On Sun 31/Mar/2024 22:33:10 +0200 Murray S. Kucherawy wrote:
On Sun, Mar 31, 2024 at 9:32 AM Alessandro Vesely <ves...@tana.it> wrote:
On Sun 31/Mar/2024 14:22:04 +0200 Douglas Foster wrote:
On SPF, our document should say simply,
" a DMARC-compliant evaluator MUST NOT reject a message, based on SPF result,
prior to receiving the Data section and checking for aligned and verifiable
signatures."
Nonsense. Rejecting at RCPT TO is much quicker than waiting for the whole
message. People who publish -all know what they do.
Of course it is, but it prevents DKIM signatures from being tested, and
hence DMARC from being evaluated. Maybe that's what you want, but maybe
it's not what everyone wants.
I agree there may be people who inadvertently set -all and would be better off
changing it to ~all. However, by claiming Best Practice, we'd be scaring those
who want -all for good reasons.
I also reject based on RBLs and private IP lists; does that affect DMARC
compliance?
I might argue that you can't possibly claim DMARC compliance if you're not
even getting far enough to execute its algorithm.
I'd say I comply /when/ I execute its algorithm.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
