On August 5, 2023 9:51:54 PM UTC, Tim Wicinski <[email protected]> wrote: >On Sat, Aug 5, 2023 at 5:35 PM John Levine <[email protected]> wrote: > >> According to Tim Wicinski <[email protected]>: >> >-=-=-=-=-=- >> > >> >Based on the ABNF in -28, how about something like this: >> > >> > >> >dmarc-method = "dkim" / "spf" >> > >> >dmarc-auth = "auth" equals dmarc-method *(*WSP "," *WSP dmarc-method) >> >> >1) I realize we may need someway to update the dmarc-method if a new one is >added (okay okay) > > > > >> That looks OK, with large clear text saying that if any of the listed >> methods pass, it's aligned. >> > >2) I missed Scott's comment the default should be "spf,dkim" > >I wordsmithed Wei's definition above for Section 5.3 > > auth: (comma-separated plain-text list of dmarc-methods; OPTIONAL; >default is "spf,dkim") > Indicates the supported authentication methods. If more than one method >is specified, > they are comma ',' separated without whitespace. The order of the list >is not significant and > unknown methods are ignored. Possible values are as follows: > dkim: Authenticate with DKIM > spf: Authenticate with SPF > > An empty list indicates no authentication method is specified and DMARC >is disabled. > > If any listed method passes, then DMARC is aligned. > >Should I do a pull request etc, etc?
I'd prefer an empty list means the tag is ignored. I don't see a use case for publishing a record that means DMARC is disabled. Also, I think it's confusing. I would find it more natural to mean no auth methods are used (i.e. everything fails), not DMARC is disabled. The canonical method for disabiling DMARC is to not publish a record. I don't think we need another way to express the same thing in a less clear way. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
