Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[Hector Santos]

On 4/14/2023 7:43 AM, Alessandro Vesely wrote:

On Thu 13/Apr/2023 18:01:40 +0200 John R Levine wrote:

In ADSP I made the equivalent policy "discardable" to reinforce 
this point.  My co-authors weren't happy about it, but they 
couldn't disagree.


ADSP was different from DMARC.



ADSP dkim=discardable basically said "Expect mail to be always signed 
by the author and only the author if not, discard" which is basically 
DMARC p=reject.   Discard is used because was possible to process 
after acceptance. So to avoid the "required" bounce, this authorize 
mail men discard it. Don't bounce it, don't let the user see it.   If 
DMARC was processed at data before acceptance, then its a 55z Reject 
concept.  So the same as DMARC p=reject.


ADSP dkim=all said "expect my mail to be signed by someone"

We could not finish this 3rd party idea of authorizing the always signed.

DMARC needs this Always Signed by someone idea too with ATPS to finish 
the authorization missing piece.


--
Hector Santos,
https://santronics.com
https://winserver.com

___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[Alessandro Vesely]

On Thu 13/Apr/2023 17:21:30 +0200 Barry Leiba wrote:

Anyone who does forwarding is damaged by DMARC because there are a lot of
people who do DMARC on the cheap with SPF only.


This brings up another issue, I think: that there should also be
stronger advice that using DKIM is critical to DMARC reliability, and
using SPF only, without DKIM, is strongly NOT RECOMMENDED.



+1.  However, properly used SPF implies extensive whitelisting.  It is 
relegated to Appendix D in RFC 7208, but it's the only one thing that makes SPF 
effective.


Best
Ale
--




___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[Alessandro Vesely]

On Thu 13/Apr/2023 18:01:40 +0200 John R Levine wrote:


I'm trying to figure out where best to say this, but when you say p=reject, you 
are saying your mail is *not* important, and if there is any doubt about it, 
you want recipients to throw it away, even though some of your real mail will 
get lost.



Hm... What p= should I set i I consider my mail important and wand people to 
throw away fakes?


To wit, if there was a Mailman option to say "reject my posts on verification 
failure", I'd click it.  In this respect, reject is much safer than quarantine, 
because, if the message was authentic, I'd get a bounce, correct a signing 
error and re-send.  Pretty safe.



In ADSP I made the equivalent policy "discardable" to reinforce this point.  My 
co-authors weren't happy about it, but they couldn't disagree.



ADSP was different from DMARC.


Best
Ale
--





___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[Hector Santos]

> On Apr 13, 2023, at 3:13 PM, Hector Santos 
>  wrote:
> 
> On 4/13/2023 11:21 AM, Barry Leiba wrote:
>>> Anyone who does forwarding is damaged by DMARC because there are a lot of
>>> people who do DMARC on the cheap with SPF only.
>> This brings up another issue, I think: that there should also be
>> stronger advice that using DKIM is critical to DMARC reliability, and
>> using SPF only, without DKIM, is strongly NOT RECOMMENDED.
>> 
> Keep in mind, there are implementers of SPF that act at SMTP before DATA and 
> reject hard failures with 55z errors.  In other words, no payload is 
> transferred.
> 


Let me expand on this:

First, SPF predated DMARC. 

DMARC as a payload protocol, like any other payload protocol have high overhead 
associated with it;  DKIM, ADSP, ATPS, DMARC processing.  

Nothing to worry about at low scale and nothing to worry about at high scale if 
optimized correctly, and that is by allowing SPF to pre-empt payload processing 
when there is a hard SPF failure.  That’s good. Not Bad. In 18 years of SPF,  I 
maybe had 1 false positive.

But even then with introduction of DMARC, I recognized the domain policy may be 
p=none or p=quarantine.

Therefore I propose RFC 4405 SUBMITTER protocol to pass the PRA at MAIL FROM

C: MAIL FROM: SUBMITTER=pra

Where the PRA is the 5322.From address.

The allow SMTP to check the DMARC policy at SMTP. helping it how to handle SPF 
rejections.

Please let’s make this Protocol Complete.   If DMARC requires SPF to be delayed 
until the DATA state, then you are talking about an anti-scaling feature. Use 
SUBMITTER to pass the PRA.

—
HLS

___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[Hector Santos]

I didn’t we need to mention the type of people, organization, etc.

“This is particularly important because SPF will always fail in situations 
where mail is forwarded.”  

The issue applies to all.

> On Apr 13, 2023, at 12:04 PM, Todd Herr 
>  wrote:
> 
> On Thu, Apr 13, 2023 at 11:21 AM Barry Leiba  > wrote:
>> > Anyone who does forwarding is damaged by DMARC because there are a lot of
>> > people who do DMARC on the cheap with SPF only.
>> 
>> This brings up another issue, I think: that there should also be
>> stronger advice that using DKIM is critical to DMARC reliability, and
>> using SPF only, without DKIM, is strongly NOT RECOMMENDED.
>> 
> I don't disagree.
> 
> How do we make the following text stronger?
> 5.5.2.  
> Configure
>  Sending System for DKIM Signing Using an Aligned Domain 
> 
> While it is possible to secure a DMARC pass verdict based on only one of SPF 
> or DKIM, it is commonly accepted best practice to ensure that both 
> authentication mechanisms are in place to guard against failure of just one 
> of them.
> 
> This is particularly important because SPF will always fail in situations 
> where mail is sent to a forwarding address offered by a professional society, 
> school or other institution, where the address simply relays the message to 
> the recipient's current "real" address. Many recipients use such addresses 
> and with SPF alone and not DKIM, messages sent to such users will always 
> produce DMARC fail. 
> 
> The Domain Owner SHOULD choose a DKIM-Signing domain (i.e., the d= domain in 
> the DKIM-Signature header) that aligns with the Author Domain.
> 
> 
> 
> -- 
> Todd Herr  | Technical Director, Standards and Ecosystem
> e: todd.h...@valimail.com  
> m: 703.220.4153
> 
> This email and all data transmitted with it contains confidential and/or 
> proprietary information intended solely for the use of individual(s) 
> authorized to receive it. If you are not an intended and authorized recipient 
> you are hereby notified of any use, disclosure, copying or distribution of 
> the information included in this transmission is prohibited and may be 
> unlawful. Please immediately notify the sender by replying to this email and 
> then delete it from your system.
> ___
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc

___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[Hector Santos]

On 4/13/2023 11:21 AM, Barry Leiba wrote:

Anyone who does forwarding is damaged by DMARC because there are a lot of
people who do DMARC on the cheap with SPF only.

This brings up another issue, I think: that there should also be
stronger advice that using DKIM is critical to DMARC reliability, and
using SPF only, without DKIM, is strongly NOT RECOMMENDED.

Keep in mind, there are implementers of SPF that act at SMTP before 
DATA and reject hard failures with 55z errors.  In other words, no 
payload is transferred.




--
Hector Santos,
https://santronics.com
https://winserver.com



___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[John R Levine]

I’ve talked about this before.  I ran into a utility company that I conversed 
with that explicitly didn’t want to use DKIM because they felt their messages 
should not be forwarded to another provider.  I didn’t quite understand the 
logic, but it was their decision.


I believe it, but needless to say, the fact that some people do dumb 
things don't make them any less dumb.


R's,
John



I definitely favor some language that endorses using both and perhaps even 
outlines the pitfalls of using only one (can’t forward, both gives you a better 
chance of success, etc)


___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[Brotman, Alex]

I’ve talked about this before.  I ran into a utility company that I conversed 
with that explicitly didn’t want to use DKIM because they felt their messages 
should not be forwarded to another provider.  I didn’t quite understand the 
logic, but it was their decision.

I definitely favor some language that endorses using both and perhaps even 
outlines the pitfalls of using only one (can’t forward, both gives you a better 
chance of success, etc)

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

From: dmarc  On Behalf Of Barry Leiba
Sent: Thursday, April 13, 2023 12:44 PM
To: Dotzero 
Cc: Todd Herr ; John Levine ; 
dmarc@ietf.org; superu...@gmail.com
Subject: Re: [dmarc-ietf] Signaling forwarders, not just MLMs

We can say that as well, but I want to specifically say "don't use SPF without 
DKIM and expect it to work right;"

b


On Thu, Apr 13, 2023 at 12:41 PM Dotzero 
mailto:dotz...@gmail.com>> wrote:


On Thu, Apr 13, 2023 at 12:19 PM Barry Leiba 
mailto:barryle...@computer.org>> wrote:
Maybe just add a sentence to the end of the second paragraph:

   The use of SPF alone, without DKIM, is strongly NOT RECOMMENDED.

Barry

I think the opposite. Something along the lines of "Sending domains SHOULD 
implement both SPF and DKIM to minimize breakage and non-delivery of mail.

