On Saturday, January 30, 2021 5:44:47 PM EST Michael Thomas wrote: > On 1/30/21 2:09 PM, John R Levine wrote: > > On Sat, 30 Jan 2021, Jim Fenton wrote: > >>> Part of the problem here is that DMARC generally sits on top of an > >>> SPF library which doesn't tell you how it got its result. My DMARC > >>> code just calls the SPF library and uses the result. I suppose I > >>> could put in a hack to say don't use the SPF result if the MAIL FROM > >>> is null, but I don't think that's what 7489 says. > >> > >> Are changes to 7489 off the table here? I didn’t know. > > > > They are certainly possible, but I would want a good reason. At this > > point, SPF using HELO seems harmless so I don't see a reason to > > disallow it. > > From a security standpoint, I wonder why you would want to allow > something you know can be gamed. But that is probably more a question > for SPF itself.
From a DMARC perspective, I don't think it can be in any useful way. Agree that digging into it further is more about SPF itself, presumably OT here. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
