With the growth of huge platforms that emit mail from the same common set of IPs (such as GSuite, O365, or large ESPs), regular SPF "include" ends up granting a DMARC pass to a lot more potential authors than most organizations would necessarily choose to grant.
Instead of using the standard "(+)include:" approach, if domain owners used "?include:" as their mechanism, then that would prevent the SPF result from granting a DMARC PASS result when traffic is coming from one of these massively included platforms. It would essentially force the DMARC result to be driven only by the DKIM evaluation. Thoughts? --Kurt Andersen (I'm copying the spfbis list too because there may be folks lurking there who are not on the DMARC list)
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
