On Sun 29/Oct/2023 07:39:09 +0100 Wei Chuang wrote:
I don't think the SPF '?' qualifier approach works because as Richard
Clayton said earlier of RFC7208 "Sender Policy Framework (SPF) for
Authorizing Use of Domains in Email, Version 1" section 8.2 which says:
A "neutral" result MUST be treated exactly like the "none" result;
the distinction exists only for informational purposes.
If it happens to work, it's likely an implementation detail not
standardized across the ecosystem and may change. Moreover it will be
highly confusing to those outside of those with connection to the
knowledgeable few. That broader community depends on the literal
interpretation of the RFC.
Obviously, using ?include is only meaningful for SPF records ending in -all.
Some receivers don't reject even when they find -all. I don't think there are
receivers that reject when they see ?all or ~all. So the question is:
Is there a real difference between spf=neutral and spf=pass,
apart from its effect on DMARC?
IOW, why do domains that apply DKIM signatures undergo the effort to set up a
complicated SPF record ending in ~all, when they could just have set "v=spf1
~all" and obtain a DMARC pass via DKIM?
Like kitterman.com, tana.it also makes use of the neutral qualifier, but we are
small senders. State.gov uses -all but doesn't use the neutral qualifier. I
think they want to use the SPF ability to have spoofs rejected, which was SPF
original goal. Using the neutral qualifier would work for them too, no?
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
