> > * Is there consensus on moving ahead with the idea of a way to indicate > > which authentication method(s) the Domain Owner wants Receivers to use? If > > so, it doesn't seem to be in the document yet. > > My recall is that we want to limit DMARC evaluation to DKIM only, for the edge > cases of domains with over-wide SPF policies, since they proved to be > vulnerable to false DMARC pass. The WG discussed the possibility to also > require both methods to limit replay, and concluded that the idea was a foot > gun. Hence the WG agreed on the comma syntax.
My reading of the discussion is: 1. We did not have rough consensus to eliminate the use of SPF in DMARC. 2. We did not have rough consensus to complicate DMARC by having the publishing domain specify authentication methods. Ale, you're saying that my reading on (2) is wrong, yes? Can you provide support for that? Barry _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
