It appears that Barry Leiba <[email protected]> said: >I'm saying I don't want "and" to be an option, because I think it's >damaging to DMARC. There is no reason anyone should ever want to say >that, and providing the option asks for misconfigurations because >people think it's somehow "more secure". It's not more secure. It >would be very bad for deliverability of legitimate mail and would >provide no additional security. It would be a terrible mistake.
What he said. The group that invented DMARC thought about using both and specifically rejected it. I see no reason to believe they were wrong. (If someone's going to say that using both fixes DKIM replay, it really doesn't and it still has all the other problems.) It's still not clear how we would know whether anyone was paying attention to the "SPF only" flag, but since I don't think it's useful, I'm not worrying about it. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
