On 12-12-16 07:47, Roland Turner via dmarc-discuss wrote:
John Levine wrote:
>>John Levine wrote:
>>
>>> This would be a good time to reread RFC 7489, particularly section
>>> 6.6.3, and very particularly numbered item 3 in that section.
>>
>>This is simply the DNS record discovery mechanism. It doesn't
explain the apparent overriding of the behaviour of
>>the sub-domain policy specified in the record discovered via that
mechanism.
>
> Hmmn. I wonder if anyone ever tested sp=none. More typically you
> don't expect your subdomains to be sending mail so it's sp=reject.
Actually, this is a good point: setting aside any apparent
inconsistency between the language of the specification and the
response of gmail, it's not at all clear why "p=reject sp=none" would
ever be a good idea. There may be specific cases where it may make
sense to carve out a single sub-domain with a weaker policy for
specific, closely-monitored purposes, but this would seem better
addressed by creating a policy specific to that subdomain, rather than
publishing a blanket policy which effectively says "You can't
impersonate our domain, but create any subdomain you like and
impersonate your heart out!".
Can anyone see any good reason to use a policy like this?
Petr, can you describe what you were trying to achieve?
(I'm not advocating a specification change, just surveying likely use
cases.)
actually I have two customers using mail for both their office
automation and for business processes. Both of them use their domain for
office automation mail and a subdomain thereof for business process
mail. A DMARC policy for their office environment may not have impact on
their business process mail traffic.
/rolf
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
