Presumably, a sender who uses DMARC might publish SPF to cover
recipients who don't use DMARC, but would prefer that recipients use
DMARC (authenticated by DKIM only).
I get that, but that's still simultaneously saying "use SPF to
authenticate me" and "don't use SPF to authenticate me." If SPF is so
unreliable that you don't want people to use it for your DMARC alignment,
why would you want them to use it otherwise?
I worry this is encouraging security theater, look I have super secure
DMARC p=reject and, we won't get our deliverability numbers without a big
fuzzy SPF record.
R's,
John
Barry
On Fri, Jun 23, 2023 at 1:54 PM John R Levine <[email protected]> wrote:
My understanding is that if `auth=dkim` then SPF would be ignored from the
perspective of DMARC. So if a receiver sees DKIM is not DMARC aligned and
only SPF is DMARC aligned then it would still be treated as a DMARC fail.
That's my understanding.
It would be a way for senders to say "yes I checked that all my DKIM
signatures are working and aligned, I don't need you to look at SPF and
don't want to have the risk of SPF Upgrades.
So why do you publish an SPF record? Presumably so someone will accept
your mail who wouldn't otherwise, except you just said they shouldn't.
Still not making sense to me.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
