On Tue 15/Mar/2022 02:54:21 +0100 Douglas Foster wrote:
For subdomains of registered organizations, SP=reject protects both existent
and non-existent domains. This means that a NP policy would only be relevant
when sp=none and np=reject.
While that's true, someone may want to set, for example, sp=quarantine;
np=reject;
While some organizations may use non-existing domains in From:, I wouldn't
consider that to be a good practice. Some other organizations may instead want
to reject messages exhibiting a non-existent author domain, irrespective of
authentication. That was ADSP's nxdomain feature.
DMARC only allows to force non-existent domains into a policy. At a first
look, it would seem that an organization which wants to disown messages with
non-existent author domain should be able to do it. Unless their SPF record is
wrong or their DKIM keys are stolen, it is enough to avoid to send messages
with such From: lines.
[...]
At the same time, it is difficult to assume that any theoretical expectation
will remain valid across many spammers and billions of messages. In my
limited study, I only see non-existent subdomains used for legitimate mail.
Since no one has submitted evidence to the contrary, I feel emboldened that
my theory may indeed be correct. If non-existent subdomains of legitimate
organizations are being impersonated on a scale worthy of checking every
message, I would expect that we could find evidence of it.
What would be the advantage of impersonating a non-existent domain?
Anyway, it should be clear to the readers of RFC 9091 that np=reject implies
that mail from t4x.gov.example is going to be accepted if it passes SPF or
DKIM. Or is there room for misunderstanding?
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
