Steven M Jones wrote: > Some of your subdomains may send infrequently, and you may not know what > all of them are until end of month/quarter. Depending on what's > happening with the parent domain, this odd-looking policy might be your > better option for the interim.
Certainly, but that's also true for independent systems that are sending only infrequently from the parent domain too. I can see the general point (that a mechanism with a narrow, defined scope might be a useful step in a staged implementation), but am not yet convinced that there are real world technical/security situations where this makes sense. In general, you're either: - implementing in haste because you've detected serious abuse, in which case sp=none simply hands your adversary an enormous entry; or - implementing at a more deliberate pace, in which case infrequently-sending sources can be mapped properly. > And second, sometimes you can only do what you can convince the customer > to accept. I've had the "business decision maker" refuse to block ~1 > million fraudulent messages per day because up to 500 legit messages > (out of more than 50,000) per day would also be blocked due to > forwarding. And that was their decision to make, since it was a business > decision. > > So I'm not saying it's a great choice, but in some cases it may be what > gets you the next step forward. Sure, poorly-informed "business decisions" (or well-informed business decisions using different risk perspectives) aren't going away any time soon, we all need to make a living. I was looking specifically for technical/security situations where sp=none made sense, rather than seeking to argue for the removal of the option. - Roland _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)