Like Ale, I thought the group had agreed to implement an auth=DKIM-only option of some type.
I understood the motivation to be false pass created by malicious forwarding through a legitimate hosting platform. Therefore SPF precision is an unrelated issue. Doug On Thu, Oct 26, 2023, 5:46 PM Tero Kivinen <kivi...@iki.fi> wrote: > John Levine writes: > > It appears that Scott Kitterman <skl...@kitterman.com> said: > > >>* Is there consensus on moving ahead with the idea of a way to indicate > > >>which authentication method(s) the Domain Owner wants Receivers to > use? If > > >>so, it doesn't seem to be in the document yet. > > > > > >I haven't seen any valid case for it yet. It adds complexity to > > >little or no benefit. > > > > Normally I am in favor of keeping stuff simple, but I think in this case > the > > argument for "DKIM only" is quite strong. > > Actually removing SPF completely from DMARC would simplyfy the > protocol a lot, and would solve several issues, where people use DMARC > with only SPF, or claim to do dmarc, but do filtering based on the SPF > records before getting to the actual email, thus not checking DKIM > records at all. > > If the DMARC would only use DKIM, that would make it clear that if you > want to publish DMARC records you needs to also use DKIM, and when > checking DMARC records you need to check verify DKIM signatures. > > Whether you do SPF in addition to that before or after would be local > implementation issue, and not part of the DMARC. > > There were people who wanted to keep SPF as part of the DMARC, who did > not even do DMARC, because the used SPF only as a first step of > filtering during the MAIL FROM phase (before being able to fetch DMARC > records, or checking DKIM signatures)... > > > There's the counterargument "so don't publish SPF" but it's on so > > many checklists that even though that would be a fine idea, it's not > > practical. > > That is unfortunately true, but if we could decouple the DMARC from > SPF, then at least we could fix the situation at some point... > -- > kivi...@iki.fi > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
