On Wed, Oct 25, 2023 at 7:12 AM Barry Leiba <barryle...@computer.org> wrote:
> > > * Is there consensus on moving ahead with the idea of a way to indicate > > > which authentication method(s) the Domain Owner wants Receivers to > use? If > > > so, it doesn't seem to be in the document yet. > > > > My recall is that we want to limit DMARC evaluation to DKIM only, for > the edge > > cases of domains with over-wide SPF policies, since they proved to be > > vulnerable to false DMARC pass. The WG discussed the possibility to also > > require both methods to limit replay, and concluded that the idea was a > foot > > gun. Hence the WG agreed on the comma syntax. > > My reading of the discussion is: > > 1. We did not have rough consensus to eliminate the use of SPF in DMARC. > +1 > 2. We did not have rough consensus to complicate DMARC by having the > publishing domain specify authentication methods. > +1 > Ale, you're saying that my reading on (2) is wrong, yes? Can you > provide support for that? > > Mi chael Hammer
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc