On Sun 29/Oct/2023 21:03:17 +0100 Mark Alley wrote:
Giving this some more thought from the opposite point of view... the benefits to an auth=DKIM method in DMARC itself would remove the need for domain owners to do SPF tinkering for any upgrade mitigation, and shared mail infrastructure where one could potentially be affected by SPF upgrade could instead be mitigated by the new tag, but still retain positive SPF authentication.
Hm... diligent SPF settings are still due. I don't think the ability to sweep SPF negligence under DMARC carpet can be considered an upside...
So, theoretically, if we look at it that way, there are a couple of upsides, although obviously there is additional added complexity, and as Doug surmised, the adaptation of mail filters will take a significant amount of time before we see any semblance of ubiquitous adoption.
For added complexity, we need to add an element to the PolicyPublishedType to account for auth=.
I'm on the fence currently about the auth= method.
+1, it's role for the next several years seems to be a gauge in the security theater.
Best Ale -- _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
