On 9/26/2018 9:42 AM, Marco Davids (Private) wrote:
On 26/09/2018 13:22, tom petch wrote:
I got an e-mail with this subject line, from the IETF Secretariat
On the surface, it looks allright
Did it contain DMARC, SPF and DKIM protection of any kind?
The ietf.org domain has a hard (-ALL) reject SPF transport policy but
a relaxed (p=none) DMARC payload policy.
Generally, a passed hard SPF policy is all that is needed as it
indicates the ietf.org distributed mail did get transported from an
ietf.org owned machine.
A failed SPF result could mean instant rejection at the SMTP online
level depending on whether the IETF mail processor delays honoring SPF
rejects immediately or until the payload is received in order to check
DMARC. However, it should not be depending on DMARC as SPF can stand
on its own without DMARC, especially for domains with an hard -ALL SPF
policy. Overall, depending on your receiver, you would never see this
a failed SPF message or its put into some spam box. I would trust the
IETF announcement message.
As a side note, now that the ietf.org list manager is performing
5322.From rewrites for member submissions who do have DMARC
p=reject/quarantines policies (like forfun.net, isdg.net, yahoo.com
and others), it is using a new 5322.From address domain dmarc.ietf.org
which does not have a DMARC record or policy. Unless it was was
intentionally done this way, the dmarc.ietf.org domain should match
the ietf.org DMARC policy or even probably use a p=reject hard policy
since it did resign and rewrite the 5322.From domain.
--
HLS
