On Wed 22/Jun/2016 15:22:20 +0200 jasonsu wrote:
>> RFC 7208 has its own whitelisting recommendations...
>
> What I'm looking for here are heuristically determined guidelines, based on
> real-world experience. Just a reasoned and reasonable starting point, for a
> SPF+DKIM+DMARC setup. From there it's certainly possible to tweak.
I think Appendix D3 is what you're looking for:
https://tools.ietf.org/html/rfc7208#appendix-D.3
In particular, DNSWL lookup can be done in time to prevent early SPF
reject-on-fail. That implies that publishers of "-all" policies are savvy
enough to subscribe to well known DNSWL(s).
Subsequent reuse of SPF results by DMARC only discerns "pass" vs anything else.
So it looks correct to keep early SPF rejection ("fail" vs anything else) the
way it was designed originally.
jm2c
Ale
Received on Thu Jun 23 2016 - 10:17:50 PST