On Wed, 27 Nov 2024, Stephen Farrell via Datatracker wrote:
I think I see two issues with this draft:
(1) Recent papers e.g. [1,2] argue that the centralisation of
mail means that SPF is by now less useful than originally. Given
it's been 9 years since RFC7489, one would assume it'll be a
while before this document gets an update, and it seems possibly
unwise to still consider SPF as "good enough" for that time
period. Shouldn't this draft at least indicate that SPF alone
(without DKIM) is unlikely to remain sufficient for a DMARC pass?
We discussed this at length and considered adding an option to say DKIM
only and rejected it. You're right that SPF is very weak and I personally
wish it would go away, but we don't see that happening any time soon.
If things change, it wouldn't be out of the question to update DMARC later
and add a DKIM only flag.
(2) The tree-walk calls for querying TLDs for TXT RRs. Was that
discussed with DNS operators for TLDs?
Yes. The whole idea for PSDs and the psd=x flags comes from the operator
of the .BANK and .INSURANCE TLDs. They've gone through all the paperwork
at ICANN and have DMARC records. There are also a few ccTLDs with DMARC
records and we've at least tried to talk to all of them.
Keep in mind that if a TLD doesn't publish a DMARC record, the results in
nearly every case will be the same as it is now. I would be surprised if
generic TLDs like .com and .org ever publish DMARC records.
Otherwise the draft seems good, if very very wordy.
No argument there.
R's,
John
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
