On Sun 17/Jan/2021 22:35:36 +0100 John Levine wrote:
If I wanted, I could send a dozen replies to this list faking the addresses
of previous senders saying that your suggestion is brilliant, or not.
And we tolerate this security hole because...?
On Tue 15/Dec/2020 10:50:10 +0100 I wrote:
I wish there was an intermediate policy, call it p=mlm-validate, that
directs [an intermediate forwarder such as a mailing list] to reject if not
authenticated, while final recipients can accept it as if p=none.
At least, we could specify in the General Record Format that unrecognized
policies should be treated as p=none. Currently, this is subject to the
existence of a rua= tag. In Policy Discovery, we have:
6. If a retrieved policy record does not contain a valid "p" tag, or
contains an "sp" tag that is not valid, then:
1. if a "rua" tag is present and contains at least one
syntactically valid reporting URI, the Mail Receiver SHOULD
act as if a record containing a valid "v" tag and "p=none"
was retrieved, and continue processing;
2. otherwise, the Mail Receiver applies no DMARC processing to
this message.
(Such optimization should be inferred by the implementation, no?)
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
