Just a caveat. The intrinsic error rate of the SPF technology is way lower than the error rate of DKIM. The computation is way more complex for DKIM and because of the DMARC reports we are discovering bugs in DKIM libraries.
Finally, don't forget to ensure all of your bounces/auto replies are DMARC compliant too. On 12/11/12 12:27 PM, "John Levine" <[email protected]> wrote: >>MAIL FROM: <[email protected]> >> >>DKIM-Signature: v=1; ...; d=example.com; ... >>From: [email protected] >>Date: Fri, Feb 15 2002 16:54:30 -0800 >>To: [email protected] >>Subject: here's a sample >> >>Clearly, the SPF identifier is not in alignment. However, am I correct >>in understanding that this would still pass the DMARC check, as long as >>the DKIM signature (which is in alignment) validates? > >Yes. > >>Assuming that's correct, would this be considered an acceptable >>practice? I've looked at the FAQ question on third-party senders, and I >>think what I'm describing corresponds to the suggestion A.2 there. > >Sure. That's the point of checking both. > >>Has anyone suggested allowing the DMARC record to specify acceptable >>third-party domains for the RFC5321.MailFrom? > >Please, no. SPF does what it does. There is no need to make both >SPF and DKIM match. > _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