Michael Hammer



On Thu, Apr 13, 2023 at 12:04 PM Todd Herr 
mailto:todd.h...@valimail.com>> wrote:
On Thu, Apr 13, 2023 at 11:21 AM Barry Leiba 
mailto:barryle...@computer.org>> wrote:
> Anyone who does forwarding is damaged by DMARC because there are a lot of
> people who do DMARC on the cheap with SPF only.

This brings up another issue, I think: that there should also be
stronger advice that using DKIM is critical to DMARC reliability, and
using SPF only, without DKIM, is strongly NOT RECOMMENDED.
I don't disagree.

How do we make the following text stronger?
5.5.2. 
<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html*section-5.5.2__;Iw!!CQl3mcHX2A!H87wu6y3e2soX0zP84RFzpVkIns3srnOJHF_OvVIcO6eY0hUFqSYNPCI4pxutzABuCuQJXNB9Xigw7eeIIoCVigM0w$>
 Configure Sending System for DKIM Signing Using an Aligned 
Domain<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html*name-configure-sending-system-fo__;Iw!!CQl3mcHX2A!H87wu6y3e2soX0zP84RFzpVkIns3srnOJHF_OvVIcO6eY0hUFqSYNPCI4pxutzABuCuQJXNB9Xigw7eeIIpXBM2lNg$>

While it is possible to secure a DMARC pass verdict based on only one of SPF or 
DKIM, it is commonly accepted best practice to ensure that both authentication 
mechanisms are in place to guard against failure of just one of them.

This is particularly important because SPF will always fail in situations where 
mail is sent to a forwarding address offered by a professional society, school 
or other institution, where the address simply relays the message to the 
recipient's current "real" address. Many recipients use such addresses and with 
SPF alone and not DKIM, messages sent to such users will always produce DMARC 
fail.

The Domain Owner SHOULD choose a DKIM-Signing domain (i.e., the d= domain in 
the DKIM-Signature header) that aligns with the Author Domain.


--
Todd Herr | Technical Director, Standards and Ecosystem
e: todd.h...@valimail.com<mailto:todd.h...@valimail.com>
m: 703.220.4153

This email and all data transmitted with it contains confidential and/or 
proprietary information intended solely for the use of individual(s) authorized 
to receive it. If you are not an intended and authorized recipient you are 
hereby notified of any use, disclosure, copying or distribution of the 
information included in this transmission is prohibited and may be unlawful. 
Please immediately notify the sender by replying to this email and then delete 
it from your system.
___
dmarc mailing list
dmarc@ietf.org<mailto:dmarc@ietf.org>
https://www.ietf.org/mailman/listinfo/dmarc<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/dmarc__;!!CQl3mcHX2A!H87wu6y3e2soX0zP84RFzpVkIns3srnOJHF_OvVIcO6eY0hUFqSYNPCI4pxutzABuCuQJXNB9Xigw7eeIIrbx80Ukg$>
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[Barry Leiba]

We can say that as well, but I want to specifically say "don't use SPF
without DKIM and expect it to work right;"

b


On Thu, Apr 13, 2023 at 12:41 PM Dotzero  wrote:

>
>
> On Thu, Apr 13, 2023 at 12:19 PM Barry Leiba 
> wrote:
>
>> Maybe just add a sentence to the end of the second paragraph:
>>
>>The use of SPF alone, without DKIM, is strongly NOT RECOMMENDED.
>>
>> Barry
>>
>
> I think the opposite. Something along the lines of "Sending domains SHOULD
> implement both SPF and DKIM to minimize breakage and non-delivery of mail.
>
> Michael Hammer
>
>
>>
>>
>> On Thu, Apr 13, 2023 at 12:04 PM Todd Herr 
>> wrote:
>>
>>> On Thu, Apr 13, 2023 at 11:21 AM Barry Leiba 
>>> wrote:
>>>
 > Anyone who does forwarding is damaged by DMARC because there are a
 lot of
 > people who do DMARC on the cheap with SPF only.

 This brings up another issue, I think: that there should also be
 stronger advice that using DKIM is critical to DMARC reliability, and
 using SPF only, without DKIM, is strongly NOT RECOMMENDED.

 I don't disagree.
>>>
>>> How do we make the following text stronger?
>>> 5.5.2.
>>> Configure
>>> Sending System for DKIM Signing Using an Aligned Domain
>>> 
>>>
>>> While it is possible to secure a DMARC pass verdict based on only one of
>>> SPF or DKIM, it is commonly accepted best practice to ensure that both
>>> authentication mechanisms are in place to guard against failure of just one
>>> of them.
>>>
>>> This is particularly important because SPF will always fail in
>>> situations where mail is sent to a forwarding address offered by a
>>> professional society, school or other institution, where the address simply
>>> relays the message to the recipient's current "real" address. Many
>>> recipients use such addresses and with SPF alone and not DKIM, messages
>>> sent to such users will always produce DMARC fail.
>>> 
>>>
>>> The Domain Owner SHOULD choose a DKIM-Signing domain (i.e., the d=
>>> domain in the DKIM-Signature header) that aligns with the Author Domain.
>>>
>>>
>>> --
>>>
>>> *Todd Herr * | Technical Director, Standards and Ecosystem
>>> *e:* todd.h...@valimail.com
>>> *m:* 703.220.4153
>>>
>>> This email and all data transmitted with it contains confidential and/or
>>> proprietary information intended solely for the use of individual(s)
>>> authorized to receive it. If you are not an intended and authorized
>>> recipient you are hereby notified of any use, disclosure, copying or
>>> distribution of the information included in this transmission is prohibited
>>> and may be unlawful. Please immediately notify the sender by replying to
>>> this email and then delete it from your system.
>>>
>> ___
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>>
>
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[Dotzero]

On Thu, Apr 13, 2023 at 12:19 PM Barry Leiba 
wrote:

> Maybe just add a sentence to the end of the second paragraph:
>
>The use of SPF alone, without DKIM, is strongly NOT RECOMMENDED.
>
> Barry
>

I think the opposite. Something along the lines of "Sending domains SHOULD
implement both SPF and DKIM to minimize breakage and non-delivery of mail.

Michael Hammer


>
>
> On Thu, Apr 13, 2023 at 12:04 PM Todd Herr  wrote:
>
>> On Thu, Apr 13, 2023 at 11:21 AM Barry Leiba 
>> wrote:
>>
>>> > Anyone who does forwarding is damaged by DMARC because there are a lot
>>> of
>>> > people who do DMARC on the cheap with SPF only.
>>>
>>> This brings up another issue, I think: that there should also be
>>> stronger advice that using DKIM is critical to DMARC reliability, and
>>> using SPF only, without DKIM, is strongly NOT RECOMMENDED.
>>>
>>> I don't disagree.
>>
>> How do we make the following text stronger?
>> 5.5.2.
>> Configure
>> Sending System for DKIM Signing Using an Aligned Domain
>> 
>>
>> While it is possible to secure a DMARC pass verdict based on only one of
>> SPF or DKIM, it is commonly accepted best practice to ensure that both
>> authentication mechanisms are in place to guard against failure of just one
>> of them.
>>
>> This is particularly important because SPF will always fail in situations
>> where mail is sent to a forwarding address offered by a professional
>> society, school or other institution, where the address simply relays the
>> message to the recipient's current "real" address. Many recipients use such
>> addresses and with SPF alone and not DKIM, messages sent to such users will
>> always produce DMARC fail.
>> 
>>
>> The Domain Owner SHOULD choose a DKIM-Signing domain (i.e., the d=
>> domain in the DKIM-Signature header) that aligns with the Author Domain.
>>
>>
>> --
>>
>> *Todd Herr * | Technical Director, Standards and Ecosystem
>> *e:* todd.h...@valimail.com
>> *m:* 703.220.4153
>>
>> This email and all data transmitted with it contains confidential and/or
>> proprietary information intended solely for the use of individual(s)
>> authorized to receive it. If you are not an intended and authorized
>> recipient you are hereby notified of any use, disclosure, copying or
>> distribution of the information included in this transmission is prohibited
>> and may be unlawful. Please immediately notify the sender by replying to
>> this email and then delete it from your system.
>>
> ___
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[Barry Leiba]

Maybe just add a sentence to the end of the second paragraph:

   The use of SPF alone, without DKIM, is strongly NOT RECOMMENDED.

Barry


On Thu, Apr 13, 2023 at 12:04 PM Todd Herr  wrote:

> On Thu, Apr 13, 2023 at 11:21 AM Barry Leiba 
> wrote:
>
>> > Anyone who does forwarding is damaged by DMARC because there are a lot
>> of
>> > people who do DMARC on the cheap with SPF only.
>>
>> This brings up another issue, I think: that there should also be
>> stronger advice that using DKIM is critical to DMARC reliability, and
>> using SPF only, without DKIM, is strongly NOT RECOMMENDED.
>>
>> I don't disagree.
>
> How do we make the following text stronger?
> 5.5.2.
> Configure
> Sending System for DKIM Signing Using an Aligned Domain
> 
>
> While it is possible to secure a DMARC pass verdict based on only one of
> SPF or DKIM, it is commonly accepted best practice to ensure that both
> authentication mechanisms are in place to guard against failure of just one
> of them.
>
> This is particularly important because SPF will always fail in situations
> where mail is sent to a forwarding address offered by a professional
> society, school or other institution, where the address simply relays the
> message to the recipient's current "real" address. Many recipients use such
> addresses and with SPF alone and not DKIM, messages sent to such users will
> always produce DMARC fail.
> 
>
> The Domain Owner SHOULD choose a DKIM-Signing domain (i.e., the d= domain
> in the DKIM-Signature header) that aligns with the Author Domain.
>
>
> --
>
> *Todd Herr * | Technical Director, Standards and Ecosystem
> *e:* todd.h...@valimail.com
> *m:* 703.220.4153
>
> This email and all data transmitted with it contains confidential and/or
> proprietary information intended solely for the use of individual(s)
> authorized to receive it. If you are not an intended and authorized
> recipient you are hereby notified of any use, disclosure, copying or
> distribution of the information included in this transmission is prohibited
> and may be unlawful. Please immediately notify the sender by replying to
> this email and then delete it from your system.
>
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[Todd Herr]

On Thu, Apr 13, 2023 at 11:21 AM Barry Leiba 
wrote:

> > Anyone who does forwarding is damaged by DMARC because there are a lot of
> > people who do DMARC on the cheap with SPF only.
>
> This brings up another issue, I think: that there should also be
> stronger advice that using DKIM is critical to DMARC reliability, and
> using SPF only, without DKIM, is strongly NOT RECOMMENDED.
>
> I don't disagree.

How do we make the following text stronger?
5.5.2.
Configure
Sending System for DKIM Signing Using an Aligned Domain


While it is possible to secure a DMARC pass verdict based on only one of
SPF or DKIM, it is commonly accepted best practice to ensure that both
authentication mechanisms are in place to guard against failure of just one
of them.

This is particularly important because SPF will always fail in situations
where mail is sent to a forwarding address offered by a professional
society, school or other institution, where the address simply relays the
message to the recipient's current "real" address. Many recipients use such
addresses and with SPF alone and not DKIM, messages sent to such users will
always produce DMARC fail.


The Domain Owner SHOULD choose a DKIM-Signing domain (i.e., the d= domain
in the DKIM-Signature header) that aligns with the Author Domain.


-- 

*Todd Herr * | Technical Director, Standards and Ecosystem
*e:* todd.h...@valimail.com
*m:* 703.220.4153

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[John R Levine]

Anyone who does forwarding is damaged by DMARC because there are a lot of
people who do DMARC on the cheap with SPF only.


This brings up another issue, I think: that there should also be
stronger advice that using DKIM is critical to DMARC reliability, and
using SPF only, without DKIM, is strongly NOT RECOMMENDED.


Well, it depends whether you care whather people get your mail.

I'm trying to figure out where best to say this, but when you say 
p=reject, you are saying your mail is *not* important, and if there is any 
doubt about it, you want recipients to throw it away, even though some of 
your real mail will get lost.


In ADSP I made the equivalent policy "discardable" to reinforce this 
point.  My co-authors weren't happy about it, but they couldn't disagree.


R's,
John

___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[Mark Alley]

+1

On 4/13/2023 10:21 AM, Barry Leiba wrote:

Anyone who does forwarding is damaged by DMARC because there are a lot of
people who do DMARC on the cheap with SPF only.

This brings up another issue, I think: that there should also be
stronger advice that using DKIM is critical to DMARC reliability, and
using SPF only, without DKIM, is strongly NOT RECOMMENDED.

Barry

___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[Barry Leiba]

> Anyone who does forwarding is damaged by DMARC because there are a lot of
> people who do DMARC on the cheap with SPF only.

This brings up another issue, I think: that there should also be
stronger advice that using DKIM is critical to DMARC reliability, and
using SPF only, without DKIM, is strongly NOT RECOMMENDED.

Barry

___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Signaling forwarders, not just MLMs

[John Levine]

It appears that Murray S. Kucherawy   said:
>And a good example, given it's the most obvious one.  But is it enough to
>say that and nothing else?  What about MLMs actually doing something like
>this?

MLMs get all the attention but please remember my lost census mail example.

Anyone who does forwarding is damaged by DMARC because there are a lot of
people who do DMARC on the cheap with SPF only.  There is a lot of fowarding,
both the pobox style stuff and people who collect mail from other places at
big webmail providers.

R's,
John

___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc