On Sun, 17 Mar 2024, Dotzero wrote:
Whenever mail is sent, there is a risk that an overly permissive source may send mail which will receive a DMARC pass result that was not, in fact, authorized by the Domain Owner. These false positives may lead to issues when systems interpret DMARC pass results to indicate a message is in some way authentic. They also allow such unauthorized senders to evade the Domain Owner's requested message handling for authentication failures.
I have a problem with this 2nd paragraph and believe it is factually incorrect. The Domain Owner has in fact authorized the message(s) as a result of an overly permissive approach. I would suggest that in fact any resulting DMARC pass is technically NOT a false positive because it is authorized by the overly permissive approach..
Seems to me we it depends on what you think "authorized" means. My sense is I told you it's OK to send the message, yours seme to be that any host on an IP in the SPF record or anyone who steals your DKIM key is authorized by definition.
Is there some other wording that can make the difference clear? Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
