[dmarc-discuss] Co-ordinating recipient policy?
David Woodhouse
dwmw2 at infradead.org
Tue Jan 31 08:14:28 PST 2012
On Tue, 2012-01-31 at 15:59 +0000, Michael Adkins wrote:
> This is unnecessary. DMARC doesn't need options to disable the
> consideration of individual underlying authentication technologies.
You've trimmed and ignored the example I gave, in which it *was*
necessary. Without some way to be sure that he won't be rejecting mail
due to SPF's forwarding fallacy, Fred (my hypothetical administrator)
will not be willing to implement DMARC on the receiving side.
Yes, he can reject mail from sites which use DKIM and don't have an SPF
record at all. But if a sending site *does* have an SPF record, even
though they also DKIM-sign all their outbound email, then Fred won't be
able to reject mail that comes in without a DKIM signature.
Do not conflate the rôle of the sending domain and the receiving domain
admins. The *sending* domain may be happy to publish an SPF record
listing their own mail hosts and then '-all'. But the *recipient* may
refuse to reject on those grounds, for reasons which have been discussed
at length elsewhere.
If we want to harmonise recipient policy, surely it makes sense to find
a way to persuade those recipients (like Fred) that is is *safe* to
reject mail that fails the policy?
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5818 bytes
Desc: not available
URL: <http://medusa.blackops.org/pipermail/dmarc-discuss/attachments/20120131/ae5ad3ed/attachment.bin>
More information about the dmarc-discuss
mailing list