Hi, Murray,
On 2/8/12 12:31 AM, Murray S. Kucherawy wrote:
Hi Rolf,
ARFs are not typically sent in place of delivery of a message, such as
is the case when a virus scanner rejects a message. ARF is normally
generated in response to a user action post-delivery.
For the case of DKIM and SPF reports, rejection on failure is actually
improper most of the time (the exceptions being ADSP and SPF "-all",
both of which are currently discouraged).
I know at least one bank which uses SPF -all for a domain that reflects
one of their (old/obsoleted) brand names. Furthermore I can imagine that
banks will register SPF -all for lookalide domains, if they own the
domainname. Similarly with ADSP and DMARC we can expect organizations
that will use the 'reject' option to indicate they never send mail with
domain example.com.
What I'm trying to avoid is accumulating a list of informative
references describing what ARF is not. It seems to me that it's far
less confusing for unfamiliar readers just to say what ARF is, and stop.
I understand, just leave it out.
/rolf
_______________________________________________
marf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/marf
