On Thu, Apr 13, 2023 at 11:21 AM Barry Leiba <[email protected]> wrote:
> > Anyone who does forwarding is damaged by DMARC because there are a lot of > > people who do DMARC on the cheap with SPF only. > > This brings up another issue, I think: that there should also be > stronger advice that using DKIM is critical to DMARC reliability, and > using SPF only, without DKIM, is strongly NOT RECOMMENDED. > > I don't disagree. How do we make the following text stronger? 5.5.2. <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html#section-5.5.2>Configure Sending System for DKIM Signing Using an Aligned Domain <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html#name-configure-sending-system-fo> While it is possible to secure a DMARC pass verdict based on only one of SPF or DKIM, it is commonly accepted best practice to ensure that both authentication mechanisms are in place to guard against failure of just one of them. This is particularly important because SPF will always fail in situations where mail is sent to a forwarding address offered by a professional society, school or other institution, where the address simply relays the message to the recipient's current "real" address. Many recipients use such addresses and with SPF alone and not DKIM, messages sent to such users will always produce DMARC fail. <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html#section-5.5.2-2> The Domain Owner SHOULD choose a DKIM-Signing domain (i.e., the d= domain in the DKIM-Signature header) that aligns with the Author Domain. -- *Todd Herr * | Technical Director, Standards and Ecosystem *e:* [email protected] *m:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
