> On Apr 6, 2024, at 1:40 PM, John Levine <jo...@taugh.com> wrote: > > It appears that Scott Kitterman <skl...@kitterman.com> said: >> I hear you. Your operational issue is my system working as designed. DMARC >> works on top of SPF, it doesn't change it. >> >> Anything like this belongs in an operational guidance document, not in the >> protocol description. I have no problem describing the trade offs in an >> appropriate document, but I don't think this is it. > > I agree. "Don't do stupid stuff" goes in an A/S, not in the spec. > > I entirely believe people are confused about SPF, but they're confused > about everything. A few days ago on the generally clueful NANOG list > we had to explain to someone that rejecting mail if DKIM signatures > don't verify is not a good idea. > > R's, > John >
I think clear statement and supporting text explaining clearly that SPF is no longer the policy layer would be a good idea. While it might be slightly out of scope, I have encountered people who think best practice is to enforce with -ALL. It’s not that it’s stupid to do that, it’s just that email auth is still kind of obscure knowledge for some reason I don’t quite understand since it’s been a while. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
