On Tue 28/Jul/2020 23:23:24 +0200 John R Levine wrote, quoting Autumn:
To Todd's point, I think the answer on which policy would be applied at least
needs to be predictable. If one receiver chooses one policy and a different
receiver chooses the other policy, that is going to make it significantly
more complicated for complex organizations to implement a DMARC p=reject or
even p=quarantine policy.
But it's not predictable now. Some receivers follow p=reject all the time,
some follow it sometimes, some follow it never (me.)
I follow it sometimes, but it would be easier to follow it always. If it were
set up correctly, the latter would also be more reliable.
To suggest disposition, I'd add an "snd=" tag in the From: domain's DMARC
record, having one of the following values:
*none*: Sender: field shall not be considered for messages From: this domain.
This should be the default, for compatibility with existing settings.
*any*: Accept messages forwarded by any Sender:, provided it validates.
*/reputation domain/*: Supply a domain to be looked up for Sender: reputation.
If Sender: validates and has a positive reputation, then accept the message.
I think that in practice the situations where someone else is going to resign
your mail with a Sender DMARC policy are narrow enough that most IT departments
wouldn't even notice.
Except if setting Sender: to the next trash domain becomes an attack path for
phishing.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
