Ale, you're venue-shopping; please don't do that. > Discussions about solutions that only cover DKIM replay are now declared to be > out of scope for DMARC. In fact, messages that would only be blocked by > auth=dkim+spf are either messages that pass DKIM but fail SPF, or messages > that > pass SPF but fail DKIM. Since the latter case, excluding misconfigurations, > looks unlikely, this settings serves only DKIM replay. So I turn the topic to > this WG, in case someone thinks it's worth mentioning it among the possible, > yet untried solutions.
Just as solving DKIM replay is out of scope for the DMARC working group, I hope the DKIM chairs will agree with me that changes to the DMARC protocol are out of scope here. What you say here about DKIM replay is misleading and wrong. Barring misconfigurations, "dkim+spf" would be equivalent to "spf", as you actually point out in the paragraph above, and it has nothing to do with mitigating DKIM replay (other than to say that the way to avoid DKIM replay is not to pay attention to DKIM). In any case, if anyone is interested in discussing this DMARC protocol proposal, please go to the DMARC list, where it is actively being discussed. Barry, DMARC chair _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
