On 12/5/20 6:04 PM, Jim Fenton wrote:
I’d like to step back from the specific use case of “a bank”.
If a domain publishes p=reject, they’re requesting particular handling
of a message they originate. ARC modifies that, which is good for
mailing lists and similar intermediaries, but depends on a list of
trusted intermediaries that is not under the control of the
originating domain. That increases the attack surface for DMARC
considerably.
The question I have is: Should DMARC have a policy (or policy
modifier) that says, “Do not accept modifications to this message?” In
other words, that the originator values the integrity of their
messages over deliverability.
I'm in the middle of reading rfc 7960 and lo and behold I found this.
So I'm not the only one who has thought about this.
"
To further complicate the usage of mitigations, mitigation may not be
desired if the email in question is of a certain category of high
value or high risk (security-related) transactional messages (dealing
with financial transactions or medical records, for example). In
these cases, mitigating the impact of DMARC due to indirect email
flows may not be desirable (counterproductive or allowing for abuse)"
And the example they use is exactly the example I used.
Mike
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
