On Sun, Oct 2, 2022 at 2:01 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> In many cases, an evaluator can determine a DMARC PASS result > without evaluating every available identifier. > > - If a message has SPF PASS with acceptable alignment, the evaluator > has no need to evaluate any DKIM signatures to know that the message > produces DMARC PASS. > - Some identifiers are easily excluded by simple inspection: A " > sendgrid.net" identifier cannot authenticate "example.com" > > When the evaluator has an identifier which is known but not evaluated, he > does not have a way to document this outcome in the aggregate reports. To > fix this hole, we should add an authentication result of "not evaluated" > > Doug Foster > It is absolutely a wrong thing to suggest not evaluating DKIM if there is an SPF pass. One of the purposes of aggregated reporting is to help sending domains to understand the what is breaking in their mail streams. SPF PASS/DKIM PASS is totally different than SPF PASS/DKIM FAIL. The overhead cost to perform the DKIM check is relatively low. Why wouldn't you do this. Do you believe that preventing a sender from getting this additional piece of information is a good thing? Michael Hammer
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc