On Tue 19/Jan/2021 22:26:09 +0100 Todd Herr wrote:
Picking up the thread on another ticket that was brought before the group
pre-holidays and has lain fallow since the end of 2020...
John Levine asserted that there wasn't a lot of strong opinion on the
matter, and therefore we'd be leaving the spec as is, with the MAIL FROM
SPF check the only one that matters for DMARC.
Ale replied, but I don't interpret his reply as challenging John's
assertion.
The thread went off-topic w.r.t. the purpose of ticket #1.
Can this ticket be closed?
I agree that the spec needs some text somewhere to counter the passage in
Section 2.3 of RFC 7208. This, methinks, is the intended semantics of the
second paragraph of section 3.1.2 of dmarcbis:
OLD:
Note that the RFC5321.HELO identity is not typically used in the
context of DMARC (except when required to "fake" an otherwise null
reverse-path), even though a "pure SPF" implementation according to
[RFC7208] would check that identifier.
I'd rather replace that paragraph and leave item 4 of Section 6.6.2 as is. For
a possibly less confusing wording:
NEW:
Even tough a "pure SPF" implementation, according to [RFC7208], would
avoid to check the RFC5321.MailFrom identity if the RFC5321.HELO was
conclusively determined to pass, DMARC authentication requires the
authenticated identity to be aligned.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
