I'm saying I don't want "and" to be an option, because I think it's damaging to DMARC. There is no reason anyone should ever want to say that, and providing the option asks for misconfigurations because people think it's somehow "more secure". It's not more secure. It would be very bad for deliverability of legitimate mail and would provide no additional security. It would be a terrible mistake.
Barry On Mon, Jun 26, 2023 at 11:55 AM Murray S. Kucherawy <[email protected]> wrote: > > Just to clarify something: > > On Mon, Jun 26, 2023 at 5:52 AM Barry Leiba <[email protected]> wrote: >> >> I can accept some mechanism for the sender to say "SPF only", "DKIM >> only", or "either SPF or DKIM". I cannot except a version of DMARC >> where *both* must pass. > > > I think the proposal before us is to allow the domain owner to indicate it > wants specific combination(s) of SPF and DKIM to pass in order for DMARC to > pass. I imagine the default would be "or" which is backward compatible with > what we have today, as the charter demands. > > Are you saying you don't even want "and" to be an option if it is made > configurable? Or do you just not want the "or" to change to "and" without > the proposed new tag? > > -MSK, participating _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
