In article <5fca5469-8673-9555-8e47-e2251632f...@tnetconsulting.net> you write: >-=-=-=-=-=- > >On 10/13/2017 10:54 AM, John Levine wrote: >> SRS is one of those magic bullets that might have worked if everyone >> in the world implemented it at the same time, and the design were >> written by someone who understood the security issues. > >Would you please elaborate on (or point me to existing documentation) on >the security issues that you're referring to?
See the paragraph about forged domains and whitelists in the original message. >> So if you have to be prepared to ignore overenthusiastic SPF >> -all anyway, who needs SRS? > >Maybe it's just me, but I've never felt the desire to ignore >overenthusiastic SPF. It's just you. I talk to people who run large mail systems, and without exception they tell me that they do not reject on spf -all other perhaps a plain -all which means someone sends no mail at all.. The false positive rate would just be too high. >I feel that if a sending domain sets "-all" they (hypothetically) know >what they are doing ... Wow, you're the optimist. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc