Re: [dmarc-ietf] wiki vs. list?
> > -Original Message- > > From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of John Levine > > Sent: Friday, October 10, 2014 12:12 AM > > To: dmarc@ietf.org > > Cc: r.e.sonnev...@sonnection.nl > > Subject: Re: [dmarc-ietf] wiki vs. list? > > > > >A more general comment: reading the wiki and the discussions on this > > >list, it get the impression that we seem to focus more on the issues > > >related to the 'DKIM part of DMARC' then on issues related to the 'SPF > > >part of DMARC'. Is my observation correct, do we tend to forget SPF here? > > > > I agree with Scott, there's not much to say about it. If you forward or > > remail a > > message, the origin IP changes, and there's nothing you can do about it. > > > > Perhaps we can note that in theory the original sender could add mailing > > list > > IPs to its own SPF, but I never heard of anyone doing that. > > > An issue that I have been thinking on - and it is the reverse of this > discussion - is that it is operationally difficult to maintain accurate SPF > records for organizations with a lot of domains where the SPF records vary > across the domains. I recently found this situation with one of our domains > (an > acquisition). This is similar to other situations where organizations are > fairly good with adds and changes but not so much with deletes. This isn't > anything that can be addressed through an RFC but I think it is worth noting. This looks to me to be an operational issue with deploying SPF at scale. This WG"s charter is pretty specific that we're focusing on issues caused by "mail that does not flow from operators having a relationship with the domain owner, directly to receivers operating the destination mailbox". I don't see how this fits within that scope. So, while I'm sympathetic to the difficulties using SPF in this way, I don't think it's in scope for the present effort. Ned ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] wiki vs. list?
> -Original Message- > From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of John Levine > Sent: Friday, October 10, 2014 12:12 AM > To: dmarc@ietf.org > Cc: r.e.sonnev...@sonnection.nl > Subject: Re: [dmarc-ietf] wiki vs. list? > > >A more general comment: reading the wiki and the discussions on this > >list, it get the impression that we seem to focus more on the issues > >related to the 'DKIM part of DMARC' then on issues related to the 'SPF > >part of DMARC'. Is my observation correct, do we tend to forget SPF here? > > I agree with Scott, there's not much to say about it. If you forward or > remail a > message, the origin IP changes, and there's nothing you can do about it. > > Perhaps we can note that in theory the original sender could add mailing list > IPs to its own SPF, but I never heard of anyone doing that. > An issue that I have been thinking on - and it is the reverse of this discussion - is that it is operationally difficult to maintain accurate SPF records for organizations with a lot of domains where the SPF records vary across the domains. I recently found this situation with one of our domains (an acquisition). This is similar to other situations where organizations are fairly good with adds and changes but not so much with deletes. This isn't anything that can be addressed through an RFC but I think it is worth noting. Mike ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] wiki vs. list?
On Fri 10/Oct/2014 06:12:09 +0200 John Levine wrote: >> A more general comment: reading the wiki and the discussions on this >> list, it get the impression that we seem to focus more on the issues >> related to the 'DKIM part of DMARC' then on issues related to the 'SPF >> part of DMARC'. Is my observation correct, do we tend to forget SPF here? > > I agree with Scott, there's not much to say about it. If you forward > or remail a message, the origin IP changes, and there's nothing you > can do about it. +1 if we are focusing on indirect flows, SPF is out of the game. > Perhaps we can note that in theory the original sender could add > mailing list IPs to its own SPF, but I never heard of anyone doing > that. I don't think that solution can be recommended, because of the guesswork implied in adding addresses in bulk. For example, the advice given in the first bullet of Appendix D.1[1] gives a "neutral" result, which is good for local SPF policies but not for DMARC. Ale [1] http://tools.ietf.org/html/rfc7208#appendix-D.1 ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc