I know that we took out the reference to default policy at my request, and I think it was in section 7.1. But subsequent discussion helped me to understand objectives that were not clear to me in the previous text. I think we need to re-insert something specific about domain owners that want DKIM-only authentication. Proposed language:
“Some domain owners want DMARC authentication to use DKIM signatures only. This requires ensuring an SPF result other than PASS. An SPF result of FAIL or SOFTFAIL is likely to produce unwanted rejects by non-DMARC evaluators. An SPF result of NONE may be ineffective if an evaluator responds to NONE by applying a locally-defined default SPF policy that produces an unintended SPF PASS. Domain owners who desired DKIM-only authentication are RECOMMENDED to publish a policy of “?ALL”, which ensures an SPF result of NEUTRAL, neither PASS nor FAIL. Similarly, DMARC evaluators SHOULD treat SPF NONE as equivalent to NEUTRAL when the RFC5322.From domain has an applicable DMARC policy record.” Doug Foster
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
