On 1 Apr 2024, at 9:26, Todd Herr wrote: > On Mon, Apr 1, 2024 at 12:17 PM Tim Wicinski <tjw.i...@gmail.com> wrote: > >> I have to agree with Seth's comments that "security teams believe an SPF >> hard fail is more secure". >> I've been on the receiving end of that discussion more than once. >> >> Also, can we reference those two M3AAWG documents ? That seems like >> operational guidance. >> >> > I'm digesting the threads for the purpose of preparing tickets to track the > work, and I suspect one of the tickets will include, "Add reference to the > following two M3AAWG documents": > > 1. > > https://www.m3aawg.org/sites/default/files/m3aawg_managing-spf_records-2017-08.pdf > 2. > > https://www.m3aawg.org/sites/default/files/m3aawg-email-authentication-recommended-best-practices-09-2020.pdf
These are useful documents. The second one seems to be saying that the recommended action for intermediaries is to use ARC, and doesn’t mention address rewriting. I have some concerns about whether enough receivers interpret ARC header fields for that to be viable, but that seems to be a better solution than address rewriting. To echo Murray’s comment, should DMARC-bis reference ARC? -Jim _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc