Certainly not. You cannot drop existing defenses until the new standard is 100% deployed on the Internet, which means probably never. Your experimental implementation will need to prioritize the new test over the SPF test, to prove that it is working and to show that it is good at intercepting any subdomains that have been newly imagined by the attackers
To speed up the deployment process for existing or new standards, IETF would meed to embrace the idea of defining required features of a spam filter. Doug Fosterd ---------------------------------------- From: "Ian Levy" <[email protected]> Sent: Sunday, March 31, 2019 6:18 AM To: "Scott Kitterman" <[email protected]>, "IETF DMARC WG" <[email protected]> Subject: Re: [dmarc-ietf] Working group next steps >> I'll also offer gov.uk as an experimental ground (within reason!). > Excellent. I've listed it in the experimental registry at psddmarc.org. > Since you already had a live DMARC record for that domain, people can > experiment with this now. I guess at some point we'll have to stop generating SPF and DMARC records for the non-existent subdomains of gov.uk so we can test the new stuff properly. When we're at that point, let me know. Ta. I. -- Dr Ian Levy Technical Director National Cyber Security Centre [email protected] Staff Officer : Kate Atkins, [email protected] (I work stupid hours and weird times - that doesn't mean you have to. If this arrives outside your normal working hours, don't feel compelled to respond immediately!) This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected] _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
