On 1/30/21 2:09 PM, John R Levine wrote:
On Sat, 30 Jan 2021, Jim Fenton wrote:
Part of the problem here is that DMARC generally sits on top of an
SPF library which doesn't tell you how it got its result. My DMARC
code just calls the SPF library and uses the result. I suppose I
could put in a hack to say don't use the SPF result if the MAIL FROM
is null, but I don't think that's what 7489 says.
Are changes to 7489 off the table here? I didn’t know.
They are certainly possible, but I would want a good reason. At this
point, SPF using HELO seems harmless so I don't see a reason to
disallow it.
From a security standpoint, I wonder why you would want to allow
something you know can be gamed. But that is probably more a question
for SPF itself.
Mike
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
