On Sat, Dec 4, 2021 at 17:48 Scott Kitterman <skl...@kitterman.com> wrote:
> > > On December 5, 2021 12:23:40 AM UTC, "Murray S. Kucherawy" < > superu...@gmail.com> wrote: > >On Sat, Dec 4, 2021 at 2:35 PM Douglas Foster < > >dougfoster.emailstanda...@gmail.com> wrote: > > > >> I think this text was inserted because of an open ticket when discussion > >> was going nowhere and a new draft was created. Perhaps the originator > of > >> that ticket can elaborate on his thinking. > >> > > > >I believe the admonishment against best-guess SPF was based at least in > >part on the sentiments found here: > > > >http://www.open-spf.org/FAQ/Best_guess_record/ > > > >...which is to say it's apparently a discouraged practice. > > > >It makes it difficult for DMARC to be deterministic when the things upon > >which it's built behave in unpredictable ways. That's not to say this is > >unique though; DKIM, for example, allows verifiers to decide what an > >acceptable signature is (a favorite I remember from the early days was "I > >don't want to accept a DKIM signature that didn't cover the Subject > >field"), which again means one site's "pass" is another site's "fail". > > Much like Dave's response about DKIM, I think what an SPF result is is > well defined. The so called "Best Guess" isn't an SPF result at all. > Implementation and interoperability requirements for SPF are defined by RFC > 7208 (and formerly RFC 4408). Neither it nor it's predecessor ever defined > this. It's not implemented in Mail::SPF, which is the closest thing there > is to a reference implementation. > > We already say to use DKIM and SPF. If you want an enumerated list of all > the things that aren't DKIM or SPF to tell people not to do, I think it > would be a long list. As far as I know, no RFC even mentions "Best Guess" > and this one should not be the first. +1 > > Scott K > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > -- *Seth Blank * | Chief Product Officer *e:* s...@valimail.com *p:* 415.273.8818 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
