On Sun 14/May/2023 13:32:18 +0200 Douglas Foster wrote:
From the document:"Without exception management, Sender Authentication dies as soon as an exception is necessary. A poorly designed exception process may enable the very impersonations that Sender Authentication is intended to prevent."It could also be subtitled, "How to use Sender Authentication without damaging mailing lists."
The I-D seems to be conceived like a postmaster manual. In that respect, it might be useful, and an occasion to clarify the impact of email authentication over "traditional" filtering techniques. However, it is not clarified what kind of mechanisms provide the evaluator feedback which allows continuous improvement.
The parallel between DMARC and SPF needs to rule out layer violations, since SPF is one of the DMARC mechanisms.
Use of SPF is not fully explained. In particular, Section 2.5, Non-privileged Messages with Sender Authentication FAIL and Content Filtering PASS, doesn't take into account that SPF fail, -all, can imply rejection at MAIL or RCPT commands, whereby the message content won't be available. (The topic is well described in Appendix D of RFC 7208.)
DNS white lists could be mentioned as an example of alternate authentication. Best Ale -- _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
