Scott Kitterman writes: > I hear you. Your operational issue is my system working as designed. > DMARC works on top of SPF, it doesn't change it.
Yes, DMARC works on top of SPF, and DKIM and provides policy layer. We are trying to change the fact that people rely purely on SPF, and try to get them moved to use DMARC istead, and we are trying to explain that if you do SPF inside the DMARC context, you get exactly same policy results you get as when you do SPF before, except you get it better, as you have more data available. Using -all would be completely ok if everybody would be doing DMARC, but as there are some systems which do SPF outside DMARC, and there having -all might shortcircuit DMARC out from the equation, we should provide guidance to those people how they can get best results in current environment. Thus the best current practice should be use to use ~all instead of -all if you are trying to use DMARC, and want other systems to actually act based on your DMARC policy. > Anything like this belongs in an operational guidance document, not in the > protocol description. I have no problem describing the trade offs in an > appropriate document, but I don't think this is it. > -- [email protected] _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
