On Fri, Nov 20, 2020 at 5:57 AM Doug Foster <fosterd= 40bayviewphysicians....@dmarc.ietf.org> wrote:
> > However, spoofing of non-existent subdomains is a potential problem for the > RFC5321.MailFrom domain, which then becomes an attack vector for the > RFC5322.From address as well. The problem exists because because SPF has > no > organizational default. > > We need to think about intermediate nodes, non-mail leaf nodes, and > non-existent subdomains. Assume that a spammer tries to spoof a legitimate > organization by using a non-mail or non-existing node for both the SMTP > MailFrom address and the message From Address. The message will be > evaluated as > - SPF=None, > - DomainAligned=True, and > - (if checked by some unknown algorithm) OrganizationReputation=good. > > Presuming no DKIM signature is involved, SPF=None is not the required "PASS" that DMARC enforces so I don't see the point of your argument. --Kurt
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
