-monitored purposes, but this would seem better addressed by creating a policy specific to that subdomain, rather than publishing a blanket policy which effectively says "You can't impersonate our domain, but create any subdomain you like and impersonate your heart out!". Can anyone see any good reason to use a policy like this? Petr, can you describe what you were trying to achieve? (I'm not advocating a specification change, just surveying likely use cases.) - Roland
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
