New sp=policy quallifiers: "Exists" and "MailEnabled"

ietf-wg-dmarc / dmarc-draftissues

1 stars 0 forks source link

New sp=policy quallifiers: "Exists" and "MailEnabled" #83

Closed ietf-svn-bot closed 3 years ago

ietf-svn-bot commented 3 years ago

owner:todd.herr@valimail.com resolution_wontfix type_enhancement | by fosterd@bayviewphysicians.com

One of the issues that was discussed in DMARC for PSDs was the problem of spammers inventing non-existent sub-domains for legitimate entities. DMARC blocks those messages if the organization has a sp=reject rule, but sp=reject cannot be implemented until the entire organization is DMARC-ready.

It should be possible to reject non-existent subdomains even if part or all of the organization is on policy none. I propose adding a qualifier to the sp=policy with these meanings:

required=Exists: Reject any message from a subdomain which has no NS record.

required=MailEnabled: Reject any message from a subdomain which has neither an MX record nor an SPF policy record.

Issue migrated from trac:83 at 2022-01-24 16:52:07 +0000

ietf-svn-bot commented 3 years ago

@fosterd@bayviewphysicians.com changed type from defect to enhancement

ietf-svn-bot commented 3 years ago

@fosterd@bayviewphysicians.com commented

Withdrawn in favor of the np clause of DMARC for PSDs

ietf-svn-bot commented 3 years ago

@fosterd@bayviewphysicians.com changed _comment0 which not transferred by tractive

ietf-svn-bot commented 3 years ago

@dougfoster.emailstandards@gmail.com commented

I note that https://tools.ietf.org/html/rfc7208#section-2.2 has this observation, which seems to support this proposal Although invalid, malformed, or non-existent domains cause SPF checks to return "none" because no SPF record can be found, it has long been the policy of many MTAs to reject email from such domains, especially in the case of invalid "MAIL FROM". Rejecting email will prevent one method of circumventing of SPF records.

ietf-svn-bot commented 3 years ago

@todd.herr@valimail.com commented

[comment deleted]

ietf-svn-bot commented 3 years ago

@todd.herr@valimail.com changed _comment0 which not transferred by tractive

ietf-svn-bot commented 3 years ago

@todd.herr@valimail.com commented

See also Issue #97

ietf-svn-bot commented 3 years ago

@todd.herr@valimail.com changed status from new to accepted

ietf-svn-bot commented 3 years ago

@todd.herr@valimail.com set owner to todd.herr@valimail.com

ietf-svn-bot commented 3 years ago

@todd.herr@valimail.com changed status from accepted to assigned

ietf-svn-bot commented 3 years ago

@todd.herr@valimail.com changed status from assigned to closed

ietf-svn-bot commented 3 years ago

@todd.herr@valimail.com set resolution to wontfix

ietf-svn-bot commented 3 years ago

@todd.herr@valimail.com commented

Closing in favor of np clause for DMARC in PSDs