I have 1603 messages from google.com servers that are not signed by the
>From domain. These are all domains other than Gmail.
All but 18 messages are proxy signed with a d= of the form
{domain}.{digits}.gappssmtp.com. At least some of the exceptions are known
to be forwarded messages where a proxy signature would be
requiredyndesirable.
Of the 1585 that are proxy signed, 1066 provided confirmation of SPF pass
(protection against SPF upgrade) and 519 provided authentication where SPF
Pass was lacking.
So for my purposes, it is a useful strategy for separating impersonations
from false positives.
Outlook.com had less comprehensive coverage and many fewer messages in my
data set.
No other sources were detected as applying a signature that indicated both
the infrastructure domain and it's client domain.
Each evaluator would have to decide which proxy signatures can be trusted.
In that sensee, the concept has problems similarities to ARC.
ARC does not provide proxy authentication for originating messages, which
is what I needed for this situation.
Doug
On Fri, Jun 7, 2024, 3:28 PM Murray S. Kucherawy <[email protected]>
wrote:
> On Fri, Jun 7, 2024 at 1:14 AM Richard Clayton <[email protected]>
> wrote:
>
>> >Is this worth standardizing as a best practice (in a future document)?
>>
>> Since the WG declined to provide an indicator for "ignore SPF when there
>> is a valid aligned DKIM signature" I doubt this has much chance of
>> widespread approval, let alone acceptance as a Best Practice.
>>
>
> In the presence of a valid aligned DKIM signature, doesn't SPF become
> irrelevant (or, at least, redundant) in DMARC?
>
> -MSK, p11n
> _______________________________________________
> dmarc mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
>
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
