On Mon, 18 Jan 2021, Alessandro Vesely wrote:
On Sun 17/Jan/2021 22:35:36 +0100 John Levine wrote:
If I wanted, I could send a dozen replies to this list faking the addresses
of previous senders saying that your suggestion is brilliant, or not.
And we tolerate this security hole because...?
Because it is not a problem worth solving in practice. Mailing lists have
all sorts of ways to validate submissions beyond looking at the From
header, ranging from sender challenges to S/MIME signatures. No list I
know of turns them on.
At least, we could specify in the General Record Format that unrecognized
policies should be treated as p=none.
Absolutely not. Any DMARC record with an invalid p= is just broken. We
write standards that say how to interoperate, not how to guess what other
people had in mind when they implemented it wrong.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
