SPF contains information about which IP addresses are authorized or
unauthorized to send messages for a given domain. It does not contain a
policy on what to do with this information.
"Sender Policy Framework"
See G.1-G.4, which are strangely worded for a system that doesn't
contain any policies: https://datatracker.ietf.org/doc/html/rfc7208
On 2023-08-21 15:17, Gellner, Oliver via mailop wrote:
On 19.08.2023 at 19:01 Jarland Donnell via mailop wrote:
Is "-all" not indeed a policy in SPF, directed by the domain owner? I
would argue that it is. Especially given that there are options there,
each one defining how the domain owner wishes SPF failure to be
treated. I would find it odd to say that should ignore domain owners
when they say "-all" since that's a direct and clear request by them.
SPF contains information about which IP addresses are authorized or
unauthorized to send messages for a given domain. It does not contain a
policy on what to do with this information.
If someone decides to reject messages from sources listed as
unauthorized, this is a policy set up by the *receiver*. Fair enough.
I'm just saying that if the domain owner actually *did* create a policy
(within the DMARC record, as DMARC allows you to include a policy) and
this policy says „my messages are authorized as long as they are coming
from those IP addresses and/or carry a valid cryptographic signature of
my domain" then I recommend against simply ignoring this policy and
rejecting messages exclusively based on SPF across the board. This
might lead to false positives. And one cannot claim that those false
positives happened on request of the domain owner, when the domain
owner set up a policy that instructed something different - but the
receiver ignored it to save some CPU cycles on his box.
--
BR Oliver
________________________________
dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de<mailto:dmt...@dm.de> * www.dmTECH.de
[1]<http://www.dmtech.de>
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher
________________________________
Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen
oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten.
Informationen unter anderem zu den konkreten Datenverarbeitungen,
Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer
Datenschutzbeauftragten finden Sie
hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
Links:
------
[1] http://www.dmTECH.de
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
