On Saturday, June 7, 2014 2:25 PM, Vlatko Salaj <[email protected]> wrote:
> anyway, what i propose is quite simple, pretty trivial > and easy to implement, actually: > http://www.ietf.org/mail-archive/web/dmarc/current/msg00813.html consider this example of DMARC DNS record tags: adkim=s:author-domain,s:yahoo.com,n:gmail.com aspf=r:author-domain,r:yahoo.com,n:gmail.com so, what i am proposing is changing adkim and aspf DMARC tags so they become: a comma-separated list of "alignment-strength:domain" pairs, in which 1. domains in colon pairs r 1st/3rd party domains author-domain wants to align to or not, 2. default is "r:author-domain", similar to way it is now [relaxed], and can be left out completely, or partly, on any colon side, 3. alignment-strength can be n, r or s [none, relaxed or strict], which beside the usual relaxed and strict alignment policy, adds possibility [n=none] to withheld alignment from a domain [as a countermeasure against a newly discovered abuse]. the above example would read: 1. request strict dkim alignment for author-domain, 2. request strict dkim alignment for yahoo.com dkim signatures, 3. request dkim alignment failure for gmail.com dkim signature [not rly needed if gmail.com isn't used for autor-domain's email, but a useful thing to combat new abuse and remove trust from previously trusted domain], 4. request relaxed spf alignment for author-domain and yahoo.com, 5. and finally, request spf alignment failure for gmail.com. [same as 3.] also, since relaxed and author-domain r defaults, we could do: aspf=yahoo.com,n:gmail.com instead of previous example, with same results. even things like adkim=yahoo.com,ymail.com,gmail.com,mybrosdomain.com would be legitimate and would specify relaxed alignment policy for all listed domains. also, since i'm proposing a change on DMARCv1 tags, any such change would essentially require DMARC advancing to v2, but i consider this appropriate action, since it introduces principal differences in how basic operations [alignment] work in DMARC. On Saturday, June 7, 2014 4:08 PM, Stephen J. Turnbull <[email protected]> wrote: > Unfortunately there's no protocol in there, you leave it implicit. :-( look up. > Unfortunately, AFAICS it doesn't address my needs (ie, MLMs), so I > doubt I will be able to find time to work through it and figure out > what you're suggesting in concrete terms. on small scales, like 1-15 ML-domains, it can address those needs too. be free to spend ur time on it, if u find it interesting enough, and forget our hostility from yesterday. :D sure, it won't fix yahoo's "p=reject", since yahoo will not publish hundreds of ML-domains in their DMARC DNS record alignment list, but it will fix other, smaller domains that use "p=reject". >> to domain-owner's control, where it should be. > I disagree with "where it should be". The receiver has ultimate say > on what messages it will accept, whether for relay to third parties or > local delivery (or even "silent discard"). in respect to DMARC policy, author-domain should have control over who posts email on its behalf. that was my point. receivers should have nothing to do with that, no guesswork, in respect to DMARC, but they r forced to do it now, going even as far to process "p=reject" as "p=quarantine". i'm not talking about receivers' anti-spam and other policies, we r not in that mailing list. however, i do see DMARC used in anti-spam filters too, in the future... with troubling results. >> what u r proposing, Stephen, instead, is not at all trivial or easy >> to implement, > Define "trivial" and "easy." Asking the ESP to handle all > of SPF, DKIM, and DMARC for mail purporting to be from your > domain is an obvious solution yeah, well i don't define trivial and easy like that. and i doubt any ESP will introduce something like that. it essentially changes the way they work now. i see no incentives for them to adapt to these requests. sure, i support them, be free to add my name to ur petition, but i'm sure it's a waste of our efforts. >> nor does it solve more than just my special use case. > So what? so, solution fragmentation. there r better solutions that cover more stuff at once, without any 3rd party involvement, which is preferential. it is also my principal viewpoint on life. -- Vlatko Salaj aka goodone http://goodone.tk _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
