On Sat, Aug 5, 2023 at 6:00 PM Scott Kitterman <[email protected]> wrote:
> > > On August 5, 2023 9:51:54 PM UTC, Tim Wicinski <[email protected]> wrote: > >On Sat, Aug 5, 2023 at 5:35 PM John Levine <[email protected]> wrote: > > > >> According to Tim Wicinski <[email protected]>: > >> >-=-=-=-=-=- > >> > > >> >Based on the ABNF in -28, how about something like this: > >> > > >> > > >> >dmarc-method = "dkim" / "spf" > >> > > >> >dmarc-auth = "auth" equals dmarc-method *(*WSP "," *WSP dmarc-method) > >> > >> > >1) I realize we may need someway to update the dmarc-method if a new one > is > >added (okay okay) > > > > > > > > > >> That looks OK, with large clear text saying that if any of the listed > >> methods pass, it's aligned. > >> > > > >2) I missed Scott's comment the default should be "spf,dkim" > > > >I wordsmithed Wei's definition above for Section 5.3 > > > > auth: (comma-separated plain-text list of dmarc-methods; OPTIONAL; > >default is "spf,dkim") > > Indicates the supported authentication methods. If more than one > method > >is specified, > > they are comma ',' separated without whitespace. The order of the > list > >is not significant and > > unknown methods are ignored. Possible values are as follows: > > dkim: Authenticate with DKIM > > spf: Authenticate with SPF > > > > An empty list indicates no authentication method is specified and > DMARC > >is disabled. > > > > If any listed method passes, then DMARC is aligned. > > > >Should I do a pull request etc, etc? > > Scott I'd prefer an empty list means the tag is ignored. I don't see a use case > for publishing a record that means DMARC is disabled. Also, I think it's > confusing. I would find it more natural to mean no auth methods are used > (i.e. everything fails), not DMARC is disabled. The canonical method for > disabiling DMARC is to not publish a record. I don't think we need another > way to express the same thing in a less clear way. > > Agreed. auth: (comma-separated plain-text list of dmarc-methods; OPTIONAL; default is "spf,dkim") Indicates the supported authentication methods. If more than one method is specified, they are comma ',' separated without whitespace. The order of the list is not significant and unknown methods are ignored. Possible values are as follows: dkim: Authenticate with DKIM spf: Authenticate with SPF An empty list indicates the tag is ignored. If any listed method passes, then DMARC is aligned. https://gist.github.com/moonshiner/70377e69d482e7bf3a927d5ac468babb also " I don't think we need another way to express the same thing in a less clear way." +eleventy billion tim > Scott K > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
