On 6 Jul 2021, at 5:45, Todd Herr wrote:
Greetings.
The theoretical goal of any domain owner that publishes a DMARC record
is
to transition from an initial policy of p=none to a final one of
p=reject,
because it is only at p=reject that DMARC's intended purpose of
preventing
same-domain spo
On 15 Jul 2021, at 18:07, Douglas Foster wrote:
>> The aligned DKIM signature test can have three conclusions, not just two:
>>
>> · Fully Authenticated:A signature is present, a DNS public
>> key is available, and the key can be used to verify the signature.
>>
>> · Provided:
>
> We can and should provide an intermediate policy option, if we concentrate
> on the principle that both authentication and repudiation require
> confirming evidence. Repuudiation is not the simple opposite of
> authentication. To this date, our choices have been limited because
> DMARCv1 did
It appears that Steven M Jones said:
>-=-=-=-=-=-
>
>On 7/6/21 05:45, Todd Herr wrote:
>>
>> The theoretical goal of any domain owner that publishes a DMARC record
>> is to transition from an initial policy of p=none to a final one of
>> p=reject, because it is only at p=reject that DMARC's inten
On 7/6/21 05:45, Todd Herr wrote:
>
> The theoretical goal of any domain owner that publishes a DMARC record
> is to transition from an initial policy of p=none to a final one of
> p=reject, because it is only at p=reject that DMARC's intended purpose
> of preventing same-domain spoofing can be ful
Sorry, I got tangled up in the weeds between policy scope and alignment.
The four policy assertions should have been phrased as:
For messages with FROM within ,
· All messages with MAILFROM algined to FROM will produce SPF PASS,
at first hop.
· All messages with MAILFROM aligne
If we are willing to break upward compatibility, it might be preferable to
define policy in terms of what the sender knows, rather than what the
receiver should do. After collecting feedback, the sender should know
whether all message sources are sending with SPF PASS, DKIM PASS, or both.
This
I don't really have a horse in this race since I never plan to publish anything
other than p=none, but ...
It appears that Todd Herr said:
>Ratchet mechanisms don't help in any way that a short TTL on your DMARC
>record won't help, and in fact you need the short TTL on your record
>anyway, becau
Hi,
On Tue 06/Jul/2021 14:45:35 +0200 Todd Herr wrote:
The theoretical goal of any domain owner that publishes a DMARC record is
to transition from an initial policy of p=none to a final one of p=reject,
because it is only at p=reject that DMARC's intended purpose of preventing
same-domain spoo
Greetings
Дилян
- Message from Todd Herr
-
Date: Tue, 6 Jul 2021 08:45:35 -0400
From: Todd Herr
Subject: [dmarc-ietf] Priming the Pump for Discussion - Ratchets
To: IETF DMARC WG
Greetings.
The theoretical goal of any domain owner that publishes a DMARC record is
t
Greetings.
The theoretical goal of any domain owner that publishes a DMARC record is
to transition from an initial policy of p=none to a final one of p=reject,
because it is only at p=reject that DMARC's intended purpose of preventing
same-domain spoofing can be fully realized.
Many domain owners
11 matches
Mail list logo