Re: [dmarc-ietf] Fwd: The sad state of SPF: research just presented at NDSS

The solution to that vulnerability is in part use a subdomain and, when possible, narrow the scope of what you permit. Better yet, choose a vendor that’s known for tight security. A quick Look at the the security headlines will show you some vendor red flags. But the sad state of spf is a

Re: [dmarc-ietf] DMARCbis WGLC Issue - Description of rua and ruf Tags

> On Mar 1, 2024, at 5:39 PM, John R Levine wrote: > > On Fri, 1 Mar 2024, Seth Blank wrote: >>> It seems OK but I would say that at this point that mailto: URI are the >>> only ones currently defined. >>> >> >> Participating, to this point. Throwing out an idea, that may be >>

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dmarcbis-30.txt

Well done! This was a technical and quasi political journey and I felt I had front row seats. Neil > On Feb 28, 2024, at 3:05 PM, internet-dra...@ietf.org wrote: > > Internet-Draft draft-ietf-dmarc-dmarcbis-30.txt is now available. It is a > work > item of the Domain-based Message

Re: [dmarc-ietf] Inconsistencies in DMARC Aggregate Report XML Schema

I’d say extend your thinking on why beyond the format itself. What else could be the cause? On Mar 11, 2024, at 7:33 PM, Neil Anuskiewicz wrote:Wow, the stat on how many domain operators move to enforcing reject policy sans aggregate reports shocked me. Trust the force, Luke.On Feb 28, 2024, at

Re: [dmarc-ietf] Inconsistencies in DMARC Aggregate Report XML Schema

Wow, the stat on how many domain operators move to enforcing reject policy sans aggregate reports shocked me. Trust the force, Luke.On Feb 28, 2024, at 4:54 AM, OLIVIER HUREAU wrote:Hello,TLDR: I think Dmarcbis should not have reference to the XML format of the aggregate reports in 5.5.3 and

Re: [dmarc-ietf] 4.1 DMARC Basics

> On Mar 3, 2024, at 1:41 AM, ves...@tana.it wrote: > > Hi, > > the last two paragraphs of section 4.1 also show a neat asymmetry between rua > and ruf. The first sounds like the notification that feedback exists rather > than something a mail receiver should do. The second is good, but

Re: [dmarc-ietf] DMARCbis WGLC Significant(ish) Issue - Section 7.6

> On Feb 29, 2024, at 10:55 AM, Todd Herr > wrote: > >  > Colleagues, > > I've been reading DMARCbic rev -30 today with a plan to collect the first set > of minor edits and I came across a sentence that I believe goes beyond minor, > so wanted to get a sanity check. > > Section 7.6,

Re: [dmarc-ietf] A.5 Issues with ADSP in Operation

Please remove the pct tag from the spec. > On Mar 9, 2024, at 7:05 AM, Alessandro Vesely wrote: > > Hi, > > as ADSP is historical, perhaps we can strike A5 entirely. If not, we should > at least eliminate bullet 5: > > 5. ADSP has no support for a slow rollout, i.e., no way to configure

Re: [dmarc-ietf] picking nits with the ABNF

> On Mar 9, 2024, at 7:33 PM, OLIVIER HUREAU > wrote: > >  > >> dmarc-version = "v" equals %s"DMARC1 > > I believe the "%s" should be dropped > > 'DMARC1' is case-sensitive in 7489. > Either we keep the "%s" or we go back to 7489 version : "%x44 %x4d %x41 %x52 > %x43 %x31" > > > I think

[dmarc-ietf] Fwd: [Errata Held for Document Update] RFC7489 (7835)

FYI Forwarded Message Subject:[Errata Held for Document Update] RFC7489 (7835) Date: Mon, 11 Mar 2024 09:34:11 -0700 (PDT) From: RFC Errata System To: giuse...@ohpe.it, superu...@gmail.com, zwi...@yahoo-inc.com CC: rfc-...@rfc-editor.org,

Re: [dmarc-ietf] picking nits with the ABNF

On Sat, Mar 9, 2024 at 4:00 PM Tim Wicinski wrote: > Just picking over the ABNF with my checks, some Qs > > dmarc-version = "v" equals %s"DMARC1 > > > I believe the "%s" should be dropped > I think this was intentional; we want "v=DMARC1" to be valid and "v=dmarc1" to be not valid. Unless I'm