Scott Kitterman writes:
> Also, doing anything based on an ARC header field from anything other
> than a trusted source is a recipe for failure. I've already seen
> cases where spoofed email got accepted due to ARC from an untrusted
> source. Don't forget the limitations of ARC.
I am not parti
Scott Kitterman writes:
> How do you define "First Hop" without enabling spoofers to trivially
> bypass DMARC checks by forging more than one hop of headers?
It wouldn't matter. Sensible mailing lists would reject non-first-hop
mails for domains with p=validate. Spoofers can still spoof directly
Dotzero writes:
> p= DID NOT mistakenly choose to use the language of receiver
> actions. p= represents the domain-owner request to the receiver as to
> the disposition of messages which fail to validate. Any reading of
> "concern" is supposition on the part of yourself or other self
> appointed
Dave Crocker writes:
> p: Domain Owner Assessment Policy (plain-text; REQUIRED for policy
> records). Indicates the severity of concern the domain owner has, for
> mail using its domain but not passing DMARC validation. Policy
> applies to the domain queried and to subdomains, unless subdomai
Dotzero writes:
> One might point to the fact that DMARC was just such an effort before
> it was publicly published. While there was much criticism of this when
> it was submitted to the IETF - "You just want us to rubber stamp this"
> - there was no such intent. It had worked well within the gro
"Douglas E. Foster" writes:
> Ultimately, this becomes a question of power. Do domain owners have
> the right, with the help of their correspondents, to prohibit spoofing
> (unauthorized use) of their digital identity?
Domain owners are free to use the court system to assert trademark
rights an
Jeremy Harris writes:
> On 15/07/2020 10:25, Benny Lyne Amorsen wrote:
>> At the other end of the spectrum, domains which never ever
>> participate in mailing lists or mail forwarding need some kind of
>> "p=reject-yes-really-I-mean-it", to stop recipients from
Alessandro Vesely writes:
> Perhaps we could formalize Sender:'s role by inventing some kind of
> p=some, which requires Sender: alignment. The From: domain has to
> remain the consumer of aggregate reports. That way it can learn which
> senders redistribute its mail.
This proposal seems spot
