On 11/25/24 18:47, Alessandro Vesely wrote: > The only possible value is "helo", which we just removed. (See > https://mailarchive.ietf.org/arch/msg/dmarc/9RO1vASQ6N0Yt2oEXBy0u1ZYD8g/.)
Thanks for taking the time to provide links. > If we only accept "mfrom", the only reason to have a scope field is for > backward compatibility. Do we care? Not everyone is providing a "scope" element in the currently issued reports. So in practical terms it is already treated as optional. We can let it carry on. Investigating this, the conversation above seem to indicate that SPF MUST NOT be treated as in alignment if MAIL FROM is NULL, however https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-36.html#name-spf-domain talks about HELO identity and MAIL FROM identity, then stating: DMARC relies solely on SPF validation of the MAIL FROM identity. then it continues to talk briefly about the fallback mechanism to postmaster@HELO defined in RFC 7208, for the MAIL FROM identity, before concluding: The term "SPF Domain" when used in this document refers to an SPF validated MAIL FROM identity. https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-36.html#name-spf-authenticated-identifie again talks about HELO identity vs MAIL FROM identity, then repeats the statement from above: DMARC relies solely on SPF validation of the MAIL FROM identity. I may be confused here, because from reading the background information I'm thinking that the intention is that a NULL envelope sender is meant to lead to an SPF fail result (no identifier alignment). If that's the case, it does not seem to be what's written in dmarcbis, nor does it seem possible to rely on SPF's notion of MAIL FROM identity for this purpose, as that explicitly includes the postmaster@HELO fallback mechanism. Where did I go wrong? Daniel K. _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
