On Sun 14/May/2023 13:32:18 +0200 Douglas Foster wrote:
From the document:
"Without exception management, Sender Authentication dies as soon as an
exception is necessary. A poorly designed exception process may enable the
very impersonations that Sender Authentication is intended to prevent."
It could also be subtitled, "How to use Sender Authentication without damaging
mailing lists."
The I-D seems to be conceived like a postmaster manual. In that respect, it
might be useful, and an occasion to clarify the impact of email authentication
over "traditional" filtering techniques. However, it is not clarified what
kind of mechanisms provide the evaluator feedback which allows continuous
improvement.
The parallel between DMARC and SPF needs to rule out layer violations, since
SPF is one of the DMARC mechanisms.
Use of SPF is not fully explained. In particular, Section 2.5, Non-privileged
Messages with Sender Authentication FAIL and Content Filtering PASS, doesn't
take into account that SPF fail, -all, can imply rejection at MAIL or RCPT
commands, whereby the message content won't be available. (The topic is well
described in Appendix D of RFC 7208.)
DNS white lists could be mentioned as an example of alternate authentication.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc