Re: [dmarc-ietf] Fixing false SPF PASS

2023-08-28 Thread Alessandro Vesely
SMTP authentication cannot be transmitted via ARC-A-R either, because ARC doesn't provide for an i=0 instance. So, there is no way to signal that the sender is not an open relay. However, until open relays stay out of fashion —only toad.com AFAIK— this problem can be postponed. Allowing fals

Re: [dmarc-ietf] Fixing false SPF PASS

2023-08-28 Thread Douglas Foster
I used authentication results in the general sense, to include ARC sets, Authentication-Resilts, and Received-SPF. ARC is most applicable to this situation but the others are not consistently removed prior to message crossing organization boundaries. After writing this, I wondered if the best ap

Re: [dmarc-ietf] Fixing false SPF PASS

2023-08-28 Thread Alessandro Vesely
On Sun 27/Aug/2023 20:49:26 +0200 Douglas Foster wrote: I am much discouraged by the recent discussion about false DMARC PASS based on false SPF PASS or malicious mDKIM replay. When combined with the discussion about false DMARC FAIL for mailing lists, it seems like we have a very unimpressi

[dmarc-ietf] Fixing false SPF PASS

2023-08-27 Thread Douglas Foster
I am much discouraged by the recent discussion about false DMARC PASS based on false SPF PASS or malicious mDKIM replay. When combined with the discussion about false DMARC FAIL for mailing lists, it seems like we have a very unimpressive standards proposal. We have proposed defending against f