On Sun, 7 Apr 2024, Neil Anuskiewicz wrote:
I think clear statement and supporting text explaining clearly that SPF is no longer the policy layer would be a good idea. While it might be slightly out of scope, I have encountered people who think best practice is to enforce with -ALL.
We had a long discussion about that which you can read in the list archive at https://mailarchive.ietf.org/arch/browse/dmarc/
Nobody is crazy about SPF but removing it completely is too much of a change. As Ale pointed out, if you don't want people to use SPF for your DMARC validation, make all your SPF entries ? or ~ rather than +.
This WG should have finished a year ago. Unless you think something is so broken that it's worth more months of delay, forget it.
Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc