-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In message <CAOZAAfP9tXi80Fi=ZkgPpGwHo1fDbdSOZwVcnuPDbbc2xQd-
[email protected]>, Seth Blank <[email protected]>
writes
> Some Mail Receiver architectures implement SPF in advance of any
> DMARC operations. This means that an SPF hard fail ("-") prefix on
> a sender's SPF mechanism, such as "-all", could cause that
> rejection to go into effect early in handling, causing message
> rejection before any DMARC processing takes place, and DKIM has a
> chance to validate the message instead of SPF. Operators choosing
> to use "-all" to terminate SPF records should be aware of this.
I understood what this said thus far ... but I wonder what it is doing
in a document about DMARC. Some architectures may reject email from
IPs listed in the PBL ... again nothing to do with DMARC. This isn't a
document on how to improve deliverability is it ?
> Since DMARC only relies on an SPF pass, all failures are treated
> equally.
This makes less sense ... I think you mean something like, when
considering whether or not SPF has passed, the type of failure is
irrelevant to DMARC (since clearly DMARC does not even require SPF be
specified at all...)
>Therefore, it is considered best practice when using SPF
> in a DMARC context for domains that send email to end records with
> a soft fail ("~" / "~all").
I don't see why it is Best Practice ... it rather depends what you wish
to achieve doesn't it ?
> Could this work with simply the removal of the last sentence
> covering best practice?
the more that was removed the better
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBZgnjd92nQQHFxEViEQIkVgCeIQIwiTYO3rZbipFmFTNUn8BpmFEAn2lc
a+iTWfEDnYmwReECYdekhMkO
=IR3+
-----END PGP SIGNATURE-----
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
