> On 06 May 2016, at 00:18, Binu Ramakrishnan <[email protected]> wrote: > > DMARC is a mechanism to fight against mail related abuse (eg. spam emails). > And for that matter it is sufficient to keep DMARC/DKIM/SPF records in DNS. > In the case of STS, the threats we are considering is quite different from > DMARC. It is because of the same reason we are not sticking policy in DNS > (with no DNSSEC). So to answer the question, it is ok to send DMARC over > email assuming the recipients can be reached over email. But in the case of > STS, a failure means the sender is unable to verify the recipient - hence > that channel is not trusted. In such cases HTTPS is preferred over mailto:.
Thanks, that's what I assumed. Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
