On Fri 27/Oct/2023 12:34:11 +0200 John Levine wrote:
It appears that Scott Kitterman <skl...@kitterman.com> said:
That is unfortunately true, but if we could decouple the DMARC from
SPF, then at least we could fix the situation at some point...
I propose that we not repeat this discussion and instead, try to focus on
finishing.
If there isn't a consensus to do a DKIM-only feature, which seems to be the case,
I agree, wrap up the few minor editorial issues and we're done.
The two reasons I see against the DKIM-only feature are that it can be fixed in
SPF and a generic resistance to complications.
If we add the feature, we should in any case exemplify how to fix SPF, saying
that doing so is safer, at least until all DMARC software has acquired the new
feature. As the addition would be understood as a response to the known
vulnerability, it will likely be spread.
As many of us consider it cleaner to have DMARC based on DKIM only, having that
possibility as an option is a first step in that direction anyway. The thesis
that DKIM is enough has been opposed but the only cases where SPF saves the day
seem to be software bugs. The DKIM-only feature would allow to probe that
thesis, which fixing SPF records would not.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
