> > > confused users misusing that option. I would support allowing the > following > > options for the auth tag: > > "auth=dkim|spf (default value: same as current state), auth=dkim, > auth=spf" > > The idea is that auth=dkim means you'd publish SPF records but hope people > will ignore them, or vice versa for auth=dkim? I still don't get it. >
My understanding is that if `auth=dkim` then SPF would be ignored from the perspective of DMARC. So if a receiver sees DKIM is not DMARC aligned and only SPF is DMARC aligned then it would still be treated as a DMARC fail. It would be a way for senders to say "yes I checked that all my DKIM signatures are working and aligned, I don't need you to look at SPF and don't want to have the risk of SPF Upgrades. I will still keep an updated SPF record, but if you see a message that's only SPF aligned then don't consider that a DMARC pass."
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
