Hello,
I am new to DMARC and have a question: It is necesary to setup both SPF and DKIM in order to "quarantine" or "reject". I can not tell that from the RFC[1] neither searching this list, but there are some other places [2][3] that say so. Is not finding a DKIM or SPF record considered a failure by itself when p!=none? If so, I would like to know the rationale behind. Is it to make it a little more resilient to "small" and trascient mistakes? Thank you [1] http://tools.ietf.org/html/rfc7489 "2. Receivers compare the RFC5322.From address in the mail to the SPF and DKIM results, if present, and the DMARC policy in DNS." later "Identifier Alignment: When the domain in the RFC5322.From address matches a domain validated by SPF or DKIM (or both), it has Identifier Alignment" [2] https://support.google.com/a/answer/2466563 "Important: Before creating a DMARC record for your Google Apps domain, you must first set up DKIM authentication. If you fail to set up DKIM first, email from services such as Google Calendar will fail mail authentication and will not be delivered to users." [3] http://blog.endpoint.com/2014/04/spf-dkim-and-dmarc-brief-explanation.html "DMARC can (and will) break your mail flow if you don't set up both SPF and DKIM before changing DMARC policy to anything above 'none'." -- Carlos Pantelides @dev4sec seguridad-agile.blogspot.com _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
