#83 closed enhancement (wontfix)

New sp=policy quallifiers: "Exists" and "MailEnabled"

Reported by: fosterd@… Owned by: todd.herr@…
Priority: minor Milestone:
Component: dmarc-bis Version:
Severity: - Keywords:
Cc:

Description

One of the issues that was discussed in DMARC for PSDs was the problem of spammers inventing non-existent sub-domains for legitimate entities. DMARC blocks those messages if the organization has a sp=reject rule, but sp=reject cannot be implemented until the entire organization is DMARC-ready.

It should be possible to reject non-existent subdomains even if part or all of the organization is on policy none. I propose adding a qualifier to the sp=policy with these meanings:

required=Exists: Reject any message from a subdomain which has no NS record.

required=MailEnabled?: Reject any message from a subdomain which has neither an MX record nor an SPF policy record.

Change History (7)

comment:1 Changed 21 months ago by fosterd@…

  • Type changed from defect to enhancement

Withdrawn in favor of the np clause of DMARC for PSDs

Last edited 21 months ago by fosterd@… (previous) (diff)

comment:2 Changed 18 months ago by dougfoster.emailstandards@…

I note that
https://tools.ietf.org/html/rfc7208#section-2.2
has this observation, which seems to support this proposal

Although invalid, malformed, or non-existent domains cause SPF checks
to return "none" because no SPF record can be found, it has long been
the policy of many MTAs to reject email from such domains, especially
in the case of invalid "MAIL FROM". Rejecting email will prevent one
method of circumventing of SPF records.

comment:3 Changed 17 months ago by todd.herr@…

[comment deleted]

Last edited 17 months ago by todd.herr@… (previous) (diff)

comment:4 Changed 17 months ago by todd.herr@…

See also Issue #97

comment:5 Changed 16 months ago by todd.herr@…

  • Owner set to todd.herr@…
  • Status changed from new to accepted

comment:6 Changed 16 months ago by todd.herr@…

  • Status changed from accepted to assigned

comment:7 Changed 16 months ago by todd.herr@…

  • Resolution set to wontfix
  • Status changed from assigned to closed

Closing in favor of np clause for DMARC in PSDs

Note: See TracTickets for help on using tickets.