On Thu, Apr 17, 2014 at 12:37 PM, Tomki Camp <[email protected]> wrote:
> What about a scenario where a user would like to > - receive DMARC reporting > - request DMARC-aware receivers reject email which does not pass base > authentication measures (SPF or DKIM), but not apply the next step of > alignment enforcement > What's the next step part? If you've rejected the message because it passes neither SPF or DKIM, it seems like you're done with that message irrespective of alignment. > This could still be beneficial in cutting off illegitimate email which > does not pass SPF or DKIM at all, but provides the allowance which some > domain owners could find a useful middle or even final step in their DMARC > deployment. > Shooting from the hip, I'm inclined to say this is out of scope for DMARC. DMARC has as one of its core tenets the notion of From: field alignment, because what the user sees comes from the From: field for most (almost all?) MUAs. If you take that out of the equation, it seems like we're talking about stuff a layer below DMARC, not DMARC itself. > Could it be set up as allowing aspf=n for “align SPF = none” and adkim=n? > If you're going to say "either has to pass but I don't care about alignment", then I can use my own domain in the MAIL FROM or sign with my own domain and send mail with your domain in the From:, and it'll pass the DMARC test. Is that really an attractive alternative? -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
