> If all your customers add your SPF to theirs, then if they forge each other's
> mail, it'll pass DMARC. I don't think you're fixing it at all, at least not
> as
> described.
For hosted customers, they cannot forge each others' email. So that part is
fine.
For on-premise customers (whose mai
On Wednesday, November 05, 2014 06:35:32 PM Terry Zink wrote:
> > Since SPF authorizes an often _shared_ outbound IP address, it has been
> > accurately described as an authorization method. DMaRC permits a DKIM
> > signature to be spoofed and still allow a message to be accepted solely
> > on the
> Does the base draft's use of the term "authentication" mislead you or your
> customers
> in any way?
No, everything is clear enough. I use the term to refer to passing either SPF
or DKIM.
As an aside, I should have mentioned that we are working on DMARC but it is not
yet complete. But the way
On Nov 5, 2014, at 10:35 AM, Terry Zink wrote:
>> Since SPF authorizes an often _shared_ outbound IP address, it has been
>> accurately described
>> as an authorization method. DMaRC permits a DKIM signature to be spoofed
>> and still allow
>> a message to be accepted solely on the basis of
On Wed, Nov 5, 2014 at 10:35 AM, Terry Zink
wrote:
> > Since SPF authorizes an often _shared_ outbound IP address, it has been
> accurately described
> > as an authorization method. DMaRC permits a DKIM signature to be
> spoofed and still allow
> > a message to be accepted solely on the basis of
> Since SPF authorizes an often _shared_ outbound IP address, it has been
> accurately described
> as an authorization method. DMaRC permits a DKIM signature to be spoofed and
> still allow
> a message to be accepted solely on the basis of SPF. What magic turns
> authorization into
> authen
On Nov 3, 2014, at 9:04 PM, Stephen J. Turnbull wrote:
> Douglas Otis writes:
>
>> After all, DMARC permits the weakest authorization as a basis for
>> acceptance, so it would be misleading to describe DMARC results as
>> having been *authenticated*.
>
> Well, no, it isn't necessarily misleadi
