Repeating this one point as chair, to make it absolutely clear: The proposal we're discussing is removing SPF authentication from DMARC evaluation *only*. We will *not* consider what should happen to SPF outside of DMARC, and any discussion of that is *out of scope* for this working group under its current charter.
Barry, as chair On Fri, Jun 9, 2023 at 9:39 AM Barry Leiba <barryle...@computer.org> wrote: > > Thanks for some data, Doug. One comment on what's after the data > (still talking as a participant here): > > > We have two topics intermixed: (a) should we deprecate SPF for DMARC > > purposes, and (b) should we > > deprecate SPF completely. We should definitely not deprecate SPF > > completely. > > I am certainly not intermixing these! I agree with you that we should > *not* deprecate SPF at this time. I am *only* supporting that we > remove its use in the standards-track version of DMARC, and that's all > this working group has scope to do anyway, according to our charter. > And, yes, a recipient that uses DMARC with DKIM only... is quite free > to *also* consider SPF in its decision about handling the message... > just (if we do this) not as part of the DMARC evaluation. > > Barry _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc