It appears that Scott Kitterman <skl...@kitterman.com> said: >> SPF it treated in multiple places. We cannot warn against a bad practice in >> one place (135) and recommend it unconditionally in another (132). > >That is exactly how one handles Security Considerations. So 132 says do SPF. >Security Considerations gives you stuff to think about how you do SPF. >There's >not need to embed mitigations for the considerations throughout the draft >(someone with more IETF experience than me, please correct me if I'm wrong >about this).
If you're going to provide implementation advice for SPF, which I still think is a bad idea, security considerations is indeed the least bad place to do it. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc