On Thu 12/Sep/2024 20:34:41 +0200 Steven M Jones wrote:
On 9/12/24 10:27, Alessandro Vesely wrote:
To me not much. "provided the rfc5321.MailFrom was not altered" selects a
part of forwarding. What if it was altered? If we want to be more explicit
than implicit, we have to explain why the check likely fails in each case.
Okay, so it seems like you would prefer either Option A, no mention:
As an example of this, a bank might send only targeted messages to
account holders. Those account holders might have given their bank
addresses such as [email protected] (an address that relays
the messages to another address with a real mailbox) or
[email protected] (a role-based address that does similar
relaying for the current head of finance at the association). When
such mail is delivered to the actual recipient mailbox, it will
necessarily fail SPF checks. DKIM signatures will generally remain valid
in these relay situations.
I'd s/necessarily/most likely/, to cover inordinately permissive SPF records.
Or Option B, have some external reference. Do you have a candidate in mind?
I googled a bit on that but didn't find a satisfactory analysis. There are
several good files, e.g. http://www.open-spf.org/whitepaper.pdf or
https://www.maawg.org/sites/maawg/files/news/MAAWG_Email_Forwarding_BP.pdf.
Existing material is good enough to advise against venturing into the
composition of a better piece to be proposed as a short paragraph or an
appendix in this I-D, methinks.
Best
Ale
--
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
