> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Scott > Kitterman > Sent: Wednesday, February 08, 2012 8:39 PM > To: [email protected] > Subject: Re: [marf] I-D Action: draft-ietf-marf-as-07.txt > > I think it would useful to mention both SPF and DKIM here as one may > offset failures in the other (along the lines of what DMARC is doing). > Proposed text: > > Perhaps the simplest means of mitigating this threat is to assert > that these reports should themselves be signed with something like > DKIM or authorized with SPF. On the other hand, if there is a problem with > the DKIM infrastructure at the Verifier, signing DKIM failure reports may > produce reports that aren't trusted or even accepted by their > intended recipients. There may be similar issues with SPF evaluation. Use > of both technologies can mitigate this risk to a degree.
Quite right, and what everyone's been espousing in that space for quite a while. Updated accordingly. -MSK _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
