Re: [dmarc-ietf] Should we encourage the use of SPF "soft include" for common platforms?

2019-02-24 Thread Hector Santos
On 2/23/2019 2:56 PM, Kurt Andersen (b) wrote: On Sat, Feb 23, 2019 at 11:00 AM Hector Santos wrote: Unless the conditions were limited to when this can be applied, I can see where this can become really complex because of higher recursion potentials. You also have compatibility concerns as

Re: [dmarc-ietf] Should we encourage the use of SPF "soft include" for common platforms?

2019-02-23 Thread Dotzero
Just provide a DKIM only mechanism/option. Michael Hammer On Sat, Feb 23, 2019 at 2:56 PM Kurt Andersen (b) wrote: > On Sat, Feb 23, 2019 at 11:00 AM Hector Santos wrote: > >> On 2/23/2019 1:07 PM, Kurt Andersen (b) wrote: >> > >> > Instead of using the standard "(+)include:" approach, if doma

Re: [dmarc-ietf] Should we encourage the use of SPF "soft include" for common platforms?

2019-02-23 Thread Kurt Andersen (b)
On Sat, Feb 23, 2019 at 11:00 AM Hector Santos wrote: > On 2/23/2019 1:07 PM, Kurt Andersen (b) wrote: > > > > Instead of using the standard "(+)include:" approach, if domain owners > used > > "?include:" as their mechanism, then that would prevent the SPF result > from > > granting a DMARC PASS

Re: [dmarc-ietf] Should we encourage the use of SPF "soft include" for common platforms?

2019-02-23 Thread Vladimir Dubrovin
It's bad idea, because "?" does not grant SPF authentication. SPF is important even if message is DKIM signed and regardless of DMARC, because it authenticates envelope address. As an example, NDR/MDN  may not be generated to envelope address which is not SPF authenticated, we actually use this ru

Re: [dmarc-ietf] Should we encourage the use of SPF "soft include" for common platforms?

2019-02-23 Thread Hector Santos
On 2/23/2019 1:07 PM, Kurt Andersen (b) wrote: With the growth of huge platforms that emit mail from the same common set of IPs (such as GSuite, O365, or large ESPs), regular SPF "include" ends up granting a DMARC pass to a lot more potential authors than most organizations would necessarily choo

Re: [dmarc-ietf] Should we encourage the use of SPF "soft include" for common platforms?

2019-02-23 Thread Tim Wicinski
Kurt This is pretty interesting. I've been assisting several teams as we have been (very) slow rolling the DMARC policy out of reporting through quarantine into reject. They been pulling all the disparate teams into deploying DKIM, but I was pointing out they have been guessing on who is using DK

[dmarc-ietf] Should we encourage the use of SPF "soft include" for common platforms?

2019-02-23 Thread Kurt Andersen (b)
With the growth of huge platforms that emit mail from the same common set of IPs (such as GSuite, O365, or large ESPs), regular SPF "include" ends up granting a DMARC pass to a lot more potential authors than most organizations would necessarily choose to grant. Instead of using the standard "(+)i