On Mon, Mar 4, 2024 at 6:30 AM Alessandro Vesely <[email protected]> wrote:
> Hi, > > Section 5 has a paragraph that can fit Scott's solution to SPF spoofing. > Here's a possible change: > > OLD > A Domain Owner or PSO may choose not to participate in DMARC > evaluation by Mail Receivers simply by not publishing an appropriate > DNS TXT record for its domain(s). A Domain Owner can also choose not > to have some underlying authentication technologies apply to DMARC > evaluation of its domain(s). In this case, the Domain Owner simply > declines to advertise participation in those schemes. For example, > if the results of path authorization checks ought not to be > considered as part of the overall DMARC result for a given Author > Domain, then the Domain Owner does not publish an SPF policy record > that can produce an SPF pass result. > > NEW > A Domain Owner or PSO may choose not to participate in DMARC > evaluation by Mail Receivers simply by not publishing an appropriate > DNS TXT record for its domain(s). A Domain Owner can also adjust how > some underlying authentication technologies apply to DMARC evaluation > of its domain(s). To do so, the Domain Owner directly operates on > its participation in those schemes. For example, if the results of > path authorization checks ought not to be considered as part of the > overall DMARC result for a given Author Domain, then the Domain Owner > does not publish an SPF policy record, or it can use the neutral > qualifier to avoid granting "pass" results to external domains (that > is, for example "v=spf1 ?include:example.com -all"). > In a world in which two of the largest mailbox providers (Google and Yahoo) are requiring SPF authentication, DKIM authentication, and DMARC pass for certain classes of mailers to get their mail accepted, I'm not sure that offering advice that will ensure the lack of an SPF pass (and therefore a lack of SPF authentication) is the right move. -- *Todd Herr * | Technical Director, Standards & Ecosystem *e:* [email protected] *p:* 703-220-4153 *m:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
